Event Recording

An ecosystem for trusted identities


Log in and watch the full video!

 

Log in and watch the full video!

Upgrade to the Professional or Specialist Subscription Packages to access the entire KuppingerCole video library.

I have an account
Log in  
Register your account to start 30 days of free trial access
Register  
Subscribe to become a client
Choose a package  
Awesome. So I'm Adrian Dirk. I'm working at man incubator. We just recently did a rebranding to Neos fair and we launched ID union consortium. And I'm also part of the list team. I talked about the topics of user interfaces and user experiences earlier this day about the wallets and this talk. I want to provide some insights of how we approach the topic as a community. How did we form as a community and where we going? So Idun that's, that's it. Let me take that one. So we built an ecosystem for trusted identities and we're lucky because we were, we have funding by the federal ministry of economic affairs and climate actions. So basically one, two and a half years ago, the ministry said, okay, we need to, we need a solution for the topic of digital identities. And they, they, they provided a tender funding opportunity to come up with a concept of how to approach this solution or this issue and provide a concept for, for a solution.
And 11 concepts were chosen within this or called competition phase. So we had half a year to bring on our concept into more details and describe it. And an optimal case already proved that it somehow works. And then in the beginning of 2020, we, we were lucky to be chosen as one of the four projects and the execution phase. So this innovation project, which is called showcase secure digital identities is going on for three and a half years. In total, we have two years almost. We are into the project already and we will continue for two more years. And Idun is one of the four projects. The other ones are ID D ones, an SD K. And basically we all have the same mission to enable trusted interactions into the internet and make it possible to, yeah, trust, access ditches services, regardless if you're a natural person or legal entity.
And in the end, we all want to come together and have one solution. So that's what we are building. And today I want to provide an overview of how we came together and what you, what, who we are. So basically we are 15 consortium partners. We all got together in the beginning to, to make sure we, we have aligned incentives, aligned goal, common vision. And these are the partners you see, we're quite diverse coming. Some partners from the financial background, some from the industry IOT device manufacturers, as well as the communication communication providers and other providers like research and the research institutions like technical university, Berlin and so on. So we try to really have a quite diverse background to really include all the different stakeholders and their needs. We also have a lot of associated partners, which support our mission. They're not directly funded with, within the framework of I union the showcase project.
However, they're also very much contribute to our, to our shared mission and yeah, make it possible to grow as a community as well as some other contributors. They're actually more than the two. So about the deadline was a bit harsh. So what are we doing? Basically, we built an infrastructure for identification, a identification on authorization identification, ask, who are you authentication ask? Is it you again, an authorization gives you the capability to access some service or actor in something. We build it for national persons. So for the end user, but for wallet, we build it for companies to, to have trusted, trustworthy B2B interactions for, for example, a supplier proving that they own a certain certificate to another supplier and also for things. So for IOT devices that they can prove they have the necessary access rights, for example, to access a resource. And we build it in the principle of self sovereignty.
The, the 10 principles for Christopher Allen, I think are the most known. However, we also are in the process to defining our own ones. What do we understand of what self or identity stands for? Because to be honest, I think a lot of people use the term. And if you ask 10 people, you'll probably get 12 answers of what it actually means. And we build it actually attribute based, meaning that in the end, what you wanna communicate is a certain attribute and what this kind of attribute, where, where it comes from, what container is used as a credential might not be as important in the end, in the end, you wanna say, okay, I live at this address regardless of what credential is used for that. And we all build it decentralized, meaning that we don't use a public key infrastructure, a centralized one, but a decentralized one that doesn't really mean that we are blockchain based.
I think the blockchain part of the SSI is emphasized in the end. It's about a peer to peer interactions, which are important that we connect the user, this the, the device of the user, the wallet directly to our company, to an organization, to a public institution. And what kind of infrastructure we use behind it on a technical level to certify, to verify the authenticity of the verified credential. That's not really relevant. Let's be honest for at least not for the end user. The end user doesn't care if the, if the internet is based on DNS, right? Nobody says the internet is DNS based. We don't really talk too much about that. So I think that the whole blockchain part of all SSI topics is overemphasized. However, we use the decentralized infrastructure as a, as a public key infrastructure to enable to the, a, to verify the authenticity of the credentials.
And we also be data protection friendly with selective disclosure, as well as your knowledge proof, we build an open source soft software, meaning that we built on the Hyperledger stack, specifically Hyperledger indie for the network, as well as Hyperledge areas for the agents, which we use to communicate between different parties. And we aim to have no vendor login, meaning that the users should be able to take the data from his wallet and go to another vendor and insert it there. So data portability is very important. So we need to use common standards, common protocols to enable users to not be locked in the ecosystem, but to, to go from vendor to vendor, if they, if they want to want to, the same is obviously true for organizations, which should be able to go from vendor to one vendor to another and take their credentials to, to move into another application, which is maybe provided by a vendor.
