Controlling VC disclosure with Terms of Use and ABAC in SSI

Stefano Bistarelli, Chiara Luchini and Francesco Santini
Proceedings of the 40th ACM/SIGAPP Symposium on Applied Computing (SAC 2025), Catania, Italy, 31 March 2025 - 4 April, 2025.
doi: 10.1145/3672608.3707964

Abstract

This paper investigates the role of terms of use within the Self-Sovereign Identity (SSI) system, aiming to establish a model for managing verifiable credentials (VCs) in specific contexts. To this end, we use the termsOfUse field within VCs to formulate an access control policy based on the Attribute-Based Access Control (ABAC) framework, implemented via smart contracts. Furthermore, the paper introduces the concept of a self-generated VC to attest to users' acceptance of terms of use, offering verifiable proof to support users in legal disputes.