Go to DBLP homepageSSI Policies Implementing Terms of Use to Control VC Disclosure
Abstract: Physical and digital resources are often governed by "terms of use" which outline the actions that consumers are permitted or prohibited from performing. The resource producer typically enforces these terms and applies them to a wide range of resources, from physical products like games to digital services like websites. In specific scenarios, terms of use may also govern the handling of personal information, for example, enabling a chief executive officer to control the dissemination of employees’ personal and corporate data to prevent unauthorized disclosures. This paper explores the role of terms of use in the context of the Self-Sovereign Identity (SSI) system. Specifically, it aims to establish a model for managing verifiable credentials (VCs) in defined scenarios. To accomplish this, we leverage the terms of use field in VCs to define an access control policy based on the Attribute-Based Access Control (ABAC) model implemented through a smart contract. Additionally, we propose using self-generated VCs to attest to the acceptance of terms of use, offering users a mechanism to provide evidence in potential legal disputes.
Loading