| Naslov: | From model to mechanism : enforcing delegated authority in ssi with language-based security |
|---|
| Avtorji: | ID Turkanović, Muhamed (Avtor)
ID Keršič, Vid (Avtor)
ID Horvat, Alen (Avtor)
ID Beron, Dominik (Avtor)
ID Čučko, Špela (Avtor) |
|---|
| Datoteke: |  mathematics-13-02971_(1).pdf (1,46 MB)
MD5: CF253F3AAFA7F71E3E8729C81568D08F
|
|---|
| Jezik: | Angleški jezik |
|---|
| Vrsta gradiva: | Članek v reviji |
|---|
| Tipologija: | 1.01 - Izvirni znanstveni članek |
|---|
| Organizacija: | FERI - Fakulteta za elektrotehniko, računalništvo in informatiko
|
|---|
| Opis: | Delegation of authority remains a critical yet insufficiently addressed capability in SelfSovereign Identity (SSI) systems. Building on an existing delegation model that introduced the concept of a Verifiable Mandate (VM) for expressing authority and access rights, this paper extends the approach with a rigorous formalization of delegation semantics, enabling unambiguous reasoning over roles, grants, and constraints. The formal model is aligned with standards from the World Wide Web Consortium (W3C), and its constructs are embedded into an extended credential schema that preserves compatibility with the Verifiable Credentials (VC) data model while introducing delegation-specific attributes. A generalized VM schema is defined, supporting both generic and business-specific instantiations, and ensuring structural and semantic interoperability. Policy compliance is operationalized through a policy-based enforcement architecture, where rules are authored in the Rego language and evaluated at runtime by the Open Policy Agent (OPA). The architecture incorporates trusted registries for schema and policy distribution, allowing verifiers to define and enforce context-specific delegation rules in a modular and interoperable manner. Validation through realistic scenarios, such as postal service and academic use cases, demonstrates how formal semantics, schema validation, and language-based policy enforcement can be combined to enable secure, verifiable, and context-aware delegation in SSI ecosystems. |
|---|
| Ključne besede: | self-sovereign identity, delegation, verifiable mandate, formalization, policy-based enforcement, verifiable credentials, blockchain, language-based security |
|---|
| Verzija publikacije: | Objavljena publikacija |
|---|
| Poslano v recenzijo: | 08.08.2025 |
|---|
| Datum sprejetja članka: | 09.08.2025 |
|---|
| Datum objave: | 14.09.2025 |
|---|
| Založnik: | MDPI |
|---|
| Leto izida: | 2025 |
|---|
| Št. strani: | 33 str. |
|---|
| Številčenje: | Vol. 13, iss. 18, [article no.] 2971 |
|---|
| PID: | 20.500.12556/DKUM-95629  |
|---|
| UDK: | 004.8 |
|---|
| COBISS.SI-ID: | 249372675 |
|---|
| DOI: | 10.3390/math13182971 |
|---|
| ISSN pri članku: | 2227-7390 |
|---|
| Avtorske pravice: | © 2025 by the authors
|
|---|
| Datum objave v DKUM: | 02.10.2025 |
|---|
| Število ogledov: | 0 |
|---|
| Število prenosov: | 4 |
|---|
| Metapodatki: |    |
|---|
| Področja: | Ostalo
|
|---|
|
:
|
Kopiraj citat |
|---|
| | | | Skupna ocena: | (0 glasov) |
|---|
| Vaša ocena: | Ocenjevanje je dovoljeno samo prijavljenim uporabnikom. |
|---|
| Objavi na: |  |
|---|
Postavite miškin kazalec na naslov za izpis povzetka. Klik na naslov izpiše
podrobnosti ali sproži prenos. |
