Event Recording

Enterprise Identity: A case study of the EU Gaia-X project


Log in and watch the full video!

Gaia-X Federation Services is a European project that promotes innovation through data sharing and represents the next generation of the data infrastructure ecosystem. To see how we bring about an open, transparent, and secure digital ecosystem, we thus share a practical example and working code of the Gaia-X for the Notarization API.
The aim of this product is to establish digital trust in disclosed data (paper or electronic) for Gaia-X participants to use in the Gaia-X ecosystem. To reach this goal, an issuance module to transform data into digital verifiable credential (VC) is needed. With this component, certification institutions such as government, lawyers, etc. are able to prove the identity and provide data of any organization that desires to be a Gaia-X participant. Thus deliver the desired verified attestation as a digital representation.
This use case on enterprise identity is an example of a contribution to the meta-platform concept: a platform that enables and fosters participant-controlled value transfer across and among other platforms and participants. An open, interoperable, portable, decentralized identity framework is thus a prime candidate for becoming such a meta-platform and for leveraging this aggregate network effect.

Log in and watch the full video!

Upgrade to the Professional or Specialist Subscription Packages to access the entire KuppingerCole video library.

I have an account
Log in  
Register your account to start 30 days of free trial access
Register  
Subscribe to become a client
Choose a package  
Yeah, my name's Kaka I'm founder of severity and severity. So we have a clear focus on what we call life sciences, pharmaceutical industry, eHealth industry, and cyber physical systems, supply chain. That's what we do. And as mentioned Barad. So we are also participating in IUN because we think this decentralized identity is an ecosystem technology, a made platform technology, which means when S and Bob that have never met before they apply the same standards, they did credential some other credential standard, then they can establish trust among, among each other. And by the way, that's the reason why we ended up in the metaverse track, because we are talking about meta platform approach in terms of using standards to establish trust and primarily. So we are focusing on cyber physical systems yeah. On industry for zero and how all this technology can bring a lot of value.
But first of all, I would like to go back to the, to the metaverse. So what is the metaverse? So metaverse is usually applied in kind of virtual combination of virtual reality in terms of gaming, in terms of blockchain, in terms of value transfer, in terms of establishing trust, new connections to participants other tasks, I have never met before the couple of various technologies. And that's basically from, from, from Wikipedia. And Wikipedias also talking about concerns in terms of compliance information, privacy, identity, user safety. These are all concerns, the same concerns stemming from, from social media and internet itself. And that's the reason why we need to come up with a yeah. A meta platform in terms of, we agree on the standard. And some of you have probably seen the gain proposition this year, last year, and exactly what gain is doing, what WC credentials that's, and guy X is doing.
And I think that's also important because people can criticize EK for the one or the other reason, but EK is also philosophy it's philosophy to apply standards, standards that are adopted not only in Germany and France in Europe, but also adopted in Asia and us. So if you can basically establish this meta platform and what I really like this, this, this research paper, which is called decentralized identity, meta platform, or cooperation, beats aggregation, and that's analyzing the 40 years old network skating laws from the internet, and basically making a case, a macroeconomic business case why these standards are so important and why we need a meta platform terms of applying standards. When Allison and Bob coming from two ecosystems can talk to each other and established trust coming briefly back to the metaverse. Okay. In the metaverse I think there are a lot of, kind of talk in place and whatever, but also big corporates joining the metaverse Nike with the sports brands, they open their, their sports through shops.
They sell the NFTs for the avatar. They do all the stuff who else is joining. A lot of banks, banks are joining. And in addition also McDonald's yeah, McDonald's is joining and they base have a nice concept combining a McDonald's store and the metaverse, and then you buy something and then you get delivered to your, to your, to your door at your home in real world at the same time. And in the metaverse the same question as the doc and the internet from New York times, cartoon, how do I know your McDonald's? Yeah. This question is not soft. And we come back to this, how to do this, but it goes beyond, let's say virtual reality and McDonald's other companies and the NFTs, the avatar's also about machines because the metaverse, I suddenly cannot can blend in IOT data, my virtual, augmented reality, and the same problem we have in cyber physical systems.
How do I trust the T data? I get to deliver it in my metaverse how I do do I do this? That is what car ex is doing. It's one of the use case of CarX in the energy world. I have a decentralized energy world with batteries, with solar cells, with wind, with electric cars, with charging. I would like to aggregate a couple of batteries in a big virtual battery, but how do I trust battery? How do I trust the smart meter? How do, how do I know? Let's say hackers not kind of injecting fake data, fake smart meter, fake battery data. Then the anti energy system will not work the same questions I have to solve in the ware. I have to solve in cyber systems as well. It's just one example. And then you have edge and cloud have data on the cloud, have digital shadows, digital twins.
How do I adjust it? What are the trust changes? How do not original Siemens smart meter who deployed it? I need to answer all this question. This is what guy ex about. And it's a core of guy. It's something called Federation services. Sometimes a little bit of change because guy uses different language, different technology. But at the core, if you go a little bit deeper on Federation services, you have identity and trust. And the germ ecosystem is fully kind of focused in the Gaia X to leverage decentralized identity technology. It's the identity and trust layer. It's very fiber credentials, credential training, proper key management, all of this, that's at the core of the, of the guy ex. And now I would like to introduce one example because how do I know it's McDonald's yeah, someone has to do an identity. Proving someone else might need to issue a certificate, a TIF certificate, a proper food handling certificate in McDonald's whatever.
