Event Recording

Transatlantic SSI Interoperability: Building the Identity Layer for the Internet


Log in and watch the full video!

Many decentralized identity infrastructures and ecosystems around the world are emerging, but how can we get to true global interoperability, where my digital identity works seamlessly across borders and across different use cases?

Two of the most prominent initiatives in the digital identity space right now are 1. the digital Permanent Resident Card use case supported by the U.S. Department of Homeland Security, and 2. the European Blockchain Service Infrastructure (EBSI) with its various pilot projects.

In this talk, we will look at the "Transatlantic SSI Interop" experiment conducted by an EU company (Danube Tech) and a US company (Digital Bazaar) that shows how such different initiatives can connect and interoperate.

Log in and watch the full video!

Upgrade to the Professional or Specialist Subscription Packages to access the entire KuppingerCole video library.

I have an account
Log in  
Register your account to start 30 days of free trial access
Register  
Subscribe to become a client
Choose a package  
Okay, thanks. Yes. I'm M Abu from den tech. We are a company in Vienna. We're seven people right now. We've been working on decentralized identity technologies for a few years. Myself. I've been quite involved in a number of organizations like W3C as a co tour of the core specification and diff decentralized identity foundation. And we we're most interested in the underlying infrastructure of decentralized identity projects like DAS, very credentials. So we are not a company that's building wallets or end user applications, but we are focused on, on the underlying technologies that, that make everything work. And the title of this presentation is transatlantic SSI. Interpretability, it's essentially a quick report of a, of a project that we did recently, which is about combining or about showing interoperability between two relatively well known initiatives in this, in this space. One is one project or one initiative is what the us department of Homeland security has been doing with their digital permanent resident card.
And the other initiative is here in the U C SF European blockchain service infrastructure, and the use case around digital diplomas that they've been working on. And so we, we did a project. It's not a, it's not a huge initiative. It was three months experiment basically, but we tried to demonstrate how to combine these two things. These two initiatives in the us and in the EU. And I will just first introduce each, each one of these two projects a little bit individually. Maybe you already know about them, but just as a, as a quick summary of what is, what is the one in the us and what is the one in the EU? And then I will show a little bit of what we did in order to, to demonstrate some interoperability, the first one in the, in the us. So the us department of Homeland security, they have something called S V I P the Silicon valley innovation program.
And in this program, they are from time to time looking for companies that help them solve specific use cases, specific problems, and so about, I think two and a half years ago, they had this new announcement or the new call within this program to work specifically on credentials, very fiber credentials, digital equivalence, to some identity documents that they are using, right? Like a permanent resident card. If I want to go to the us, I want to immigrate to the us, I want to work there. I want to live there. I need a permanent resident card, also known as the, as the green card. And they were basically interested in how can you, how can a digital version of that be created? And so they launched this Silicon valley innovation program where a number of companies applied to, to implement that. And so for the last two years, roughly speaking, a number of companies were working on that.
You can see some screenshots of a digital permanent resident card. This is a W3C compliant, verifiable credential using DS using chase and LD. And there were a few other identity documents that were also included in this project, like an, an employee credential. If you work at the company, you get a credential as an employee vaccination credential, age credential. So there were a number of other documents also included. You can, you can see some of them here in a, a screenshot of a wallet, and that's still, that's still ongoing. And there was also a second just mentioning that for, for completeness. There was also a second group of, of use cases within this DHS program, which was less about personal credentials and more about digital trade credentials, supply chain credentials, where the us government was basically interested in using very fiber credentials for demonstrating or for approving the authenticity of imported goods.
Right? So if you import steel, oil lumber, things like that into the, into the us, then they're also interested in using verified credentials for certifying, where that come from, how was it shipped and, and so on. So these were the, the two groups of use cases within the DHS Silicon valley innovation program. And then for the last two years, basically a number of companies were working on implementing a different components, implementing wallets, implementing issue and infrastructure. Here, you can see an issuer, which in this case was the us citizenship and immigration services, which is a part of DHS. So they're the ones that issued a green card. And then on the fire side, TSA, the transportation security administration, those are the people who check your passport at the airport, basically when you arrive in the, in the us. And so collectively a group of companies you see here, our company, but also seek package, secure, key, built, and deployed these different components.
And we did a lot of interoperability testing within that use case, right? So we tried out, can we have one company using their software to issue the permanent resident card, putting it into a wallet of another company, and then presenting it to the, to the verified service provided by a third company. And we tried all the different variations of, of this or department of Homeland security. They were very strict about that. And they said, this was very important to make sure that everyone was compatible with, with everyone else. This is an, an example of the permanent resident card, a digital version of it. We created a vocabulary citizenship vocabulary in, in this program. It was also very important that all new developments or specifications and API happens somewhere in an open collaborative space in this case, in the W3C credentials community group. So the us government basically said, you can build your proprietary software and you can sell it to us, but the interfaces and the specifications, they have to be open so that they could replace software from different vendors if they want to.
So, yeah, this is a classic chase and ad credential with a link data proof signed with, with ed 2 55, 9 signature it's using, and it's using DS. Like I said, this is still ongoing right now. So there are seven companies right now, still in the program that that's us then tech digital matter, secure key working on, on personal credentials and measure Venet and transmute working on more supply chain related use cases. Okay. That was the first project or the first initiative, the S V I P program in the us. The second one is FC S, which has to do with the EU digital wallet initiative and the Eid legislation. I think you've probably heard quite a bit about these things already at the, at the conference, just to summarize FC is the European blockchain service infrastructure, right? So it's a, it's an infrastructure with nodes in with blockchain nodes in different EU member states.
And it's a pretty big ambitious initiative by the European commission to build among other things, to build also digital identity for EU EU citizens. And in terms of scope, this is much broader than what DHS is doing in the, in the us, right? So this is not about solving one specific use case. This is more about really creating digital identity infrastructure for, for the, the whole EU. And in the last two years, basically there's been a pre-production network and some drive specifications. And there have been actually a lot of pilot projects, a lot of co, a lot of groups of companies and universities in different EO member states trying this out, building proofs of concepts and prototypes on these infrastructure. And, and we as tenure tech, we were also part of one of these E C pilot projects, E C for Austria together with two university, with two universities, the technical university of cards and the Vienna university of business and, and economics.
