Event Recording

Cardea: verifiable credentials for health information go open source

Log in and watch the full video!

As an incubator for innovation in air travel, Aruba has chosen to use verifiable digital credentials to manage entry requirements and health testing for travel to the island. This decentralized, open-source technology, which provides secure authentication while preserving traveler privacy, was developed by SITA and Indicio.tech and donated to Linux Foundation Public Health as  Cardea. In this session, representatives from Aruba’s government, Indicio, and SITA will discuss why they chose a decentralized approach, how they created a trusted data ecosystem, and why the ability to verify personal data without having to check in with the source of that data will transform air travel, healthcare, and tourism

Log in and watch the full video!

Upgrade to the Professional or Specialist Subscription Packages to access the entire KuppingerCole video library.

I have an account
Log in  
Register your account to start 30 days of free trial access
Subscribe to become a client
Choose a package  
We sit or welcome? Yeah. If you, yeah. However, you're most comfortable. You're welcome to sit. Sit here. This, yeah. Yeah. So welcome everyone. Thank you. What is really exciting about our conversation today? The three of us have working, working together for two years on the project that we'll be talking to you about. And this is the first time we have been together talking about it in a session on stage. So it's, it's a real, it's almost a anniversary cuz it's been almost two years about this time of year that we started talking. So welcome. What we're talking about today is how C a and the government of Aruba are paving the way for safer traveler travel. And they're doing that by using verified with bull credentials and decentralized identity technology. And so joining to me with me, ah, I guess I lunches got me tongue tied here, but we reset here. Joining me today is Yuri Feliciano, who is information advisor for the government of Aruba and Adrian Sonier, who is program manager at C lab. And he leads the blockchain and digital identity research program. I'm Heather doll, I'm with NCO. And so let's start with you, Adrian. Okay. It's hard to believe two years on here we are. But here it is. And so let's, let's start from the beginning. What was the problem that we were looking to solve when we first started to talk?
Right? So yeah, two years already and happy to be here. So really I think traveling internationally has become more complicated than ever. I mean, we we've traveled long haul recently of course, coming in, we usually have to print a bunch of documents. We're not really sure how they will be used, checked whether they're needed. Even we do have discrepancies sometimes between the, what the airlines mandate, what the, the airport mandates, what the government mandates it's I, I, I feel usually a bit nervous when I go to the airport. It has become more complicated than ever even before the, the, the pandemic. So with all those papers, of course they all manual inspection of papers. So meaning longer lines, people are feeling, feeling anxious about this. So in a nutshell, I would say, we need to enable the conversation direct conversation between the passenger and the arrival government when it comes to international travel. So that's really what we're looking for. A hard can clear people ahead of travel even before the day of travel.
So Yuri Adrian was looking to pre-clear people ahead of travel. Two years ago, this time the island of Aruba was shut to travel and tourism. What was the, the problem you were trying to solve two years
Ago? Yeah, so we are more than 90% dependent on tourism. So shutting down the airport was a very big deal for us. And opening back up was a much bigger deal. And you see this a very important step in, in protecting the traveler in many cases, in order to have the verifiable credentials from the testing and all these different paperworks that had to go through and a base of that problem was the automation of it in order not to have cancellations. So we had several problems two years ago, and one of the options that were presented by, by Cita and in was very attractive, but it also came because we had different type of projects that managed different verification processes. And there were, some of them were automated, but not all, all of them were the same and we couldn't go connect to all of them. So that was also a problem for us, especially being a small island in the Caribbean.
So let's take a look here. I think that gentlemen in the back room had the video that we're going to play. That takes a look at what we did and what we created. What was interesting here is this was tested and trialed with travelers about it. One year ago that we worked on this, it was all based on open source technology that's available today to start building. So now Adrian it's one year on since, since this video was made and we were actually on the ground working and spent many an hour in a test slab at the airport, looking at this, tell us, where did it go from there?
Right. It's been a year ago already. And so with this project, really, we, we we've seen one thing, decentralized identity works to exchange health data. So we've seen it simple doesn't need point to point connection. It is safe. It's based on the, the cryptographic standard we we've seen. And we talked about it in the previous presentation it's data, preserving that of course, what the government was looking to, to, to achieve. So what we've done then is to reuse that trust platform and, and reach it with other health issues and from other jurisdiction in north America, so that we can start seeing exchange of health information between multiple jurisdictions on a very little seamless way. And that's what the central identity is, is about and using the well networks. And then we can start, the passenger can start populating an ETA and electronic travel authorization ahead of travel. So as a reward of submitting this information through the centralized identity, as a passenger, I can get something back. And I think that's very important. Also I have a received from my, my, my effort. I've, I've submitted that information about me and I have what we call the nappy travel account, which is a preclearance to travel to, to Aruba. And I, I feel, I feel good when I go to the airport now.
Absolutely. And I think Yuri, one of the things during the pandemic part of this is we worked with a partner in the us. We have have health information exchanges, and they were a very important part of how we facilitated the privacy preserving nature of the health data. But URI now you're in a situation where you're moving into this post pandemic world. What, what Adrian describes about the seamless traveler and receiving the happy traveler card? What does that now mean on the island, as you look at the work we've done moving forward?
Well, I think, I think first we have to see what we did and how important it was for the island also because you have this inter interoperability within between the labs that was not there before and was a, a big concern for us. So on the health part, this was a nice thing and it, it can keep going, but for, for, for the country itself is the traveler. So the traveler, the benefit for the traveler, not only to have it some type of clearance and seamless, but also while on island to have a much better experience and have the government side also have certain control on issuing or verifying that credential.
