Self-Sovereign Identity (SSI) enables user-controlled, cryptographically verifiable credentials. As EU regulations mandate EUDI Wallet acceptance by 2027, SSI adoption becomes a compliance necessity. However, each SSI Verifier exposes different APIs with distinct request parameters, response formats, and claim structures, requiring custom wrappers and dedicated infrastructure, contrasting with OpenID Connect (OIDC) where standardized protocols enable seamless integration. interID is an ecosystem-agnostic platform unifying credential verification across Hyperledger Aries/Indy, EBSI, and EUDI ecosystems. We extend interID with an OIDC bridge providing Verifier-as-a-Service, enabling SSI verification through standard OIDC flows. Organizations receive ID Tokens with verified credential attributes without implementing Verifier-specific logic or deploying infrastructure. The multi-tenant architecture leverages Keycloak with strict tenant isolation. Key innovations include PKCE support, scope-to-proof-template mappings translating OIDC scopes into ecosystem-specific verification requests, and a security analysis identifying novel attack surfaces at the intersection of OIDC, SSI, and multi-tenant architectures, threats covered by neither RFC 6819 nor existing SSI analyses alone. Our evaluation demonstrates security equivalence to production identity providers through threat modeling identifying 11 attack vectors, including seven beyond RFC 6819's scope. Integration analysis shows organizations can adopt SSI authentication with comparable effort to adding traditional federated providers. By combining familiar OIDC patterns with SaaS deployment, our work lowers integration and operational barriers, enabling regulatory compliance through configuration rather than custom development.

翻译：自我主权身份（SSI）支持用户控制且可密码学验证的凭证。随着欧盟法规要求到2027年必须接受EUDI钱包，采用SSI已成为合规性要求。然而，每个SSI验证器都暴露了具有不同请求参数、响应格式和声明结构的API，需要定制封装层和专用基础设施，这与OpenID Connect（OIDC）通过标准化协议实现无缝集成形成对比。interID是一个生态无关的平台，可统一跨Hyperledger Aries/Indy、EBSI和EUDI生态系统的凭证验证。我们通过OIDC桥接扩展interID，提供验证即服务，支持通过标准OIDC流程进行SSI验证。组织无需实现验证器特定逻辑或部署基础设施，即可获得包含已验证凭证属性的ID令牌。该多租户架构利用Keycloak实现严格的租户隔离。关键创新包括：支持PKCE、将OIDC作用域映射为生态特定验证请求的作用域-证明模板映射机制，以及一项识别OIDC、SSI与多租户架构交叉领域新型攻击面的安全分析——这些威胁既未被RFC 6819覆盖，也未被现有SSI分析单独涵盖。我们的评估通过威胁建模识别出11个攻击向量（其中7个超出RFC 6819范围），证明了与生产级身份提供商的安全等效性。集成分析表明，组织采用SSI认证的工作量可与添加传统联邦提供商相媲美。通过将熟悉的OIDC模式与SaaS部署相结合，我们的工作降低了集成和运维门槛，使组织能够通过配置而非定制开发实现法规合规。