Maybe they want to, to use an open source software, which they run on their own infrastructure and maybe adapt it a bit, right? Everybody should have the choice to, to, to take something which they, which suits the needs. And while we are now very much German focused, especially with the background of the funding of the German government. We, we also have a very much a German European focused because in the end, we, we need a solution which works within the frame of the European European, just chickens, especially considering the revision of the IDAs regulation. That's something obviously, which is very important for us. So we, we strong, strongly want to do something which is not for Germany on, on its own, but actually a European solution, which can be used worldwide.
And how does it work in the end? You have a certain device or a certain resource where you, where you access to, for example, a cloud service, you as a natural person organization, or it device have certain credentials, which you, which you store in, what kind of wallet you ever want can be an edge wallet on the phone. It can be a cloud wallet provided in some kind of infrastructure. And, and then you get credentials issued and you, you can show the credentials, but obviously then the question arises, how do we establish trust? And that's a very important question question. And that's the reason why we came up with a legal entity, which then describes all the different parts of, of the trust infrastructure, which I will talk more in a second.
And basically we have this kind of shared network, which, which we use where we have different notes, which run the network. You see here, the notes where right now are right now, 16 notes, which operate. And we take deep research into regulatory topics. Obviously IDAs is, is one of the biggest topics right now, which we need to find a common solution for. And we also want to participate in a large scale pilots, which are now proposed as a funding attended by the European commission where member states implement use different use cases with the European digital identity wallet. And we are very much looking forward to support a consortium in regards to organizational wallets, that an organization is, is able to prove, to prove to another organization that they, for example, own certain certificates or that they have a verified I bank account number, or that they actually the company who they're supposed to, to say that they're the company, right.
Proving to another company that you're really this company can act in. The interest is very, very valuable. We also take deeper look into cybersecurity. Obviously there's highly technical topic, and I've heard a lot of technical topics today. So I kind of don't wanna deep dive on that interoperability super important because in the end ID union will not be the network which we, everybody will use. Right? In the end, we have a solution which is a network of networks, which are interoperable with each other, basically, meaning that we have an agent from the company, which connects to different, different trust domains to different networks, which might be for example, the European blockchain service infrastructure, or other, other base, other other trust domains. It can also be the DNS service, right? Did web method. We don't need a decentralized infrastructure to establish trust. We can use the existing DNS infrastructure.
So whatever suits we need, you can choose it. And the agent basically handles the interoperability between the networks, and then we have the interoperability between different agents and so on. I think we could also talk about that for ages, but I don't want to go too deep into that. And we also go take a deeper, a look into user acceptance. You might have heard by to in the morning where talked about user interface and user experience aspects of the wallets. So that's obviously very important that we, for example, use terminology that we use processes, which are, which the user understands and that it recognizes even if they change, for example, the wallet. And then we have different use case clusters, which I was show the next slide. And we also have partners on board, which develop their own applications. And so basically ID union is, is the framework for it and enables different software vendors to, to access it on, use the platform to implement use cases.
So for example, I, I do do support the LII team part of the LII team. We develop software for institutions, for organizations, as well as the wallet. And we have other providers like ITOs, they also have a wallet. They also have software for, for different organizations and to implement use cases, we have the business partner agent, which is also Hyperledger project. It is mainly driven by Bosch, but we also are supported from other stakeholders from Canada, for example, other industry partners like Siemens and so on. So it is really across yeah. Across industry, collaborative collaboration in terms of what kind of software we're using. And basically, yeah, you can decide as an organization for whatever software you use. And there's also this Verity cloud agent, which you can use as an organization for verified information. So we have different vendors and we all grow together.
So it's also very much to see that we, as an ecosystem, that we, we need to grow together and we benefit if, if somebody takes new partners on board and have new news cases. So right now we have in the ecosystem are very much aligned incentive structures that everybody wants to have more use cases and it benefits other vendors. If another vendor gets also use cases and adoption. So it's, it's very important. I think when we build ecosystems that the stakeholders have aligned eco incentive structures, some something which, which over time can be really valuable. And then obviously how do we establish trust? We need some kind of regulatory framework for that. And for the network, you also need some kind of a legal entity which then really provides the network or runs the network on a technical level, but also takes into consideration liability issues.
Right? If I get issued a credit card and I use it as a verifiable credential, and for whatever reason, there's some fraudulent action within it, or it's, it's misused, then who's, who's liable for it. Is it the bank who issued a credential? Is it the valid provider? Is it the user who's viable, liable for it? These are all questions which we address as a community together of all the, of all the different stakeholders with a very much connection also to the regulators to ensure that this connection can actually be used in production within the next month. And we decided to go for European cooperative so-called, which basically is a very democratic approach that meaning that one member has one vote. We as commerce bank is big, big company, which yeah, invest a lot of money and time into it. We have the same voting power in the end as a small startup, which just joint because that's only the only way it works, right?
