Business Use Case
Access Management with Self-Sovereign Identity
- Passing on access rights is effectively prevented
- Accelerated assignment of authorizations
- User-friendly handling
- Data with personal reference remains with the owner
Access rights via SSI
Companies assign physical access and digital access rights through internal access management. However, con- ventional systems for accreditation are problematic. Typically, access to a building is gained using non-verified identities, creating a security risk. Digital access rights also pose a risk, as it remains unclear whether the user is really the person authorized to access the building. In addition to security concerns, administration as well as control are costly, time-consuming and not very user-friendly. Conventional access management is therefore no longer up to date and is increasingly being put to the test.
myEGO is aware of this problem and is therefore integrating self-sovereign identity into its access management. For myEGO, the focus is on 1. security with the help of myEGO‘s SSI platform, 2. the optimization of internal com- pany processes, and 3. the harmonization of user-friendliness and security.
What approaches do we present?
Security through blockchain technology and private wallet
Optimization of internal company processes
Security and user-friendliness in harmony
1. security through blockchain technology and private wallet
In conventional access management, identities have to be legitimized and access authorizations issued in a time-consuming process. This procedure is gone through by new employees as well as external guests in order for them to receive access rights. Organizers of trade shows and events also follow this conventional and time- consuming approach to access management. However, the risk of access rights being passed on or lost exists at all times.
This is where Self-Sovereign Identity comes in, making access management more efficient and secure by linking access rights with self-managed identities. Verification of a great deal of personal information no longer takes place within the company or by the event organizers themselves. New employees, guests or visitors to events and trade fairs provide already legitimized certificates that are stored tamper-proof in a central blockchain. Le- gitimation was carried out in advance by independent third parties such as banks or authorities.
Linking rights and digital identity
In the next step, the Self-Sovereign Identity enables the storage of credentials in the private wallet of the person authorized to access the data. These access rights are linked to the digital identity, which is managed by the user himself – disclosure to third parties is excluded. Companies can thus be sure that the owner and the authori- zed person are identical. The combination of self-sovereign identity and access management is possible wherever personal identifiers are used and can therefore also be used for digital access rights.
More information about the use case?
Access management with Self-Sovereign Identity offers companies numerous advantages, which myEGO has compiled for you in a white paper. The user-centric solution options provided by myEGO‘s SSI platform can be easily integrated into existing corporate structures and processes.
2. Creation of new interfaces
Further arguments for implementing SSI in access management are the reduction of redundancy and the elimina- tion of bureaucratic structures. Verification processes are lengthy and require significant human resources. An SSI platform speeds up the assignment of authorizations, enables automatic processing and simplifies the revocation of access rights. The event industry in particular benefits from SSI-supported account management. Similar to the accreditation process for air travel, users can check in online themselves and submit the necessary data. Non- transferable tickets are thus assigned to a unique identity and disclosure is effectively prevented.
The pandemic caused by the coronavirus has revealed further benefits of self-sovereign identity in conjunc- tion with access management. Test or vaccination certificates are sensitive personal data that require special protection. It is better to leave this information with its owner. With the help of a self-check-in, the owner only transfers the legitimized certificates from the blockchain. At the same time, necessary identity and contact data are recorded to make it easier to trace subsequent contact paths. In this way, the administrative effort for event organizers is significantly reduced and creates data security for visitors.
3. Security and user-friendliness in harmony
Self-sovereign identity enables companies to quickly identify authorized persons and provide them with the ne- cessary authorizations in an unbureaucratic manner. These can be granted temporarily and revoked at any time. This benefits companies with a high fluctuation of (external) employees or guests. In addition, since personal data remains with the user, personal rights are preserved and trust is created. Sectors such as the hospitality industry, which depend on granting access authorizations to guests, benefit in particular from the user-friendly structures of access management with self-sovereign identity.
Example: Room access control
An authorized person verifies his or her identity using legitimate certificates.
Access authorization is linked to verified identity data and stored in a private wallet on the myEGO SSI platform.
The access authorization cannot be passed on thanks to the link to the identity, and it can be revoked at any time.
A hotel guest provides online verified identity data and information about vaccination status or test proof.
The guest is registered in the system and the registration slip can be easily created with the verified data.
The room access permit will be stored in the guest’s private wallet and will have an expiration date.
Single sign-on means automatic logging in to various platforms without having to log in again each time. To do this, the user must verify his or her identity once and thus gain access to the provider’s site.
A clear advantage is the simple login without having to remember access data. For the whole thing to work, you need three parties. A user, an ID and a service provider. We should assume that the ID and service provider trust each other. Starting from the user, an identity and a password are now stored with the ID provider. If a request comes to the service provider, he can check this against the ID provider and log the user in securely.
In general, we can distinguish between two types of SSO. The simple and the complex variant. The former is mainly used in intranets and the latter is used across networks.