Event Recording

Quo vadis, SSI? – Self-sovereign Identity on route to production

Log in and watch the full video!

Self-sovereign identity (SSI) has reached the in-between stage: more than a concept, not yet fully deployed. This is where the work can get the most gruesome and exhausting, but also the most creative and rewarding. While the dedicated W3C standards are reaching maturity levels, we see regulators and government actors jump on board and asking for even more stability across specifications and standards in order to establish real world systems. In fact, we see large pilot projects and implementation programs worldwide. One promising but equally critical development is the eIDAS 2 regulation,  promising dependable answers to questions about governance and trust frameworks that will drive adoption. This short deep dive will give you an orientation of the state of play for SSI in the context of these greater developments – and might provide an outlook for your projects as well.

Log in and watch the full video!

Upgrade to the Professional or Specialist Subscription Packages to access the entire KuppingerCole video library.

I have an account
Log in  
Register your account to start 30 days of free trial access
Subscribe to become a client
Choose a package  
Okay. So it's one of those quotes. That's good to know. And it's where are you going? So we are, SSIS has been a huge topic throughout the entire conference. And the question is, we know it's there. We know it's more, less working, but the next step is now being in production. And the, the question is where are we headed exactly when we are looking at SSI in production? So my name is Irene. I work as mentioned for the company. Yoko Yoko has been founded in 2014 and been with S on the SSI track ever since. So we've got quite a little bit of experience. We've been around at least the European, but also the us block quite a couple of times. So here's our current analysis of things. I'm going to talk about three different tracks. The first one, what has been achieved, because if we are thinking of Christopher Allen's text as being the starting point for SSI, then it's still a fairly, fairly young technology perspective.
So that was 2016, meaning six years now. And in that time, so many things have been achieved, which other technologies took decades to get to. So what is there to celebrate on, but also as a community, what have we not achieved yet? Where do we have to look in the mirror and be quite honest with ourselves and the third one of course, where to focus on and where to get active and without much further ado. So what has been achieved is what we are seeing here today. So as I is a huge global topic, and it has achieved a huge global community and what we are seeing most of all is that the community has established itself and found bodies, entities and organizations most important to mention, of course, are diff decentralized identity foundation, where most of the technical standardization and discussions on where should I actually move and develop, what are the trends are actually happening on the mostly focused technology track.
And then of course, trust over IP, which has also been represented here at EIC, which have more of the whole holistic view of, okay, what is the governance level governance model and the trust framework that we have to use order to marry it to the tech. So tech-minded people look at the D working groups, holistic trust framework, minded people look at trust over working groups. And most of all, I'll get to this later, look at those collaborations efforts where both are in, and then we've got also auxiliary support. Of course, w three C I don't have to explain one of the standardization bodies of the internet. And there you've got the verifiable credentials working group and others, as well as in Nuba, which is fairly new, where you've got the political regulatory alignment efforts, also working groups on identity and SSI. What has also been achieved as a transition to production use cases and implementations that we are seeing.
So there were wonderful use cases from the us here already in Germany. I'm going to hit them in a moment, but we are also seeing not just there were three community coming on and having pilots and having production use cases. We are also seeing productive systems that allowing SSI to enter the web two services. So even there there's been a recognition, decentralized identity is coming and we will have to be interoperable. We will have to align. Also, we are seeing the Canadian public sector use cases. And as well as in Germany, the so-called secure digital identity use cases, which will come up in a moment again, because they also tie to the beginning regulatory recognition we are seeing. So, and with Europe, all of you, I'm pretty sure know that E I does. Two is coming. It's currently being worked on, we have something called the E Ida toolbox working group.
And in that development, SSI is considered as one of the big solution options for moving ahead with citizen identity and the entire digital identity space. What we also are seeing is that there was a wonderful presentation on day one about the Canadian public efforts and the pan Canadian trust framework where it's being developed. And we are also seeing the first white papers coming out of Japan, which is completely different jurisdiction, where we are also have the first SSI trust framework beginnings. And with, with that, as mentioned, one use case study where both comes together is the secure digital identity showcase project within Germany. You are seeing here four different colored blogs and, and they are basically four different cons, which was selected out of a group of 12, which is the competition phase. All of them are consortium that are really diverse. So you've got big tech Boses in their Siemens.
You've got small technology providers like Yoko offering. They smart wallet. You've got universities in there to cover the research academic angle, and you've got communities most of all, to actually bring the use cases to citizens, to active users. And as mentioned here over 40 plus use cases, one of the uneasy ones is government services. The obvious one is also mobility and car sharing options, but many, many more feel free to look them up. They are lasting for three years the first year now about over. And this is basically where Germany is pushing really ahead with digital identity. And all of them are focusing on one interpretation of SSI or another, which was a huge success for the company and community for the technology and community. And so what we are also seeing as a great achievement is the growing interoperability between solutions, because we've all heard it.
If it's silos or basically let's abbreviate this, the age of silos is over, and this is no longer happening in this community. And what we are seeing for example is that the areas inter-op profiles are maturing. We are seeing very high level governmental and other technology and discussion groups on the EU level on the, in Germany as well. And also when looking for example, across the Atlantic at the us there, we've got the DHS Silicon valley program where also interoperability efforts have a huge standing. So for six years, this is quite a lot of achievements for the entire community and the tech, but also the looking in the mirror, what have we not achieved? Where are we not yet ready to face what's coming or what the demand is. And that is, of course, Intel is moving ahead, but it's not fully there. So we've got Intel efforts that are slowed down by legacy issues.
So to speak nobody's at fault for focusing on their own tax stack for focusing on their own solutions. But the fact of the matter is that some solutions are not modular enough that can create a problem because they are not easily interpretable. Another thing is that when focusing exclusively on individual and incremental development steps, then the age of convergence and the readiness for convergence is slowed down. It's basically an agile principle. If you're waiting for the entire thing to be done to then look okay, what are you doing? How can we work together? It might be a little bit more complicated than when the first implementation is done and you start looking, Hey, we are using this track. Should we build bridges now? Or in 15 years might make things easier. Another thing we are seeing is that legacy decisions are still slowing things down.
