{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,23]],"date-time":"2026-04-23T14:56:55Z","timestamp":1776956215155,"version":"3.51.4"},"reference-count":72,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2025,3,20]],"date-time":"2025-03-20T00:00:00Z","timestamp":1742428800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2025,3,20]],"date-time":"2025-03-20T00:00:00Z","timestamp":1742428800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"name":"Universit\u00e4t der Bundeswehr M\u00fcnchen"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["EURASIP J. on Info. Security"],"abstract":"<jats:title>Abstract<\/jats:title>\n          <jats:p>While self-sovereign identities (SSI) have been gaining more traction, the topic of SSI security has yet to be addressed. Especially regarding response procedures to security incidents, no prior work is available. However, incident response processes are essential to systematically respond to a security incident in a timely manner. We first evaluate the current state-of-the-art by conducting a literature survey and contacting organizations that offer SSI. The insights underpin the subject\u2019s relevance, highlighting that incident response capabilities are just starting to be developed. Contributing to this development, we identify the challenges of building a security incident response process for SSI. Mainly, the decentralized nature inhibits the utilization of known best practices, which all focus on building a centralized incident response capability. However, even in the case of SSI, some centralized entities may exist. Therefore, we design two variants of SIR processes: one more centralized and one more decentralized. For the latter, the problem size is reduced in the first step by identifying all the stakeholders within an SSI ecosystem and then analyzing possible proactive and reactive measures each participant can access. This procedure leads to the grouping of SSI system participants into three distinct domains of incident response. For each domain, different capabilities for handling incidents are introduced depending on the involved stakeholders, their infrastructure, and their goals. To demonstrate the procedures, incident scenarios for each domain highlight the workflows during incident handling.<\/jats:p>","DOI":"10.1186\/s13635-025-00195-6","type":"journal-article","created":{"date-parts":[[2025,3,20]],"date-time":"2025-03-20T18:31:22Z","timestamp":1742495482000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Designing a security incident response process for self-sovereign identities"],"prefix":"10.1186","volume":"2025","author":[{"given":"Leonhard","family":"Ziegler","sequence":"first","affiliation":[]},{"given":"Michael","family":"Grabatin","sequence":"additional","affiliation":[]},{"given":"Daniela","family":"P\u00f6hn","sequence":"additional","affiliation":[]},{"given":"Wolfgang","family":"Hommel","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,3,20]]},"reference":[{"key":"195_CR1","doi-asserted-by":"crossref","unstructured":"T. Aditya Sai Srinivas, R. Somula, K. Govinda, in Smart Intelligent Computing and Applications: Proceedings of the 3rd International Conference on Smart Computing and Informatics, Volume 1,\u00a0Singapore, Singapore. Privacy and Security in Aadhaar (Springer, 2020), pp. 405\u2013410","DOI":"10.1007\/978-981-13-9282-5_38"},{"issue":"7","key":"195_CR2","doi-asserted-by":"publisher","first-page":"978","DOI":"10.1080\/1369118X.2019.1668459","volume":"24","author":"P Singh","year":"2021","unstructured":"P. Singh, Aadhaar and data privacy: biometric identification and anxieties of recognition in India. Inf. Commun. Soc. 24(7), 978\u2013993 (2021)","journal-title":"Inf. Commun. Soc."