If, if the big companies in the end, the big institutions control everything, then there will not be adoption, right? It needs to be really democratic approach. And we think with this kind of structure, we really have a good solution for that. And then we also have different kind of policy boards, for example, the policy committee, the public sector committee technical committee. So we take inter consideration different aspects of it and try to enable every stakeholder to meet the interest and that they can actually raise concerns for example, and to include their needs in our shared development.
And right now we are in the process of founding this cooperative. So from a research research project, which is ID union, right now, we will transform into a cooperative, which is then open for everybody worldwide. And this obviously raises the question, how do you deal then? How do you make decisions? If for example, also other non-European entities can join and maybe manipulate the, the kind of decision making process here. And we came with the idea to say, okay, we, we want to give them voting rights people because it is necessary, right? You don't wanna leave them out. Totally. It doesn't really work. However, we need to limit it at some to some degree, because we also want, we want that this is a European project from mainly driven from European partners based on European values, meaning that we limit the amount of total voting power, which non-European legal entities can actually achieve in the end.
And there's more information about our governance and FAQ whatsoever of our auto website. So if you're interested into the governance part of it, please take a look and go for a deep dive if you want. And we have different use cases. So basically what we did, we clustered the use cases. For example, e-government public services that we work together with cities, city of cologne. For example, that's taking a deeper look into how to issue a Fisher fishing license, for example, or other other use cases and see, okay, how can we scale that within our region, but also beyond the borders of, of the city and other communes or other other states within Germany. We also have, for example, the educational cluster, which then takes ation, for example, to issue employee credentials within a university, or you issue student ID cards, which then can be used in order to access the library or other courses to register for courses, for example.
But then obviously in the end also issue a certificate, which is then very valuable, imagine studying for four years and then the end receiving a piece of paper. It's very nice. It's nice to have this piece of paper, but it's also very nice to be able to prove, to prove that to another, to another party, which you want to apply for, for example, if you apply for a new job of a new employer, and we did that with all the clusters, and then we decided, okay, we need a use case cluster lead for every cluster. So basically the, the educational use case cluster is led by university. The government case CU use case cluster is led by the ministry of digitalization and economics of north Frank West Follia. And so on the E eHealth cluster is led by disparity. Cluster struck is just here will be talking about that in more detail afterwards.
So we decided to, to give the use case lead or the cluster lead to somebody who's in the, in the domain who knows something about it and who can take on the responsibility to do that independently. So we don't have this kind of overarching project management. So it's rather decentralized and the working packages or use case clusters work independently. And then in the end, or like go get together, obviously at some point, but they're responsible for reaching their own goals on their own. And then we obviously need to have the bigger ecosystem in mind, especially when it comes to open with interoperability, for example, where we closely connected with my D foundation with the trust O IP foundation, the w C the European blockchain service infrastructure and so on. So obviously we need to take the into consideration, especially now with the architecture reference framework from the new AI does.
And we also need to take into consideration the involvement of different public entities, where we very much appreciate the support of the government entities. And that's really valuable to bring all of them together and then have, have a melting pot of ideas from different perspectives. That's super important to not only have the industry coor or only have a government's coor, if they're not talking with each other, how, how should we come up with solutions, which in the end benefit everybody and work for our society. And then also the general, like the everyday relevance is super important in the end. We want to use that. And how often do we really go to, to, to the, the citizen office on interact with the government? It's maybe I think 1.6 times per year, maybe a bit more, but that's not the, the day to day use case a day to use case day to day use case is authentication, for example.
So we need to make sure that we got the, the daily labor elements, and that's also something which we keep in mind and then obviously corporations with different partners, we've Gaia X, for example, with the eco association, the decent identity foundation and so on. So we, we go across to, to collaborate as a bigger ecosystem. And now in 2021 with last year, we, we wanted to, to have incorporation we're a bit delayed about that. We want to do that now within the next months, to be able to implement a productive network, and then being able to implement that on a productive scale, because we're testing that for two years, it works on a technical level. The challenge, which we face is the legal aspect of it. That's, that's, that's the difficult part of it. And then over time when we have productive use cases, which for example, believe be supplier onboarding will be one of the big cases in the beginning.
Then we can really build and like whole ecosystem and really target the more regulated use cases. So in the beginning, obviously we will rather focus on unregulated use cases like authentication, and we achieve daily daily use case relevance by having a lot of different use cases from different sectors, by having a lot of like a big customer base by having big companies with existing customers, as well as a lot of citizens. Yeah. Wanting access to, to public services, as well as a good amount of funding from the, from the government and developing own own software. And if you want to know more ID union, we are LinkedIn, we're on Twitter, and we are happy to, to take also your use case into consideration. If you have any questions regarding the governance structure, or want to want to test applications with us, feel free to reach out to us. And we're happy to talk. Thank you very much.