And this is called authorization API, by the way, not only GE also in, in the FC European blockchain service infrastructure, they also talk about authorization APIs. And the basic idea is I issue very fiber credentials assertions about someone. And by the way, that's kind of authorization and the blockchain ecosystems, people talk about Oracles and some systems metaverse is basically the same, the same change we have to, we have to solve here. Cool. That's that's the chart of the not authorization service API. I don't want to go into too much detail, but you see, as the outside world in the outside world, there's a business owner, a business owner wants to get an assertion, a document, a diploma being notarized, a birth certificate, notarized, a membership credential being notarized, and then goes into authorization API. There's a little bit of processing. And then some, yeah, some, some authentication and checking and data mapping.
And in the end credential management, a credential is being exchanged or at least issued credential bot, whatever diploma membership credential. But what's also interesting that the authorization API would like to combine for, for the interim period for rate fitting, would like to combine traditional PKI with DIDs and verify the credentials, this decentralized identity. And that's, that's something what's also being kind of, let's say also developed in the EP C is what's being called bridge. Yeah. And basically you sign, sign an assertion. So with your own did identifier, but also with your E I D signature and via this, you can basically bootstrap your identity in the traditional PKI world. And there are a couple of ways how to do this. So basically do this with the traditional PKI, and then you can issue credentials. And in the verifiable credential world, you can then establish some credential training and yeah, basically bootstraps the trust.
That's that's one example, one of the, let's say key examples, references being discussed in guy exs, that's a membership credential. So there's an a, I S B that's a Belgium non-profit foundation of Gaia X. And it's a headquarter the issue credential to the membership department or to federator. So guy ex that talk about federator that have federator for mobility, for energy, for domains, and then a federator can basically issue membership credentials in a given Federation, such as mobility. And then in a given Federation, I issue principle credential to prove that I am Daimler employee and working for Daimler. I am principle acting on behalf of, of a guy ex member, and he'll see the trust chain. So the green and the blue ones is basically in very far credential world, but at the top, the headquarter has best basically created a super notary credential, safe, issued, and signed with the E I D.
And then you can go up the credential chain right to the top, and then you can even go higher in the traditional PKI world up to the AU trusted list. And that's, that's kind of the concept. Now, the idea how to bring both worlds together, and you cannot only do it in cyber physical systems and guide potentially. You could also do it as metaverse and then connect metaverse to traditional PKI until you see the same thing, credential chain, membership, credentials, some authorization credential federator, whatever department credentials, super not three. And then you can even go up with the E I D credentials up to by the bridge, up to the European union trusted list to establish trust in this. Yeah, what's interesting. There's also authentication authorization being done in, in guy ex basically this module needs to it's, it's a verification module. Relying party needs to talk all the standards.
And when this is being done, you can say, Hey, I have my credentials, I have an identity governance. That's a couple of zero trust architecture principles from this that are applied here and via this credential training and the authorization training, you can basically then provide access to either Porwal or data space. And that's, that's one of the key use cases of car X. One of the first implementations that have been done together with, with X teams and ID union is vaccination proofs because we all all know vaccination proofs. Everyone knows it. So we did it, but we did it for one specific reason why we think it's exciting. Yeah. So we have bonus to issue an experimental base ID. And then we have robot core Institute, either anchored on a, on a ledger or not anchored, but all the rest is using the dead key method.
And then we have the robot core Institute issuing a vaccination authorization, credentials, the doctor, and then the doctor issuing a vaccination credential. I have the entire chain put it in one, one presentation, present it, and then event organizer can basically analyze it. So we all know this. And now with this technology, we have selective disclosure and some other more privacy preserving features. There are a couple of benefits. So this works, but what's interesting. And I think this was really nice. So we are working with comp group medical comp group medical implemented the COVID pass, the traditional COVID pass in the existing doctor information system. Yeah. And with low customization, we swapped the API of the existing in the existing copy group, medical doctor information system. So where COVID credentials are being issued, connected a valid and suddenly we could issue credentials with the valid, with low customization, at least on a functional perspective.
So low customization, if it would go to production, of course, compliance security, legal, couple, couple of further touc here, but functionally, it was super easy to include an API and issue, verify credentials with existing doctor information systems comp medical has a market share of 50% of all doctor information systems. So with one API integration, you can roll it out to every second doctor. And I think this is interesting how great of fitting bootstrapping can be applied to bring this technology in real world. Yeah. Until you see, okay. How does it look like in terms of such such an such an implementation it's kind of standard wallet. You have, your credentials can show them, have your base ID. Next step you are implementing in, in, in ID union and guy health insurance status credentials, because that's important for the doctors that you check, Hey, what's health insurance, are you insured for this specific treatment there's real need?
And there might be even a probability to bring this to production. Cause this is gone. I think COVID credentials are done, but with the health insurance proofs, this, this, this is still still the needs there. So if we at don't do this, we do pharma supply chain use cases in us use the same technology and what's SSU in us. Yeah. We have identical credentials also has trading partner credentials for pharma manufacturers for wholesalers and dispensers. And that's as we speak now being brought into production and yeah. Was a clear domain focus, but I think that's a little bit different us and, and, and the germ European market us is more business focus in this ecosystem, less research and yeah, focus on execution. And I think in Europe and Germany should also kind of move now this technology into execution and less kind of let's say, do go further rabbit terms of research because for domain, for niche, technology is good enough could be used and yeah. And delivers business value. Thank you.