So Erie, what really stood out to me from the very first time that we talked was the Island's commitment to a Traveler's privacy, but also an understanding about open source, open standards, open protocols. Why was that open source component important to you?
Well, I think again, one of the great benefits of Aruba is that it's small. So I, that is important. And having the sad that it comes to open source is proven you have a community. So you, you bring in more, more brains, but also the vendor locking part of this, this was also important. And we see this, but I think those were the key, key parts in, especially that I presented to the ministers in order to get disapproved.
When Adrian, when we first started talking CTO was very upfront, like almost the second sentence was C A's position is building a foundation on open source right up. Why was that? Why has C a been so forward on open source is the underpinning of a decentralized identity, verifiable credential work.
So industrial decentralized ecosystem, we, well, we've seen adoption is always a key, a key challenge. We, we need to reach to that critical mass that it, we get value out of this. So we, we quickly understand, well, we, we need to be extremely transparent to bring that trust and open source was natural choice. And we've been also committed to, to open source in, in the past, even before that, that project. So we have to enable conversations between airport, tail lines and governments quite complex ecosystems, so that we bet on the fact that yeah, that, that would bring the, the, the transparency we need and, and the trust. So, and, and finally, it was absolutely natural for us to give something back because every everything we built while we deploy was built on top of open source and using the, the great work of the, all the, the community. So that's why we donated the code where we developed to the open source community and do Linux foundation and created card, which is this platform. Now, if I can, I can say
So. In fact, I would say we were up to our eyeballs in trial and implementation in Aruba when we got the contact from Linux foundation reached out. Yeah. And we were in the middle of trying to do all that and making the decision do, does CDA contribute this? And then what do we call the project and how we start a project? And so that was all happening at the same time we were doing this and donated the code back. So
I, I wanted to, to, to just say something between the, the open source was one thing that we also did, and this was in, in last December, was having two different apps and, and, and verify the same credentials. So this is very important, especially for, for an island that doesn't, you don't have to be proprietary on one single lab or anything like this. So I think that was very
Important. Yes, we, we actually had multiple digital wallets using the same credentials and holding them. And we did that on purpose to show interoperability that the provider was not, it was not a seat of wallet. And we wanted to show that you can develop those standards and be interoperable. And in fact, Cardea has been very forward in drying, participating in I operons and Idra, who is also here has been a part in an leading effort on Cardea and in our athon, once again, another wallet that can hold the credentials, you know, it's interesting, you bring that interoperability up here because what do you see is the future of verifiable credentials as a result of what we've been through for the past two years? How has that opened your eyes towards the future?
Well, in many ways, I think one thing that was very important is this automation part, and that we can verify the, the, the changing of business rules, especially in, in the, em, during the pandemic, you had this, yeah, it's three days, it's 24 hours. It's different. The business rules kept changing and you had this opportunity to actually apply it right away. And I see this moving forward to many other things like right now, we're working on different things of age verification and, and things like this. So there's a lot of
Opportunity when you talk about the constant changing every morning, we, we woke up, we never knew what the day was gonna be like. And that gets, I think, at a good, a good point of why machine readable governance was developed was pre precisely this because things were changing so quickly. And just because Aruba made a decision didn't mean everyone else was making the same decision. And so machine readable governance was created. And also as a was contributed open source to help drive some of the, the quandaries that we've had with governance. And how do you put in governance to scale while still respecting the sovereignty of another of another nation?
And you could revoke that certificate also, which is very important for, for the health part of it.
Yeah. Atrian lessons learned. We've been through a lot, for two years. There are a lot of people who wanna hear, what do you have to share with them?
Yeah. It's been a, it's been a journey. So the first piece of advice maybe is, well, do do your due diligence on data because you have some data that verifiers will, will want, or will need. And for example, an airline might, we want to see the boarding pass, for example, when it comes to, to boarding passenger, but not necessarily want to see the country of citizenship. If there is this pre-approval already on, on the verifiable credential, you don't need to see the, the, even the birthdate. So it's very important to, to exactly know what what's needed so that it's also Foster's adoption. And also second one would be well focused on standards on, on what's already out there. I think it's, it's, it's very important to not reinvent the, the wheel. Also, I would say there's no magic in, in the centralized identity. It's still an it project. You still have to, to integrate the different it system that exists and, and do the design, the architecture, the security assessment. So for spend your time also on integration, because automation at the end is where you get the ultimate benefits of, of this whole, this whole initiative.
And so Yuri, you get the lightning round question to wrap us up real quick. Aruba prides itself is one happy island. What have you learned from this experience to help deliver that to your guest?
Well, I think the traveler using this, this, this experience was very happy, less, less paperwork for sure. One thing, and also the authentication. Also the safety of it that can be brought forward in many different ways. You know, like we said, we go to the club or, or buy pack of cigarettes. You just needed your phone in order to, to cross verify. So it's very important.
Well, thank you. I wanna say thank you for this conversation tomorrow. Annette Bergen is giving a keynote and she's gonna take a deeper dive into the seamless digital travel experience. So I encourage everyone to attend that tomorrow morning. And thank you. Thank you for your time. And.

