KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Anne Bailey and Matthias Reinwarth discuss how decentralized identities and verifiable credentials help respond to the pandemic by powering contact tracing applications, immunity passports and other important use cases.
Anne Bailey and Matthias Reinwarth discuss how decentralized identities and verifiable credentials help respond to the pandemic by powering contact tracing applications, immunity passports and other important use cases.
In this episode, Martin Kuppinger and Matthias are discussing the business case for decentralized identity, and why it is finally gaining traction in the enterprise world.
They are exploring the benefits of using decentralized identity for employee onboarding, especially in the context of remote work. They look at the importance of trust and the full lifecycle management in the decentralized identity ecosystem, and how it can lead to more secure and efficient business processes.
This topic is particularly relevant for the upcoming EIC, where experts and thought leaders will be gathering to discuss the latest trends and developments in digital identity. Join KuppingerCole as we explore the world of decentralized identity and its impact on the future of business.
Annie joins Matthias to talk about the topic of Verified Digital Identity. They explore what these are, why they are becoming increasingly important and where they add new aspects to the concept of digital identity. A special focus is put on existing and emerging use cases, where verified digital identities can be beneficial to all types of real life entities in their day by day interaction.
Decentralized Identity is seeing a proliferation of activity -- so much that even experts struggle to make sense of it all. Even the names of the emerging specs have gotten wacky (or, technically, WACI...)
Establishing a verified digital identity is crucial to successful business collaboration and customer engagement in the digital economy. Verifiable Credentials provide a highly secure way of establishing digital identity. However, knowing exactly how to begin using this approach can be challenging.
Annie Bailey and Matthias take a deeper look at the emerging concept of the Global Assured Identities Network (GAIN) and also seek a broader perspective on the benefits and challenges of reusable identities in general.
From digital identity to full scale digital trust, this session is perfect for anyone new to identity, as well as identity professionals who are trying to get a handle on what decentralization is all about and why it is so important for Internet-scale digital trust.
In this session, we will cover a brief history of how the identity landscape has gone through an evolution from the dreaded username and password, through centralized, federated and social logins, to now the need for decentralized solutions that support digital trust for both human and objects.
We will explain the various actors involved in a decentralized identity trust triangle, what role technology plays (e.g., digital wallets and digital credentials), and how governance of an ecosystem fits in to create the trust diamond. We will discuss various technical components that may be employed and what is required — and more importantly what is not? We will also present how decentralized trust solutions can support the trust of objects that have nothing to do with human identity, but are necessary to create a digital trust landscape that enables digital transactions to happen seamlessly, efficiently, and automatically.
We’ll also touch on how the traditional identity solutions and emerging decentralization can co-exist in context appropriate settings.
While the world tries to cope up with the on-going pandemic, cybercriminals have got their hands on a gold mine. Annie and Matthias sit down again to chat about the overall picture of cyberattacks, including COVID-related lures.
Verified identity refers to digital identities that have been verified to describe a real-world identity in digital form. A growing range of service providers support organizations to achieve this for customers, citizens and employees alike. Annie Bailey rejoins Matthias and gives an overview of what "Providers of verified identity" are and which types of services and benefits beyond mere verification should be considered.
The Leadership Compass is available here.
Welcome to the KuppingerCole Analyst Chat. I'm your host. My name is Matthias Reinwarth. I'm an analyst and advisor at KuppingerCole analysts, and I'm joined today by my colleague, Annie Bailey. She is an analyst for emerging technologies at KuppingerCole analysts. And today we will talk about very current topic, but first of all, welcome Annie.
Hi, happy to be back. Happy to have you again. And this time we have real current topic right now, and we will talk about the overlap between the COVID-19 response and the topic of decentralized IDs, verifiable credentials. So what is going on with this decentralized identity and the COVID response?
Where, where are the connection points? Where does this fit together?
Yeah, so it's been really interesting. I'm sure many of you have heard of contact tracing apps. They're popping up all over the place as a way to limit the spread of COVID-19.
