Enabling Decentralised Identifiers and Verifiable Credentials for Constrained IoT Devices using OAuth-based Delegation

Dmitrij Lagutin, Yki Kortesniemi, Nikos Fotiou and Vasilios A. Siris

Decentralised identifiers (DIDs) and verifiable credentials (VCs) are upcoming standards for self-sovereign privacy preserving identifiers and authorisation, respectively. This focus on privacy can help improve many services and open up new business models, but using DIDs and VCs directly on constrained IoT devices can be problematic due to the management and resource overhead. This paper presents an OAuth-based method to delegate the processing and access policy management to the Authorisation Server thus allowing also systems with constrained IoT devices to benefit from DIDs and VCs.