Stay Connected

KuppingerCole on social media

Related Videos

Webinar Recording

Unify Identity and Security to Block Identity-Based Cyber Attacks

Join security and identity experts from KuppingerCole Analysts and ARCON as they discuss the importance of securing enterprise credentials, explain why a unified identity security approach in line with Zero Trust principles improve security and efficiency, and describe how to combine…

Analyst Chat

Analyst Chat #152: How to Measure a Market

Research Analyst Marina Iantorno works on determining market sizing data as a service for vendors, service providers, but especially for investors. She joins Matthias to explain key terms and metrics and how this information can be leveraged for a variety of decision-making processes.

Event Recording

Cyber Hygiene Is the Backbone of an IAM Strategy

When speaking about cybersecurity, Hollywood has made us think of hooded figures in a dark alley and real-time cyber defense while typing at the speed of light. However, proper cyber security means, above all, good, clean and clear security practices that happen before-hand and all day,…

Event Recording

The Blueprint for a Cyber-Safe Society: How Denmark provided eIDs to citizens and business

Implementing digital solutions enabling only using validated digital identities as the foundation for all other IAM and cybersecurity measures is the prerequisite to establish an agile ecosystem of commerce and corporation governed by security, protection, management of…

Event Recording

Effects of Malware Hunting in Cloud Environments

How can we help you

Send an inquiry

Call Us +49 211 2370770

Mo – Fr 8:00 – 17:00