Self-Sovereign Identity for Organizations: Requirements for Enterprise Software

In recent years, the decentralized identity management approach known as Self-Sovereign Identity (SSI) has gained popularity. It aims to give individuals and organizations more control over their identities and credentials. Unfortunately, the adoption of SSI is impeded because the SSI community frequently overlooks the requirements of organizations. The organization’s roles as an issuer, verifier, and especially as a holder of Verifiable Credentials (VCs) remain largely unexplored. This is partly because SSI emerged as a user-centric approach focusing on privacy benefits for individuals who act as credential holders. To address this issue, we conducted a multi-method study to identify an initial set of general requirements for organizational SSI software. We used a triangulation approach consisting of a literature review, expert interviews, and product analysis. As a result, we present a comprehensive set of requirements grouped into three main categories: credential management, organizational identity and relationships, and additional requirements. We also examined potential constraints to SSI development and wider adoption in organizational settings. Furthermore, we present gaps between the found organizational-centric requirements and current SSI solutions. Thus, these requirements can serve as a starting point for developing better-tailored SSI software, which represents organizational needs and use cases more closely than current solutions.