},{"key":"195_CR3","unstructured":"Dutch National Police Force, Global police operation: arrests for online identity theft with millions of victims\u00a0(2023), www.politie.nl\/en\/news\/2023\/april\/5\/operation-cookiemonster.html. Accessed 20 Dec 2024"},{"key":"195_CR4","unstructured":"European Parliament and Council, Regulation (EU) No 910\/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999\/93\/EC. Technical report (2014), https:\/\/eur-lex.europa.eu\/legal-content\/EN\/TXT\/?uri=uriserv:OJ.L_.2014.257.01.0073.01.ENG. Accessed 20 Dec 2024"},{"key":"195_CR5","doi-asserted-by":"publisher","unstructured":"N. Naik, P. Grace, P. Jenkins, in Proceedings of the 7th IEEE Symposium Series on Computational Intelligence (SSCI), Orlando, FL, USA, 05-07 Dec 2021. An Attack Tree Based Risk Analysis Method for Investigating Attacks and Facilitating Their Mitigations in Self-Sovereign Identity (IEEE, Piscataway, 2021), pp. 1\u20138. https:\/\/doi.org\/10.1109\/SSCI50451.2021.9659929","DOI":"10.1109\/SSCI50451.2021.9659929"},{"key":"195_CR6","doi-asserted-by":"publisher","first-page":"102808","DOI":"10.1016\/j.cose.2022.102808","volume":"120","author":"N Naik","year":"2022","unstructured":"N. Naik, P. Grace, P. Jenkins, K. Naik, J. Song, An evaluation of potential attack surfaces based on attack tree modelling and risk matrix applied to self-sovereign identity. Comp. Secur. 120, 102808 (2022). https:\/\/doi.org\/10.1016\/j.cose.2022.102808","journal-title":"Comp. Secur."},{"key":"195_CR7","doi-asserted-by":"publisher","unstructured":"A. Gr\u00fcner, A. M\u00fchle, N. Lockenvitz, C. Meinel, Analyzing and comparing the security of self-sovereign identity management systems through threat modeling. Int. J. Inf. Secur. (2023). https:\/\/doi.org\/10.1007\/s10207-023-00688-w","DOI":"10.1007\/s10207-023-00688-w"},{"key":"195_CR8","doi-asserted-by":"publisher","unstructured":"D. P\u00f6hn, M. Grabatin, W. Hommel, in Open Identity Summit 2023. Modeling the Threats to Self-Sovereign Identities (Gesellschaft f\u00fcr Informatik e.V., Bonn, 2023), pp. 85\u201396. https:\/\/doi.org\/10.18420\/OID2023_07","DOI":"10.18420\/OID2023_07"},{"key":"195_CR9","doi-asserted-by":"crossref","unstructured":"A. Carblanc, in Identity, security and democracy. Human rights, identity and anonymity: Digital identity and its management in esociety (IOS Press, Amsterdam, 2009), pp. 11\u201318","DOI":"10.3233\/978-1-58603-940-0-11"},{"key":"195_CR10","doi-asserted-by":"publisher","unstructured":"H. L\u2019Amrani, B.E. Berroukech, Y. El Bouzekri El Idrissi, R. Ajhoun, in Proceedings of the 4th IEEE International Colloquium on Information Science and Technology (CiSt), Tangier, Morocco, 24-26 Oct 2016. Identity management systems: Laws of identity for models7 evaluation (IEEE, Piscataway, 2016), pp. 736\u2013740. https:\/\/doi.org\/10.1109\/CIST.2016.7804984","DOI":"10.1109\/CIST.2016.7804984"},{"key":"195_CR11","doi-asserted-by":"crossref","unstructured":"J. Sermersheim, Lightweight Directory Access Protocol (LDAP): The Protocol\u00a0(RFC 4511, RFC Editor, Wilmington, 2006), https:\/\/www.rfc-editor.org\/rfc\/rfc4511.txt. Accessed 20 Dec 2024","DOI":"10.17487\/rfc4511"},{"key":"195_CR12","unstructured":"N. Ragouzis, J. Hughes, R. Philpott, E. Maler, Security Assertion Markup Language (SAML) V2.0 Technical Overview\u00a0(Oasis security services technical committee standard, OASIS, Woburn, 2008), https:\/\/docs.oasis-open.org\/security\/saml\/Post2.0\/sstc-saml-tech-overview-2.0.html. Accessed 