Basically, if you are in proximity to somebody who has been tested positive or exposed, or if you yourself have testing positive or exposed, it's a way to let those people who were nearby you, but perhaps you don't know, provides a way to inform them that they may have been exposed. So there was a really interesting statement made by the European parliament. So they said in April that quoting the generated data are not to be stored in centralized databases, which are prone to potential risk of abuse and loss of trust. Ms. Demands that all storage of data must be decentralized.
So this is a really interesting statement and a lot of blockchain developers jumped on it as their opportunity to provide the most privacy responsible contact tracing app. The statement by the European parliament doesn't necessarily mean blockchain or these other decentralized architectures that have been so popular, but it's definitely the way, and it's the connection point for decentralized identity and the COVID response.
So, but the, the solutions that we are seeing now coming into into existence, or the one that is already in existence, for example, for, for Germany, that is really fully decentralized. So where does the actual storage take place and how is communication made for such a, such an application? What are the use cases that we currently support?
Yeah, so the, the contact tracing app is one of many use cases. And you mentioned another, the need for secure communications. So really the ability to securely communicate between a patient and a testing facility to communicate test results in a way that that patient could read, but also that patient could show to others to confirm that they are not positive for COVID-19. There's also another interesting use case of potentially door to door testing.
If a health professional were to go from house to house and offer testing to citizens, there would be a need to verify that testing kit, that individual who is providing the tests, things like that. Yeah. And then a nother use case would be for immunity passport. So this is yet another iteration of secure communications of packaging.
The, the information of a test result into the form that could be shown to a store to allow you to go in, be able to show it to an airline, to be able to purchase a flight tickets, all instances where it would be really advantageous to show that you are not, you don't currently have COVID-19 or perhaps even that you're immune, that you've passed an antibody test.
So these immunity passports are surely something that we should talk about a bit more also, because that, that is really also, there are some critical aspects around that as well, but are there other use cases that the public has not necessarily heard of? Yeah. So one of the major use cases for blockchain in general is to facilitate more transparent supply chain communication. And that's actually even more critical now, as transportation is disrupted, as businesses have to slow down or even close given the health crisis.
So it's become really critical to be made aware of different suppliers of their capacity of their ability to get from point a to B. And so there are some solutions that are being worked on specifically for the COVID-19 crisis to accelerate the searching process that a company would need to go through to find a new supplier. Right.
But, but to have that at scale, for example, supply chain communication that requires interoperability other standards around that we can already use so that we can get to this level of interoperability. Yes, actually this is a really critical time because this is the first time that there are standards that are being widely adopted by different blockchain or decentralized developers. So there's some standards coming out of the W3C and they're called verifiable credentials.
And so even though the situation, this crisis is setting the stage for more decentralized apps and, and use cases that technology and the ongoing global discussion about how best to do this is also maturing to a place where those could happen and actually work together with each other. What means verification in that area? So how can we really know that our credential is trustworthy, that it's really coming from the right issuer and represents the right.
So this is long been an issue with taking a physical ID or a credential, something which is indicating a critical piece of information about individual. This jump between physical to digital, with IDs hasn't been done very well. So in the worst case, you can imagine scanning passport and emailing it.
You know, this has so many privacy issues. Yeah, this is terrible. But for many, in many parts of the world, this is the best option to digitize ID.
And so a, a verifiable credential, something which could be trusted by many different parties as an entirely digital ID is really, really important. And this upcoming standard, or, or rather more widely adopted standard now verified credentials is able to provide this dependability. Yeah. In order to make a better digital option, these verified credentials have to exist in a way that's cryptographically secure it's machine verifiable and is still able to respect the owner's privacy. Right. I'm talking about privacy.
