The Self-Sovereign Identity (SSI) is a decentralized paradigm enabling full control over the data used to build and prove the identity. In Internet of Things networks with security requirements, the Self-Sovereign Identity can play a key role and bring benefits with respect to centralized identity solutions. The challenge is to make the SSI compatible with resource-constraint IoT networks. In line with this objective, the paper proposes and discusses an alternative (mutual) authentication process for IoT nodes under the same administration domain. The main idea is to combine the Decentralized IDentifier (DID)-based verification of private key ownership with the verification of a proof that the DID belongs to an evolving trusted set. The solution is built around the proof of membership notion. The paper analyzes two membership solutions, a novel solution designed by the Authors based on Merkle trees and a second one based on the adaptation of Boneh, Boyen and Shacham (BBS) group signature scheme. The paper concludes with a performance estimation and a comparative analysis.

翻译：自我主权身份（SSI）是一种去中心化范式，可实现对构建和证明身份所用数据的完全控制。在具有安全需求的物联网网络中，自我主权身份能够发挥关键作用，相比于集中式身份解决方案具有诸多优势。面临的挑战是如何使SSI兼容资源受限的物联网网络。基于这一目标，本文提出并讨论了一种面向同一管理域内物联网节点的替代（双向）认证流程。核心思路是将基于去中心化标识符（DID）的私钥持有验证与DID属于动态可信集合的证明验证相结合。该方案围绕成员证明概念构建。本文分析了两种成员解决方案：一种是由作者基于默克尔树设计的新型方案，另一种是对Boneh、Boyen及Shacham（BBS）群签名方案进行适应性改造的方案。最后通过性能评估与对比分析得出结论。