You can see two DS again. So these are now DS on, on the FC, on the FC network. This is also using deeds. This is also using very fiber credentials, very similar to the DHS project in the, in the us here. Again, you can see an example, very fiber credential that we've been working on in, in this project. This is a digital version of a diploma issued by the Vienna university of business and economics, right? So on the left side, you can see the, the physical paper version. It, it says, who is the student who graduated date of birth? When did they graduate? What did they study? What are the results? And on the right side, you see a digital equivalent. And again, very similar to what we did in the DHS project with a digital permanent resident card. In this case, this is also using DS and chase and D w three C compliant, Verifi fiber credentials.
So we were one of these EA pilot projects, relatively small one, just us, 10 tech, and to Austrian universities. But like I said, there were many more and, and continue, continue to be a lot of projects in the EU doing work with, with SIS. So here you see a lot of, a lot more universities. And in the last few months, there's also been a pretty strong focus on cross border interoperability and multi university project. So the EU commission is now encouraging all these pilot projects to work together so that maybe if you get a digital diploma that's issued by an Austrian university, can it be verified in, in Spain or something like that? Right. So they're really promoting that idea right now. We've done a little bit of that already. So we all, we've been working pretty closely also with Berlin technical university. Last year, we already did some early experiments. Can you, can you issue a credential for example, by the university in Berlin and then verify it in, in Austria?
So we are part of both, right? We participated in the DHS project and in the, and in the FC project. And then, and then we thought, well, SSI did very fiber credentials. That's not about one ecosystem. It's not about building silos, but it's about, you know, building common, shared identity infrastructure for the, for the internet. That's what they did and, and VCs and, and so on are supposed to be doing. So we thought maybe we can do a project that shows interoperability between these two things, right on the left. You have this ecosystem or initiative in the us with the government issuing a permanent resident card, and then you can use it at some verify. And then in the U we did the same thing with between universities in, in different countries. So can we do something like this, right? Where for example, the us permanent resident card can be verified by an, by a verifier in, in Europe and, and the other way around.
So to work on that, we applied for a grant. There's a special funding program called NGI Atlantic. It's one of the many grant programs that we have here in the EU. And this one is specifically for always pairing one EU based company with one us based company. So we, as an EU company, we applied for this together with an American partner, which is digital BAAR, they're also very experienced in, in this space. And we said, let's do an experiment that combines these two projects, both on the technical level, but also in terms of narrative. Right? So we also developed a little bit of a, of a story of how someone who wants to immigrate to the us, but has started in, in Europe. And, and so we would try to basically in each one of these projects, there's a very characteristic story, right? So in the, in the us project, there is this, this immigrant named Louis poster and he applies for a permanent resident card.
And then he works in the us and in Europe, there's also in, in E C there also some very common narratives about a student from, from Belgium who then wants to work and apply for a job. So we tried to combine both the, the technical infrastructure and the, the narrative. So here are two narratives that we worked on, right? Ava is a student who graduated from the technical university of cards in Austria, and then she wants to work in the us and the other way around Louis poster, he already works in the us, but then he wants to apply for a PhD program at a, at a European university. And we, we fleshed out these narratives a bit more. So we, we wrote down the exact steps that we wanted to demonstrate where again, on the, this is narrative one, which starts on the EU side, and then there's, and then continues on the, on the us side.
And we developed this together with our American partner digital BAAR where we basically implemented the EU side of the narrative and they implemented the us side of the, of the narrative. So this is the one where the, the student Eva, this starts in the EU. So she studied at the university in, in Austria, and then she obtains a digital diploma issue to her wallet. And then she wants to immigrate to the us where she applies for a permanent resident card. And in the process of applying for that permanent resident card, the us government in this fictional narrative tries to verify the European diploma. And then the second narrative was the other way around where you start on the, on the us side with Louis pastor. So he's, he is already an immigrant in the us. He already has a digital permanent resident card issued by the us government. He has that in his wallet, and then he wants to apply for PhD studies in the, in the U. So he applies. And in the process of doing that in, in this fictional narrative, the, the European university will verify his us permanent resident card.
And yeah, we built that. We built the some mockup websites. We built the infrastructure with deeds and VCs, and we use the, a wallet developed by, by digital BAAR the various various wallet. And you can see some screenshots here, so I don't have live demo, but we have some, we have a block post and video screencast, if you want to look at it in, in detail, but on the screenshots here on the left side, you see the, the issuing website of the technical university of cards in, in Austria. So that's where you that's wherever the student, where she receives her digital diploma, she gets in, in her wallet. And then she applies for a permanent resident card at the department of Homeland security, which we will verify the, the, the diploma issued from the European university. Here. You can see a screenshot of the wallet that has both, right? So this wallet has both an FC compliant. Digital diploma issued using the FC infrastructure and FC specifications here in Europe and digital PRC issued by the department of Homeland security.
We used here's one, one tool that we used for this universal resolver. So the, in terms of technology, both projects are using verifiable compliant, sorry, W3C compliant, verified credentials, both projects we're using chase and LD. So some of you probably know a lot of different lot of different credential formats, right? That's one of the discussions that we're having in the, in the community, which credential format to use, or what are the advantages and disadvantages of different credential formats. In this case, both initiatives, both the us and the EU initiative are, are using the chase and LD very fiber credentials and on the D layer. So the decentralized identifiers, the projects we're actually using different decentralized identifiers, right? So in the EU project, we are, we are using obviously E C E C is, is a deep method, is a type of decentralized identifier, which was used for issuing the digital diplomas.
And on the us side, it's not actually, it's actually not that one that was, that was used this year is a, an example of a, of a D on the, on the so on the IUN IUN network. But the, in, in this project, the, the us side department of home insecurity were using did web did web method. So did method based on, on, on, on web service. And this was one of the things we wanted to demonstrate in this project, right? That on the, on the D layer, even though the FC infrastructure, the us DHS infrastructure were using completely different types of decentralized identifiers, both sides were still able to resolve and use and verify each other's each other's deeds, decentralized identifiers. And that's, that's basically, I just want to quickly mention also, since this is called transatlantic SSI, interpretability, there's also, there have also been some, some workshops and meetings organized jointly by the EU commission and the, and Canadian government representatives of there's has not been a concrete project so far, I think, but there's definitely also interest in, in maybe trying out some transatlantic interoperability between EU and, and Canadian decentralized identity infrastructure based on the and fiber credentials.
So that then maybe these two worlds can also be combined even first, just in an experiment. Like I said, it was not a gigantic project. It didn't really develop all these, all the things that are needed, like trust frameworks and detailed technical specifications. It, it wasn't about that, but it was a quick demonstration of how, how it could work. And there's a, like I said, a nice block post then screencast, you actually can, you can actually see the, the journey where you start on the U side and then you use your credential on the us side or the other way, or the other way around. I have no idea how much time I've been using.
Yeah. I think we're five minutes of board, but given that we are coming, oh, I'm so sorry. The end of the track. It's all good. Round of applause for Marcus. Please take.