Let's get back to the, to these immunity passports that you've mentioned on the one hand, I fully get the point that it's good to prove to an ally in that I'm not infected right now that I'm maybe even immune, if this will be the case, which we don't know by now, but on the other hand, this is really something that frightens me a bit having to present that proof, which in itself is some kind of laying open my, my, my most private information, which is health information. And if I don't do it, discriminating me not letting me into that plane. So there are a lot of drawbacks here right now.
Am I right? Yeah, absolutely. I'm thinking of immunity passport in particular is really, really problematic because although there, there are arguably ways that you could share your personal health information without oversharing or without completely giving it up. There are some solutions in the health hopper and identity space and the other in decentralized identity that could make that happen.
The, the use case is really crossing some lines in terms of protecting fundamental human rights. And so if we let our imagination, not exactly run wild, but you know, walk a few months or years into the future of having such an immunity passport that would really create a new class of citizen.
You know, someone who is able to travel freely, who's able to work freely and that gives them more privilege. They are more employable. They would be able to negotiate higher salaries and they would really be the sort of person which is in demand. So on the flip side, all of those people who are not able to prove their immunity and become these less privileged citizens.
So it's, you can imagine that person Dean denied the right to be in a public space or having access to services, public transportation. And this would all be under the guide to protecting themselves and others, but that is an infringement on their rights.
Yeah, that was what I mean, when you have this new hire class of citizens, as you described it, then of course, then you also create a class which contains all of these people that cannot, or don't want to present this information and data and would of course be in a situation where they could not participate. But on the other hand is how trustworthy would that information then be, who would issue such an immunity passport and how trustworthy would they be? Could they be inaccurate? Could this be something that we also might want to consider that this information is not trustworthy? Yeah.
So at the moment we're using antibody tests to give an indication of immunity, and there are a few issues with this. So I, of course I'm not a health expert, but as far as I'm aware, there are still many, many things that their ologists and experts don't know about. COVID-19. And so that also plays into the dependability of these antibody tests. It may not be the case that if somebody has developed antibodies after having had COVID-19, that may not really indicate immunity, or maybe only for a short period of time. So the input data to such an immunity passport really has to be questioned.
It may not be dependable, even if the decentralized solution is able to facilitate it. Another issue is that there aren't a lot of different types of antibody tests and they all have varying degrees of reliability.
So again, this is questioning the data that you would be communicating. There's a really high risk with some of these tests for a false positive. That really can't be depended. And as long as that's in question, then the solution will work, Right? So we tech people, we tend to try to solve problems just from a technological point of view.
I think that is a great example, again, that just by having a reliable, verifiable credential in place that does not mean that we can solve every issue with that solution without creating new problems on a, on a very different level when it comes to privacy, when it comes to discrimination to inclusion, to bias, I think that is really a great example then that we should watch that space and to really be careful what to do, what to use and what better to not do what you agree. Yeah, absolutely.
And even though there may be some really compelling use cases for decentralized identity, just because I'm handling this crisis, that seems like a great opportunity to further those goals and those use cases. There are some in compatibility here. So just because we could use the framework for a decentralized wallet to hold your identity credentials, what if those credentials are not dependable? So the input data from these antibody tests that cannot be trusted. So even though you may have the wallet and the ability to securely share that info, it's not going to work.
If the input situation is not dependable. So create that. It's also a really good summary for today's discussion. I assume that you will continue to watch these developments on the one hand from the technological point of view and on the other hand from, yeah. That the social, the impact point of view.
So it, it makes perfect sense for our audience that, that they every now and then have a look at KuppingerCole dot com and look at whether new developments have been happening and that will be then not covered by you there as well. Yeah, absolutely. This is the topic of decentralized really falls on the intersection of technology and social. So there's always something new. So then I would really recommend that we, we cover that topic in a later episode again, when we know more when maybe technologies and our knowledge has improved. And when there is yeah.
More to talk about here and for the time being, thank you very much, any for joining me today, and I'm looking forward to having you in an upcoming episode again.
Yeah. Thanks BTS. It's always a pleasure to be here.