20 Dec 2024"},{"key":"195_CR13","doi-asserted-by":"crossref","unstructured":"M.B. Jones, D. Hardt, The OAuth 2.0 Authorization Framework: Bearer Token Usage\u00a0(RFC 6750, RFC Editor, Wilmington, 2012), https:\/\/www.rfc-editor.org\/rfc\/rfc6750.txt. Accessed 20 Dec 2024","DOI":"10.17487\/rfc6750"},{"key":"195_CR14","unstructured":"N. Sakimura, J. Bradley, M.B. Jones, B. de Medeiros, C. Mortimore, OpenID Connect Core 1.0 incorporating errata set 1\u00a0(Standard, OpenID Foundation, San Ramon, 2014), https:\/\/openid.net\/specs\/openid-connect-core-1_0.html. Accessed 20 Dec 2024"},{"key":"195_CR15","unstructured":"R. Hedberg, M.B. Jones, A.A. Solberg, J. Bradley, G. De Marco, V. Dzhuvinov, OpenID Federation 1.0 - draft 36\u00a0(Draft, OpenID Foundation, San Ramon, 2024), https:\/\/openid.net\/specs\/openid-federation-1_0.html. Accessed 20 Dec 2024"},{"key":"195_CR16","unstructured":"O. Terbu, T. Lodderstedt, K. Yasuda, A. Lemmon, T. Looker, OpenID Connect for Verifiable Credentials\u00a0(Draft, OpenID Foundation, San Ramon, 2022), https:\/\/openid.net\/specs\/openid-connect-4-verifiable-presentations-1_0-ID1.html. Accessed 20 Dec 2024"},{"key":"195_CR17","unstructured":"T. Lodderstedt, K. Yasuda, T. Looker, OpenID for Verifiable Credential Issuance\u00a0(Draft, OpenID Foundation, San Ramon, 2022), https:\/\/openid.net\/specs\/openid-4-verifiable-credential-issuance-1_0-06.html. Accessed 20 Dec 2024"},{"key":"195_CR18","unstructured":"O. Terbu, T. Lodderstedt, K. Yasuda, T. Looker, OpenID for Verifiable Presentations - draft 20\u00a0(Draft, OpenID Foundation, San Ramon, 2023), https:\/\/openid.net\/specs\/openid-4-verifiable-presentations-1_0.html. Accessed 20 Dec 2024"},{"key":"195_CR19","unstructured":"K. Yasuda, M.B. Jones, T. Lodderstedt, Self-Issued OpenID Provider v2 \u2013 draft 13\u00a0(Standard, OpenID Foundation, San Ramon, 2023), https:\/\/openid.net\/specs\/openid-connect-self-issued-v2-1_0.html. Accessed 20 Dec 2024"},{"key":"195_CR20","unstructured":"E. Maler, M. Machulak, J. Richer, User-Managed Access (UMA) 2.0 Grant for OAuth 2.0 Authorization\u00a0(Kantara Specification, Kantara Initiative, Herndon, 2018), https:\/\/docs.kantarainitiative.org\/uma\/wg\/rec-oauth-uma-grant-2.0.html. Accessed 20 Dec 2024"},{"key":"195_CR21","unstructured":"C. Allen, The Path to Self-Sovereign Identity (2016), www.coindesk.com\/markets\/2016\/04\/27\/the-path-to-self-sovereign-identity\/. Accessed 20 Dec 2024"},{"key":"195_CR22","unstructured":"M. Sporny, D. Longley, M. Sabadello, D. Reed, O. Steele, C. Allen, W3C Decentralized Identifiers (DIDs) v1.0\u00a0(W3C recommendation, W3C, Cambridge, 2022).\u00a0https:\/\/www.w3.org\/TR\/did-1.0\/. Accessed 20\u00a0Dec 2024"},{"key":"195_CR23","unstructured":"M. Sporny, D. Longley, D. Chadwick, Verifiable Credentials Data Model v1.1\u00a0(W3C recommendation, W3C, Cambridge, 2022). https:\/\/www.w3.org\/TR\/vc-data-model\/. Accessed 20\u00a0Dec 2024"},{"key":"195_CR24","unstructured":"J. Hasan, Overview and Applications of Zero Knowledge Proof (ZKP). Int. J. Comput. Sci. Netw. 8, 436\u2013440 (2019)"},{"key":"195_CR25","unstructured":"M. Sabadello, Understanding DID Auth (2018), www.w3.org\/Security\/201812-Auth-ID\/04_-_Day_1_-_Understanding_DID_Auth.pdf. Accessed 20 Dec 2024"},{"key":"195_CR26","unstructured":"Decentralized Identity Foundation, DIDComm Messaging v2.x Editor\u2019s Draft (2024), www.identity.foundation\/didcomm-messaging\/spec\/. Accessed 20 Dec 2024"},{"key":"195_CR27","unstructured":"Sovrin Glossary V3 (2019), https:\/\/docs.google.com\/document\/d\/1gfIz5TT0cNp2kxGMLFXr19x1uoZsruUe_0glHst2fZ8. Accessed 