And here basically, it's a usual thing that if you have got lack of modular modularization as mentioned, but also active projects, if it's running, you don't want to touch it. And so there's always a question of how early can you get into on the track to start IOP efforts, because the later you start, the more complicated and the more nerve-wracking it's going to be. And the third one as much of a community we have, and as established as it is, there are a couple of, for, and there are couple of stages. And therefore, if they are open threats and discussions about where the architecture should be added, how do you unify devices? That's going to be one of the big challenges. I'm going to show that we are already on track to solve these, but this is going to be something where the committee should take care, not to become too splintered.
Then second part of homework for us to do is meeting expectations for scalable productive systems. Because the cool thing as mentioned the tech is of the idea for the technology is six years old, and the demand is massive. So people want to market, people want solutions. People want key labs that can immediately use, but the truth is the governance models and trust frameworks are just being developed and the text being standardized and marrying both together. So they work in harmony is something that we simply haven't done yet because it's just not at the maturity level yet. This is nobody's fault, but this is something that is going to create more and more pressure on the community as we are moving ahead. Another thing is cryptography. So that is going to be needed for data protection reasons and here marrying everything together. So the new principles and new standards, new news spikes with proper cryptography is going to be another piece of framework.
And the last thing is of course, demand is huge. The community is also growing, but at the same time, it's a small number of actors confronted with a lot of demand. And so short term urgent projects are always going to slow down ization projects, because we all know looking for tech talent is a challenge for everyone. And then you have to make a choice to where put people on this project is going to keep the lights on and turn a profit. Or am I going to send them to w three, C or D in order to help with the working group, it's a choice and other things is something not specific to SSI, but of course, UI UX design needs to be on level with what has been offered in the web two solutions string. And of course the business model solution, how to monetize digital identity without going against all the principles and ethics that we actually, as a community want to achieve with it.
And so coming to the final part, oh yeah. And this is actually the thing here. So in Europe, we are seeing the European SSI wallet is coming, or at least the tender for is already growing. We've got the U several examples in Spain of SSI Wallace. We've got the German project. So it looks like as S I is set on track, but this can be a false hope. It's also actually fragile still because within the EI context, we are seeing SSI being considered as a solution, but so are federated. So as centralized solutions. And so this is an open question, which one is going to be there also within the others context, this is starting to become less of an issue, but there were some contradictory features introduced and advocated from the beginning, which would be a unique identifier for citizens, which will turn basically a wallet or digital identity for European citizen into an internal eternal cookie.
And that is not something that's really in alignment, professor side principles. And of course, something we have to look at is all the principles and all the citizen rights are one thing, but the private sector also has to be on board. And therefore the business models, again are question here, and here's a slide typo disregard the text, but here we have two risks is the first, it does SSI completely vanishes from Europe. If things go super, super wrong, which I don't think they will, but the more insidious risk is that we've got these 10 principles formulated for SSI by Christopher Allen. And the question is, will we, in the end get something that is called SSI and slept there as a label, but does no longer fulfill these principles. So something we can no longer recognize as a community for the let's use the word vision that actually was there in the beginning.
So the question and the risk is here, that SSI is coming, but not in the way we wanted to. And then there's a question what has really been achieved? So lots of homework, how to tackle it. The first thing is of course the community should stick together. So as many questions and wonderful debates about architecture decisions, as we have, we should take here to speak with the joint voice and keep all the tech discussions, the framework discussions, keep them open, keep them honest, keep them as passionate as we want them to, but keep them in the, for where they do not delude our voice outside. Because I think a lot of us have made the experience that if a lot of people say, yeah, not like that, no, this is the wrong version. Then after a while, it creates for non-techies and non as I community members idea that, okay, if they don't know what they want, then I can't really ask them for recommendations anymore.
So what has experience has shown is that if we manage to work in the joint for joint collaboration groups, with a joint voice, our recommendations as a community will carry much more weight and be much more convincing compared to federated or centralized options, which let's be honest, half they established lobbying groups and here we just need to take care, not to make rookie mistakes and then taking a small sip. And the second part is, of course, the adoption and deployment then should speed up. Of course, I was mentioned, there's more demand than we can actually service at the moment, but still there's a question of prioritization. And here really the use cases are the multitudes of them, but it would be good to focus on the B2B sector in the beginning, simply because at the moment there's demand, there's developers, there's investors, but also we are seeing that the pilot face is coming to a peak after that it will come to an end and people need perspective about where do I invest afterwards?
Where do I, where's it going to be interesting as a developer, if I want to continue in this phase, I've seen the tech working, the curiosity is assuaged. What is the next challenge? And here, it's going to be crucial to get the private sector on track, to start creating a market by establishing B2B use cases. And then coming to the third one alignment efforts between different governance models and trust frameworks should gradually receive more focus. I was really happy at IC this this week to see that so much focus was on trust frameworks and how to move them forward, how to make them interoperable and also to focus on. But what we are seeing is basically that if we have working as those, I solutions in Japan, in Europe, in Northern America and other jurisdictions, and all of them are wonderful, but they cannot interact with each other.
Then what is really what has been won if I'm using a Japanese credential and then travel to the yes, and nothing is recognized anymore, then we are starting basically again, back from scratch one, and that is not necessary. So this is basically the homework we have to do. And what we can do, what you can do is to support the existing community efforts. And for example, as mentioned, there are interop working groups and collaborations between D and type and trust over IP foundation, which are really, really going to move interoperability efforts forward. Also, we would focus with your companies, with your efforts, if possible, on bringing the private sector into product. So basically into production use cases. And of course what's always needed in this age, still is educating our lawmakers and regulators about digital topics in general, but also about SSI and its principles. And with that, I thank you for your attention. If there are any questions, I'm happy to answer them, but otherwise, thank you.

