SSI4Web: A Self-sovereign Identity (SSI) Framework for the Web

The traditional protected web services rely on a user authentication process. The utilisation of an identifier (e.g. username, email address and so on) and credential (e.g. password) still remains the most widely deployed user authentication process, even though such an authentication process is one of the major sources of security breaches. Moreover, in this traditional setting, the management and sharing of user identity information is cumbersome with limited user controls over their identity data. In recent times, SSI has emerged as a new mechanism for managing and exchanging identity information in a more user-centric and privacy-friendly way. There are many explorations of SSI in different application domains, however, its utility for the web mostly remains unexplored. In this work, we present SSI4Web, a framework for integrating Self-sovereign Identity (SSI) for providing web services in a secure passwordless manner with much more user control and greater flexibility. We provide its architecture, discuss its implementation details, sketch out its use-case with an analysis of its advantages and limitations.