Mapping Functional and Non-Functional Requirements for Self-Sovereign Identity Systems

Short Description: 

Functional requirements (FRs) are of utmost importance that enable a system to work. FRs simply describe what the application should do and refer to the functionality of an application. In contrast, non-functional requirements (NFRs) describe how the system should do that and are abstract terms that frequently describe the performance, security, and reliability of a system. The existing decentralized identity applications base their architectures on principles developed by Allen [1] and Cameroon’s Laws of Identity [2]. [3] extends the initial set of properties for a decentralized application and mentions that some of those can be viewed as requirements that a system should achieve and can be used for evaluation. However, the mentioned properties continue to resemble NFRs, which do not provide a concrete basis for the system analysis. There were very limited attempts to specify FRs for decentralized identity systems, with [4] being the closest work. The authors provide a list of FRs for SSI, but the requirements are not mapped to the NFRs that are extensively described in [1] and [3]. Additionally, the QuarkID whitepaper (Appendix II) [5] maps SSI principles to design principles, which provide a remote resemblance to NFRs. However, the authors did not analyze or discuss those design principles in detail. 

This thesis will focus on the following goals: 

• Identify and formalize the core non-functional requirements (NFRs) based on SSI principles such as privacy, usability, and security.

• Derive functional requirements (FRs) that enable the realization of these NFRs in decentralized identity systems.

• Develop a structured methodology to map FRs to NFRs for SSI system design.

• Validate the mapping through case studies or existing SSI implementations to ensure its practical applicability.

Sources to Consider: 

[1] C. Allen, “The Path to Self-Sovereign Identity”, 2016. URL: https://www.lifewithalacrity.com/article/the-path-to-self-soverereign-identity/.

[2] K. Cameron, “The Laws of Identity”, Microsoft Corporation (2005). URL: https://www.identityblog.com/stories/2005/05/13/TheLawsOfIdentity.pdf.

[3] S. Cucko, S. Becirovic, A. Kamisalic, S. Mrdovic, M. Turkanovic, “Towards the classification of self-sovereign identity properties”, IEEE Access 10 (2022) 88306–88329. Publisher: Institute of Electrical and Electronics Engineers (IEEE). DOI: 10.1109/access.2022.3199414. 

[4] R. Nokhbeh Zaeem, K. C. Chang, T.-C. Huang, D. Liau, W. Song, A. Tyagi, M. Khalil, M. Lamison, S. Pandey, K. S. Barber, “Blockchain-Based Self-Sovereign Identity: Survey, Requirements, Use-Cases, and Comparative Study”, IEEE/WIC/ACM International Conference on Web Intelligence and Intelligent Agent Technology, WI-IAT ’21, Association for Computing Machinery, New York, NY, USA, 2022, pp. 128–135. DOI: 10.1145/3486622.3493917.

[5] QuarkID, “Quark id whitepaper: Self-sovereign identity: Basis of a new decentralized digital ecosystem”, n.d. URL: https://github.com/gcba/WhitePaper/tree/master.

[6] W. Yao, W. Du, J. Gu, J. Ye, F. P. Deek and G. Wang, “Establishing a Baseline for Evaluating Blockchain-Based Self-Sovereign Identity Systems: A Systematic Approach to Assess Capability, Compatibility and Interoperability”, in Proceedings of the 2024 6th Blockchain and Internet of Things Conference, 2024, pp. 108-119.