20 Dec 2024"},{"key":"195_CR28","doi-asserted-by":"publisher","unstructured":"D. P\u00f6hn, M. Grabatin, W. Hommel, eID and Self-Sovereign Identity Usage: An Overview. Electronics 10(22), (2021). https:\/\/doi.org\/10.3390\/electronics10222811","DOI":"10.3390\/electronics10222811"},{"issue":"03","key":"195_CR29","first-page":"141","volume":"10","author":"A Hedayati","year":"2021","unstructured":"A. Hedayati, H.A. Hosseini, A Survey on Blockchain: Challenges, Attacks, Security, and Privacy. Int. J. Smart Electr. Eng. 10(03), 141\u2013168 (2021)","journal-title":"Int. J. Smart Electr. Eng."},{"key":"195_CR30","doi-asserted-by":"publisher","first-page":"113436","DOI":"10.1109\/ACCESS.2022.3216643","volume":"10","author":"MR Ahmed","year":"2022","unstructured":"M.R. Ahmed, A.M. Islam, S. Shatabda, S. Islam, Blockchain-based identity management system and self-sovereign identity ecosystem: A comprehensive survey. IEEE Access 10, 113436\u2013113481 (2022)","journal-title":"IEEE Access"},{"key":"195_CR31","unstructured":"T. Guggenberger, V. Schlatt, J. Schmid, N. Urbach, in Proceedings of the Pacific Asia Conference on Information Systems (PACIS), Dubai, UAE, 12-14 July 2021. A Structured Overview of Attacks on Blockchain Systems.\u00a0(AIS, London 2021)\u00a0"},{"key":"195_CR32","doi-asserted-by":"publisher","first-page":"102470","DOI":"10.1016\/j.ijinfomgt.2022.102470","volume":"68","author":"V Schlatt","year":"2023","unstructured":"V. Schlatt, T. Guggenberger, J. Schmid, N. Urbach, Attacking the trust machine: Developing an information systems research agenda for blockchain cybersecurity. Int. J. Inf. Manage. 68, 102470 (2023)","journal-title":"Int. J. Inf. Manage."},{"key":"195_CR33","doi-asserted-by":"publisher","first-page":"22894","DOI":"10.1109\/ACCESS.2021.3054887","volume":"9","author":"BG Kim","year":"2021","unstructured":"B.G. Kim, Y.S. Cho, S.H. Kim, H. Kim, S.S. Woo, A Security Analysis of Blockchain-based DID Services. IEEE Access 9, 22894\u201322913 (2021)","journal-title":"IEEE Access"},{"issue":"15","key":"195_CR34","doi-asserted-by":"publisher","first-page":"5641","DOI":"10.3390\/s22155641","volume":"22","author":"F Schardong","year":"2022","unstructured":"F. Schardong, R. Cust\u00f3dio, Self-Sovereign Identity: A Systematic Review, Mapping and Taxonomy. Sensors 22(15), 5641 (2022)","journal-title":"Sensors"},{"key":"195_CR35","unstructured":"P. Dingle, S. Hammann, D. Hardman, C. Winczewski, S. Smith, Attempts to Abuse a Verifable Credential (2019), https:\/\/github.com\/WebOfTrustInfo\/rwot9-prague\/blob\/master\/final-documents\/alice-attempts-abuse-verifiable-credential.pdf. Accessed 20 Dec 2024"},{"key":"195_CR36","doi-asserted-by":"publisher","unstructured":"D. P\u00f6hn, M. Grabatin, W. Hommel, Analyzing the Threats to Blockchain-Based Self-Sovereign Identities by Conducting a Literature Survey. Appl. Sci. 14(1), (2024). https:\/\/doi.org\/10.3390\/app14010139","DOI":"10.3390\/app14010139"},{"key":"195_CR37","unstructured":"P. Cichonski, T. Millar, T. Grance, K. Scarfone, NIST SP 800-61 Rev. 2 \u2013 Computer Security Incident Handling Guide \u2013 Recommendations of the National Institute of Standards and Technology\u00a0(Technical report, National Institute of Standards and Technology, Gaithersburg, 2012), https:\/\/nvlpubs.nist.gov\/nistpubs\/specialpublications\/nist.sp.800-61r2.pdf. Accessed 20 Dec 2024"},{"key":"195_CR38","unstructured":"ISO, Information technology - Security techniques - Information security incident management - Part 1: Principles of incident management\u00a0(Standard, International Organization