Stay Connected

KuppingerCole on social media

Related Videos

Event Recording

Cyber Hygiene Is the Backbone of an IAM Strategy

When speaking about cybersecurity, Hollywood has made us think of hooded figures in a dark alley and real-time cyber defense while typing at the speed of light. However, proper cyber security means, above all, good, clean and clear security practices that happen before-hand and all day,…

Event Recording

The Blueprint for a Cyber-Safe Society: How Denmark provided eIDs to citizens and business

Implementing digital solutions enabling only using validated digital identities as the foundation for all other IAM and cybersecurity measures is the prerequisite to establish an agile ecosystem of commerce and corporation governed by security, protection, management of…

Event Recording

Effects of Malware Hunting in Cloud Environments

Webinar Recording

Advanced Authorization in a Web 3.0 World

Business and just about every other kind of interaction is moving online, with billions of people, connected devices, machines, and bots sharing data via the internet. Consequently, managing who and what has access to what in what context, is extremely challenging. Business success depends…

Webinar Recording

A Winning Strategy for Consumer Identity & Access Management

Success in digital business depends largely on meeting customers’ ever-increasing expectations of convenience and security at every touchpoint. Finding the best strategy to achieve the optimal balance between security and convenience without compromising on either is crucial, but can…

How can we help you

Send an inquiry

Call Us +49 211 2370770

Mo – Fr 8:00 – 17:00