Stay Connected

KuppingerCole on social media

Related Videos

Event Recording

Cyber Hygiene Is the Backbone of an IAM Strategy

When speaking about cybersecurity, Hollywood has made us think of hooded figures in a dark alley and real-time cyber defense while typing at the speed of light. However, proper cyber security means, above all, good, clean and clear security practices that happen before-hand and all day,…

Event Recording

The Blueprint for a Cyber-Safe Society: How Denmark provided eIDs to citizens and business

Implementing digital solutions enabling only using validated digital identities as the foundation for all other IAM and cybersecurity measures is the prerequisite to establish an agile ecosystem of commerce and corporation governed by security, protection, management of…

Event Recording

Effects of Malware Hunting in Cloud Environments

Webinar Recording

Advanced Authorization in a Web 3.0 World

Business and just about every other kind of interaction is moving online, with billions of people, connected devices, machines, and bots sharing data via the internet. Consequently, managing who and what has access to what in what context, is extremely challenging. Business success depends…

Webinar Recording

A Winning Strategy for Consumer Identity & Access Management

Success in digital business depends largely on meeting customers’ ever-increasing expectations of convenience and security at every touchpoint. Finding the best strategy to achieve the optimal balance between security and convenience without compromising on either is crucial, but can…

How can we help you

Send an inquiry

Call Us +49 211 2370770

Mo – Fr 8:00 – 17:00