for Standardization, Geneva, 2016)"},{"key":"195_CR39","doi-asserted-by":"publisher","unstructured":"P. Cichonski, T. Millar, T. Grance, K. Scarfone, NIST Special Publication 800-61 Revision 2 Computer Security Incident Handling Guide\u00a0(Special publication, National Institute of Standards and Technology, 2012). https:\/\/doi.org\/10.6028\/NIST.SP.800-61r2","DOI":"10.6028\/NIST.SP.800-61r2"},{"key":"195_CR40","unstructured":"ENISA, Good practice guide for incident management (2010), www.enisa.europa.eu\/publications\/good-practice-guide-for-incident-management. Accessed 20 Dec 2024"},{"issue":"4","key":"195_CR41","doi-asserted-by":"publisher","first-page":"2525","DOI":"10.1109\/COMST.2021.3117338","volume":"23","author":"D Schlette","year":"2021","unstructured":"D. Schlette, M. Caselli, G. Pernul, A Comparative Study on Cyber Threat Intelligence: The Security Incident Response Perspective. IEEE Commun. Surv. Tutorials 23(4), 2525\u20132556 (2021). https:\/\/doi.org\/10.1109\/COMST.2021.3117338","journal-title":"IEEE Commun. Surv. Tutorials"},{"key":"195_CR42","doi-asserted-by":"publisher","unstructured":"M. Ioannou, E. Stavrou, M. Bada, in 2019 International Conference on Cyber Security and Protection of Digital Services (Cyber Security). Cybersecurity Culture in Computer Security Incident Response Teams: Investigating difficulties in communication and coordination (2019), pp. 1\u20134. https:\/\/doi.org\/10.1109\/CyberSecPODS.2019.8885240","DOI":"10.1109\/CyberSecPODS.2019.8885240"},{"key":"195_CR43","doi-asserted-by":"publisher","unstructured":"E.M. Redmiles, in 2019 IEEE Symposium on Security and Privacy (SP). \u201cShould I Worry?\u201d A Cross-Cultural Examination of Account Security Incident Response (2019), pp. 920\u2013934. https:\/\/doi.org\/10.1109\/SP.2019.00059","DOI":"10.1109\/SP.2019.00059"},{"key":"195_CR44","unstructured":"REFEDS, A Security Incident Response Trust Framework for Federated Identity (Sirtfi) Version 2\u00a0(Framework, REFEDS, Cambridge, 2022).\u00a0www.refeds.org\/wp-content\/uploads\/2022\/08\/Sirtfi-v2.pdf. Accessed 20\u00a0Dec 2024"},{"key":"195_CR45","unstructured":"REFEDS, Refeds - About (2024), www.refeds.org. Accessed 20 Dec 2024"},{"key":"195_CR46","doi-asserted-by":"crossref","unstructured":"R. Graf, R. King, in Proceedings of the 10th International Conference on Cyber Conflict (CyCon), Tallinn, Estonia, 29 May - 01 June 2018, Piscataway, NJ, USA. Neural Network and Blockchain Based Technique for Cyber Threat Intelligence and Situational Awareness (IEEE, 2018), pp. 409\u2013426","DOI":"10.23919\/CYCON.2018.8405028"},{"key":"195_CR47","doi-asserted-by":"publisher","unstructured":"A. Adebayo, D.B. Rawat, L. Njilla, C.A. Kamhoua, Blockchain-enabled Information Sharing Framework for Cybersecurity (Wiley, New York, 2019), pp. 143\u2013158. https:\/\/doi.org\/10.1002\/9781119519621.ch7","DOI":"10.1002\/9781119519621.ch7"},{"key":"195_CR48","doi-asserted-by":"publisher","unstructured":"F. Reid, M. Harrigan, in Security and privacy in social networks. An Analysis of Anonymity in the Bitcoin System (Springer, New York, 2013), pp. 197\u2013223. https:\/\/doi.org\/10.1007\/978-1-4614-4139-7_10","DOI":"10.1007\/978-1-4614-4139-7_10"},{"key":"195_CR49","doi-asserted-by":"publisher","unstructured":"C. Rondanini, B. Carminati, F. Daidone, E. Ferrari, in Proceedings of the 17th IEEE International Conference on Services Computing (SCC), Beijing, China, 07-11 Nov 2020. Blockchain-based controlled information sharing in inter-organizational workflows (IEEE, Piscataway, 2020), pp. 378\u2013385.