1.
From model to mechanism : enforcing delegated authority in ssi with language-based securityMuhamed Turkanović,
Vid Keršič,
Alen Horvat,
Dominik Beron,
Špela Čučko, 2025, izvirni znanstveni članek
Opis: Delegation of authority remains a critical yet insufficiently addressed capability in SelfSovereign Identity (SSI) systems. Building on an existing delegation model that introduced the concept of a Verifiable Mandate (VM) for expressing authority and access rights, this paper extends the approach with a rigorous formalization of delegation semantics, enabling unambiguous reasoning over roles, grants, and constraints. The formal model is aligned with standards from the World Wide Web Consortium (W3C), and its constructs are embedded into an extended credential schema that preserves compatibility with the Verifiable Credentials (VC) data model while introducing delegation-specific attributes. A generalized VM schema is defined, supporting both generic and business-specific instantiations, and ensuring structural and semantic interoperability. Policy compliance is operationalized through a policy-based enforcement architecture, where rules are authored in the Rego language and evaluated at runtime by the Open Policy Agent (OPA). The architecture incorporates trusted registries for schema and policy distribution, allowing verifiers to define and enforce context-specific delegation rules in a modular and interoperable manner. Validation through realistic scenarios, such as postal service and academic use cases, demonstrates how formal semantics, schema validation, and language-based policy enforcement can be combined to enable secure, verifiable, and context-aware delegation in SSI ecosystems.
Ključne besede: self-sovereign identity, delegation, verifiable mandate, formalization, policy-based enforcement, verifiable credentials, blockchain, language-based security
Objavljeno v DKUM: 02.10.2025; Ogledov: 0; Prenosov: 4
Celotno besedilo (1,46 MB)
