Enabling Zero Trust Architectures w/ OAuth2.0 & VC

Enabling Zero Trust Architectures using OAuth2.0 and Verifiable Credentials implements Authentication and Authorization for HTTP-based resources using JWT-encoded Verifiable Credentials.





Additional Info

ZeroTrustVC facilitates capabilities-based access control, supports efficient VC revocation, and enables 'authentication and authorization of every access request' enabling resource access over public, untrusted networks, aka Zero -Trust Architectures (ZTAs).

ZeroTrustVC also enables authorization servers to provide an efficient and privacy preserving revocation mechanism. This revocation mechanism includes a compact list of revoked VCs. At any point, any entity can verify the status of a VC.

Enduser Relevance

The proposed solution offers a more secure way for accessing protected resources--no matter where those resources are located. Our solution facilitates security management, integration of new applications, and interoperability with existing systems.


Athens University of Economics and Business � Research Center. Nikos Fotiou ([email protected]), George C. Polyzos ([email protected]) or Vasilios A. Siris ([email protected])


Not available yet


Our solution is meant for the use case of Capabilities-Based Access Control in a Zero-Trust architecture and is not meant to create a full SSI ecosystem. Read full project summary at https://gitlab.grnet.gr/essif-lab/infrastructure_3/aue-brc/ZeroTrustVC_p

Country:  EL

Status: Early research demo

Category: Decentralized solutions (including blockchain and distributed ledger technologies)

check other similar innovations
Skip to content