\u00a0https:\/\/doi.org\/10.1109\/SCC49832.2020.00056","DOI":"10.1109\/SCC49832.2020.00056"},{"key":"195_CR50","doi-asserted-by":"publisher","unstructured":"B. Carminati, C. Rondanini, E. Ferrari, in Proceedings of the 25th IEEE International Conference on Web Services (ICWS), San Francisco, CA, USA, 02-07 July 2018. Confidential Business Process Execution on Blockchain (IEEE, Piscataway, 2018), pp. 58\u201365. https:\/\/doi.org\/10.1109\/ICWS.2018.00015","DOI":"10.1109\/ICWS.2018.00015"},{"key":"195_CR51","doi-asserted-by":"publisher","unstructured":"C.A. Ardagna, M. Anisetti, B. Carminati, E. Damiani, E. Ferrari, C. Rondanini, in Proceedings of the 17th IEEE International Conference on Services Computing (SCC), Beijing, China, 07-11 Nov 2020. A Blockchain-based Trustworthy Certification Process for Composite Services (IEEE, Piscataway, 2020), pp. 422\u2013429. https:\/\/doi.org\/10.1109\/SCC49832.2020.00062","DOI":"10.1109\/SCC49832.2020.00062"},{"key":"195_CR52","unstructured":"A. Michail, Tackling the Challenges of Information Security Incident Reporting: A Decentralized Approach\u00a0(Ph.D. thesis, University of East London, 2020)"},{"key":"195_CR53","doi-asserted-by":"crossref","unstructured":"B. Putz, M. Vielberth, G. Pernul, in Proceedings of the 17th ACM International Conference on Availability, Reliability and Security (ARES), Vienna, Austria, 24-26 Aug 2022. BISCUIT- Blockchain Security Incident Reporting based on Human Observations (Association for Computing Machinery, New York, 2022), pp. 1\u20136","DOI":"10.1145\/3538969.3538984"},{"key":"195_CR54","unstructured":"D. Reed, J. Law, D. Hardman, The Technical Foundations of Sovrin, A White Paper from the Sovrin Foundation\u00a0(Whitepaper, Sovrin Foundation, 2016).\u00a0https:\/\/www.evernym.com\/wp-content\/uploads\/2017\/07\/The-Technical-Foundations-of-Sovrin.pdf. Accessed 20\u00a0Dec 2024"},{"key":"195_CR55","unstructured":"Sovrin Foundation, Transaction Endorser Technical and Organizational Policies V1 (2019), https:\/\/sovrin.org\/wp-content\/uploads\/Transaction-Endorser-Technical-and-Organizational-Policies-V1.pdf. Accessed 20 Dec 2024"},{"key":"195_CR56","unstructured":"Sovrin Foundation, Steward Technical and Organizational Policies V3 (2023), https:\/\/drive.google.com\/file\/d\/16Fh423ZqRaUVBjgOsVRXk0VOUUKrYv-p\/view. Accessed 20 Dec 2024"},{"key":"195_CR57","unstructured":"Ping Identity, About ShoCard (2020), www.shocard.com. Accessed 20 Dec 2024"},{"key":"195_CR58","unstructured":"uPort, uPort has evolved (2021), www.uport.me. Accessed 20 Dec 2024"},{"key":"195_CR59","unstructured":"S. Nakamoto, Bitcoin: A Peer-to-Peer Electronic Cash System\u00a0(Technical report, Bitcoin, 2008).\u00a0Accessed 20\u00a0Dec 2024"},{"key":"195_CR60","unstructured":"Ethereum Foundation, Welcome to Etherum (2024), https:\/\/ethereum.org\/en\/. Accessed 20 Dec 2024"},{"key":"195_CR61","unstructured":"Lissi GmbH, IDunion \u2013 An ecosystem for trusted identities (2024), https:\/\/idunion.org\/?lang=en. Accessed 20 Dec 2024"},{"key":"195_CR62","unstructured":"TNO, Self-sovereign identity: a simple and safe digital life (2024), www.tno.nl\/en\/technology-science\/technologies\/self-sovereign-identity\/. Accessed 20 Dec 2024"},{"key":"195_CR63","unstructured":"M. Ma, EGI.eu Security Incident Response Procedure\u00a0(Procedure, EGI, Amsterdam, 2011).