Granting Access Privileges Using OpenID Connect in Permissioned Distributed Ledgers

Permissioned distributed ledger technology (DLT), in which only authenticated entities participate, assumes trust among the participants and implicit consent for data manipulation. In light of international regulations such as the GDPR, it is necessary to clarify the access privileges of user data, even for systems that assume the trust of the participants. In this paper, we propose an access privilege granting method for service providers that need to access user data in permissioned DLT systems. The proposed method separates the access privilege for user data in the distributed ledger from the execution privilege for smart contracts. By requesting a user to grant the access privilege, the participants can manipulate user data using smart contracts. The access privilege is represented by a token issued by OpenID Connect (OIDC). Smart contracts can directly verify the token without the participant’s interference. In this way, all the participants in the DLT network can reach a consensus that data manipulation is based on the user’s consent. We implemented the prototype system with Keycloak, an OIDC-compliant identity provider, and Hyperledger Fabric, a permissioned DLT, and then evaluated its performance. Finally, the overhead of access control is 0.21%, from which we conclude that the load on the system is very small.