The emergence of the Metaverse as a persistent, immersive, and interoperable digital ecosystem introduces system-level challenges in identity management, security, and privacy protection across networked extended reality environments. Current platforms predominantly rely on centralized or proprietary identity infrastructures, limiting interoperability, reducing user control, and increasing exposure to large-scale behavioral and biometric data collection. This paper presents a system-level research contribution that investigates Self-Sovereign Identity (SSI) as a secure and privacy-preserving identity infrastructure for Metaverse and Extended Reality (XR) systems. Building on an analysis of SSI components and existing Metaverse architectures, the work proposes a modular SSI-based reference architecture integrating decentralized identifiers, verifiable credentials, selective disclosure mechanisms, and DIDComm-based secure messaging. A healthcare-oriented immersive use case illustrates real-time credential exchange and consent-driven data minimization in latency-sensitive clinical consultations. Furthermore, the paper introduces an analytical and comparative risk-assessment framework spanning device, infrastructure, communication, and service layers, operationalized through Service-Level Indicators and Service-Level Objectives to quantify resilience and compliance properties. Comparative evaluation against traditional Electronic Health Record (EHR)-based identity models indicates that SSI-based pipelines significantly reduce systemic exposure, particularly with respect to device security, communication integrity, and consent governance. Overall, the results highlight SSI as a viable foundation for secure, interoperable, and privacy-preserving identity management in networked Metaverse environments, while outlining current limitations and directions for future deployment and standardization.
Saiu et al. (Thu,) studied this question.