\u00a0Accessed 20 Dec 2024"},{"key":"195_CR64","unstructured":"Cybersecurity and Infrastructure Security Agency, Traffic Light Protocol (TLP) Definitions and Usage (2022), https:\/\/www.cisa.gov\/news-events\/news\/traffic-light-protocol-tlp-definitions-and-usage. Accessed 20 Dec 2024"},{"key":"195_CR65","unstructured":"DFN, Security Incident Response in der DFN-AAI (2024), www.doku.tid.dfn.de\/de:aai:incidentresponse. Accessed 20 Dec 2024"},{"key":"195_CR66","unstructured":"ISO, Cards and security devices for personal identification \u2013 Building blocks for identity management via mobile devices \u2013 Part 1: Generic system architectures of mobile eID systems\u00a0(Standard, International Organization for Standardization, Geneva, 2023)"},{"key":"195_CR67","unstructured":"European Commission, The European Digital Identity Wallet Architecture and Reference Framework (2023), https:\/\/digital-strategy.ec.europa.eu\/en\/library\/european-digital-identity-wallet-architecture-and-reference-framework. Accessed 20 Dec 2024"},{"key":"195_CR68","unstructured":"O. Steeleand, M. Johnson, G. Dardelet, M. Prorock, S. Shetty, D. Kim Hamilton, Universal Wallet 2020\u00a0(Experimental specification, W3C, Cambridge, 2024). https:\/\/w3c-ccg.github.io\/universal-wallet-interop-spec\/. Accessed 20 Dec 2024"},{"key":"195_CR69","doi-asserted-by":"crossref","unstructured":"A. Khayretdinova, M. Kubach, R. Sellung, H. Ro\u00dfnagel, in Selbstbestimmung, Privatheit und Datenschutz: Gestaltungsoptionen f\u00fcr einen europ\u00e4ischen Weg. Conducting a Usability Evaluation of Decentralized Identity Management Solutions (Springer Fachmedien Wiesbaden, Wiesbaden, 2022), pp. 389\u2013406","DOI":"10.1007\/978-3-658-33306-5_19"},{"key":"195_CR70","unstructured":"NIST, CVE-2022-31020 (2022), www.nvd.nist.gov\/vuln\/detail\/CVE-2022-31020. Accessed 20 Dec 2024"},{"key":"195_CR71","doi-asserted-by":"publisher","unstructured":"M.J. Hossain Faruk, B. Saha, J. Basney, in Proceedings of the 7th Practice and Experience in Advanced Research Computing (PEARC), Portland, OR, USA, 23-27 July 2023. A Comparative Analysis Between SciTokens, Verifiable Credentials, and Smart Contracts: Novel Approaches for Authentication and Secure Access to Scientific Data (Association for Computing Machinery, New York, 2023), pp. 302\u2013305. https:\/\/doi.org\/10.1145\/3569951.3597566","DOI":"10.1145\/3569951.3597566"},{"key":"195_CR72","unstructured":"A. Freitag, A new Privacy Preserving and Scalable Revocation Method for Self Sovereign Identity \u2013 The Perfect Revocation Method does not exist yet\u00a0(Cryptology ePrint Archive, Paper 2022\/1658, 2022)\u00a0https:\/\/eprint.iacr.org\/2022\/1658. Accessed 20 Dec 2024"}],"container-title":["EURASIP Journal on Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s13635-025-00195-6.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1186\/s13635-025-00195-6\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s13635-025-00195-6.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,3,20]],"date-time":"2025-03-20T18:31:54Z","timestamp":1742495514000},"score":1,"resource":{"primary":{"URL":"https:\/\/jis-eurasipjournals.springeropen.com\/articles\/10.1186\/s13635-025-00195-6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,3,20]]},"references-count":72,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2025,12]]}},"alternative-id":["195"],"URL":"https:\/\/doi.org\/10.1186\/s13635-025-00195-6","relation":{},"ISSN":["2510-523X"],"issn-type":[{"value":"2510-523X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,3,20]]},"assertion":[{"value":"21 February 2024","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"20 February 2025","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"20 March 2025","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare no competing interests.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}}],"article-number":"12"}}