Stay Connected

KuppingerCole on social media

Related Videos

Analyst Chat

Analyst Chat #152: How to Measure a Market

Research Analyst Marina Iantorno works on determining market sizing data as a service for vendors, service providers, but especially for investors. She joins Matthias to explain key terms and metrics and how this information can be leveraged for a variety of decision-making processes.

Event Recording

Cyber Hygiene Is the Backbone of an IAM Strategy

When speaking about cybersecurity, Hollywood has made us think of hooded figures in a dark alley and real-time cyber defense while typing at the speed of light. However, proper cyber security means, above all, good, clean and clear security practices that happen before-hand and all day,…

Event Recording

The Blueprint for a Cyber-Safe Society: How Denmark provided eIDs to citizens and business

Implementing digital solutions enabling only using validated digital identities as the foundation for all other IAM and cybersecurity measures is the prerequisite to establish an agile ecosystem of commerce and corporation governed by security, protection, management of…

Event Recording

Effects of Malware Hunting in Cloud Environments

Webinar Recording

Advanced Authorization in a Web 3.0 World

Business and just about every other kind of interaction is moving online, with billions of people, connected devices, machines, and bots sharing data via the internet. Consequently, managing who and what has access to what in what context, is extremely challenging. Business success depends…

How can we help you

Send an inquiry

Call Us +49 211 2370770

Mo – Fr 8:00 – 17:00