The Self-Sovereign Identity (SSI) is a decentralized paradigm enabling full control over the data used to build and prove the identity. In Internet of Things networks with security requirements, the Self-Sovereign Identity can play a key role and bring benefits with respect to centralized identity solutions. The challenge is to make the SSI compatible with resource-constraint IoT networks. In line with this objective, the paper proposes and discusses an alternative (mutual) authentication process for IoT nodes under the same administration domain. The main idea is to combine the Decentralized IDentifier (DID)-based verification of private key ownership with the verification of a proof that the DID belongs to an evolving trusted set. The solution is built around the proof of membership notion. The paper analyzes two membership solutions, a novel solution designed by the Authors based on Merkle trees and a second one based on the adaptation of Boneh, Boyen and Shacham (BBS) group signature scheme. The paper concludes with a performance estimation and a comparative analysis.

翻译：自主主权身份（SSI）是一种去中心化范式，可实现对构建和证明身份所用数据的完全控制。在具有安全需求的物联网网络中，自主主权身份能发挥关键作用，并相对集中式身份解决方案带来诸多优势。其挑战在于使SSI与资源受限的物联网网络兼容。基于这一目标，本文提出并讨论了一种适用于同一管理域下物联网节点的替代性（相互）认证流程。核心思路是将基于去中心化标识符（DID）的私钥所有权验证与证明该DID属于动态可信集合的认证相结合。该解决方案围绕成员资格证明概念构建。本文分析了两种成员资格方案：一种是由作者基于Merkle树设计的新方案，另一种是基于Boneh、Boyen和Shacham（BBS）群签名方案改编的方案。最后通过性能评估与比较分析对研究进行总结。