Stay Connected

KuppingerCole on social media

Related Videos

Webinar Recording

Unify Identity and Security to Block Identity-Based Cyber Attacks

Join security and identity experts from KuppingerCole Analysts and ARCON as they discuss the importance of securing enterprise credentials, explain why a unified identity security approach in line with Zero Trust principles improve security and efficiency, and describe how to combine…

Analyst Chat

Analyst Chat #152: How to Measure a Market

Research Analyst Marina Iantorno works on determining market sizing data as a service for vendors, service providers, but especially for investors. She joins Matthias to explain key terms and metrics and how this information can be leveraged for a variety of decision-making processes.

Event Recording

Cyber Hygiene Is the Backbone of an IAM Strategy

When speaking about cybersecurity, Hollywood has made us think of hooded figures in a dark alley and real-time cyber defense while typing at the speed of light. However, proper cyber security means, above all, good, clean and clear security practices that happen before-hand and all day,…

Event Recording

The Blueprint for a Cyber-Safe Society: How Denmark provided eIDs to citizens and business

Implementing digital solutions enabling only using validated digital identities as the foundation for all other IAM and cybersecurity measures is the prerequisite to establish an agile ecosystem of commerce and corporation governed by security, protection, management of…

Event Recording

Effects of Malware Hunting in Cloud Environments

How can we help you

Send an inquiry

Call Us +49 211 2370770

Mo – Fr 8:00 – 17:00