Decentralized Identity Federation Using Blockchain for Cross-Organizational Access
摘要
This paper proposes an approach that combines the Federated Identity Management (FIM) framework with blockchain technology to support decentralized Single Sign-On (SSO). Using Self-Sovereign Identity (SSI) for privacy and interoperability alongside smart contracts and a permissioned blockchain operating under the Practical Byzantine Fault Tolerance (PBFT) consensus algorithm the framework enhances the scope of security. As a proof of concept, with a modest three permissioned nodes using a simple Python implementation, the system performs with an authentication latency of 1.2 s and a throughput of 50 transactions per second at 1,000 users. FIM, paired with our protocol, greatly improves the security and auditing functionalities when compared to SAML and OAuth, yet falls behind in scalability. During testing, the system proved to withstand brute-force and distributed denial-of-service attacks. Its implementation might span across various industries, including healthcare and education, maintaining the specifications of the General Data Protection Regulation (GDPR) framework. The framework will be strengthened by the deployment of zero-knowledge proofs (ZKPs); scalability enhancements will be evaluated using layer-2 solutions; and validations from pilot implementations will shape the future direction of the project.