Decentralized Identifier and Access Control Based Architecture for Privacy-Sensitive Data Distribution Service

In today's world, users' privacy-sensitive information is collected and managed by organizations and businesses. However, users do not have the option to choose the information that can be shared, nor can they track the sharing process. To address this limitation, we propose a privacy-sensitive information protection and management architecture that incorporates two emerging technologies: (1) Self-Sovereign Decentralized Identifier (DID), and (2) a policy description language to implement an automated access policy control. The proposed architecture defines a schema for privacy-sensitive information and leverages a policy description language to describe policies for handling the privacy-sensitive information to implement automated distribution of information. Users can prove the authenticity of their personal information without the need for centralized control, such as a public key infrastructure. The transaction records of accessing privacy-sensitive information can be tracked while keeping anonymization; no one can identify the real entity of the transacting party. We implemented a prototype system using Hyperledger Aries, Indy, and Sawtooth Projects for the DID management mechanisms, and Open Policy Agent for an automated access policy control.