Keil, Kenneth-RaphaelBochnia, RicardoGudymenko, IvanKöpsell, StefanAnke, JürgenRoßnagel, HeikoSchunck, Christian H.Sousa, Filipe2024-06-072024-06-072024978-3-88579-744-9https://dl.gi.de/handle/20.500.12116/44104Digital employee cards used for door access control offer benefits, but concerns about traceability, profiling and performance monitoring have led to opposition from workers’ councils and employees. However, the emerging identity management approach, Self-Sovereign Identity (SSI), can address these concerns by giving control over disclosed identity attributes back to the end user. This paper analyzes a real-world access management scenario in a hospital building and applies the SSI paradigm to address the identified issues. The analysis assumes a semi-honest observing attacker sniffing on the payload and the transport layer. The SSI-based proof of concept is shown to have a high potential to protect against traceability and profiling. However, in addition to the careful technical implementation of SSI, it is important to consider non-technical factors such as governance for a holistic solution. We propose potential strategies to further minimize privacy risks associated with SSI-based employee identity management using mediators.enSelf-Sovereign IdentityTraceabilityPrivacyAccess ControlProfilingArchitectureText/Conference Paper10.18420/OID2024_051617-5468