Data breaches combined with ineffective data management practises pose serious issues to consumers and enterprises, such as identity theft and online exposure. Although the general data protection regulation
(GDPR) attempts to protect the consumers, often companies cannot avoid data breaches. This leads to negative consequences, e.g., companies loosing credibility and paying fines.

In this work, we alleviate the data breach and the user privacy problems by showing how to fit decentralized identities within the context of established enterprise identity and access management technologies. In light of recent endeavours, we explore the usage of decentralized identifiers, verifiable credentials, and blockchains that support self-sovereign identity to foster identity portability, and the decoupling of access control processes with the storage of sensitive data from users.

We propose a simplified access control method that can be applied to cross-organizational identity management, that aims to reduce the impact of data breaches. The Self-Sovereign Identity Access Control (SSIBAC) model leverages blockchain technology to provide decentralized authentication followed by centralized or decentralized authorization. We show that our access control model achieves properties X, Y,Z.

Our preliminary implementation of the model can process one access control request every two seconds, proving to be practical in scenarios not requiring real-time performance.