The European Union Goes Decentralized - Standards and Technical Architecture Behind eIDAS V2

Can you hear me? Oh, well, very well. So good morning and thanks a lot for inviting us. Really thanks for, for this present. Thanks for the organizer. And I will like also to thank you Christina, and to, and that insisted to have this presentation because today is really amazing seeing so many people interest in a topic like this. It's was very, very technical and delegated to the, to the regulation part. So it it's really amazing seeing this, this, this room full of people.

So today I, I will just try to give you, so I will try to, to leave more, we will try to leave more space to the question. I will give you just an overview, what is df, what's it's meant to be and what, what is this behind the whole process?

And just starting to a, a very quick recap, but it was very well explained before and believe you all know what is EY does is, but I try to explain the, the, the, the acronyms because, because in the name, in my opinion, there is the whole vision of the project because it, it's providing three main pillars that are identification, authentication and signature. Okay? So this are the 3 million main pillars. This is the goal of the entire project as there was envisioned also in the first release.

But we this when new obviously new future and new nuance, that's going to change completely the way that we are using today, the identity and, and the signature. So it was done in 2014. It was quite visionary at that time. It it's plus almost 10 years now. So department started to rev revising that in 2020. And we are very close to finish the process of the legislation. So most probably the ambition is to finish this year or, or the, the beginning of next year. Yeah. The goal is to ize.

So there are, there were a few, obviously limitation on the previous one and that was already mentioned before. But the main one is that we have an arm, we haven't, so harmonized entities, schema today we have, they're working well in May, may, some countries, some other less, it depends from, from the schema, but there are maybe similar, but they're not the same.

They, we created a kind of s per per per per nation, per per member state. And so the the, the idea is to overcome all the critical issue they have the, the regulation has.

So what, what will allow to user to do the new thing. So it's, it's aimed out to, to identify, to let low users to identify themself using digital, public and private services like, or like opening a bank account.

It's, it's meant to support, allow user to improve their age, their age when logging into social networks or any services without sharing any other information. Just proving that they are over 18 or obtain medical prescription store and present digital documents that mobile driver license in different use case in different scenarios. Also membership card. So also information are not necessary. Proper document issued by the government. It's going to led people to sign contract with binding value, legal binding value, and also authorized payment, for example, authorization.

So at glance near the wallet, it looks like this more or less, there's kind of try to summarize what what it is. So we have a bunch of actors that we will see later, maybe better in more details. And we have a pit provider. There is authority, you will be the member state. There will be qaa and eeaa qaa and is a very bad way to describe attestation attributes. So one is eeaa, it's meant to be electronic, electronic attestation of attribute. And q a A stands for qualified electronic attestation attribute.

At the end our always attribute what different value of the meaning that how they are trusted is going to release. And, and the, and the third one is the qa s provider. So because we need to also to provide the function to, to sign on the other side, we will have, so this is providing object providing service to the wallet that the wallet is there. You will see all the, all the later, all the protocols that we are envisioning to use at this moment. And I might change in the future. And the relying party is, is providing the service. And around that there is one very important thing.

This is how we trust each other. All these, all these components, all these people trust all of them.

And, and this is the, there are, there are question marks because it's, many of you have noticed that in the current release of RF is missing this part on purpose because what's quite complex to define in, in general terms in alternative. And we are working on, on, on clarify this part. And I will just switch to Torson to continue on this, this stream and, and, and timeline. Thank You very much. Can you hear me?

Sorry, 1, 2, 3, 4. Check. Check.

Alright, thank you very much. So good morning from my side, I'm here along with my notebook, but I'm assuming that's not, that's not gonna be the trust anchor for YA two, just as an interim solution first all and you know how stable interim solution will be, right?

Alright, so Andrew, Andrew really made a great task in, in, in, in pointing out all the challenges that we're facing as a European union with that really ambitious project, right? And I wanna, I wanna shed some light on the different streams that are going on because that's what this thing makes a very complex program, as Randy told you. And that's on the, on the top of the slide, there is a legislative process going on. It's still going on. So there was a first proposal by the commission for the new regulation and then the parliament and the cons.

So the council is the representatives of the governments of the member states came up with their own ideas and now they're sitting together regularly and talk about how the thing will look like in the end. That's still ongoing. It's called tri luck, right? And in the end, the legislation will be adopted and in some near or distant future, all the citizen, the European Union will get such a wallet or a couple of them. And in parallel we've got the export group. And the export group is, is defining the so-called architecture and reference framework.

And that's the core of what we are gonna talk about today because that's defining the technical underpinning the architecture and the patterns that shall be used going forward in IDAs. And yes, both things happened in parallel.

I per, I personally think that's a positive thing because in the future, in in the past we had the legislation and you all know that from IT projects, right? Someone writes the requirements done and then just be implemented, right? No questions back no cycle. That's how we did it in the eighties. Right Now we do it differently. There is a feedback loop and we, we modify things and we do it in an iterative, iterative way.

So, and I, I personally like the the approach because we not only have the, the A rf, we also will have a reference wallet application that's being built right now based on the, based on the definition in the A R F. And there will be four so-called large scale pilots putting that to a test. Meaning the legislation, the technical underpinnings in different use cases being that identification, mobile driver's license, e-health payments and so on in cross order scenarios. Right? And who in the room here is involved to have a large scale pilot?

Oh wow, okay. That's a lot. You're not sure or believe me, they will come after you and the different large scale pilots focus on different things or different ME member states involved and different focuses or DC for AU for example, focuses on, on education and social security. Nobi is someone here representing nobi. You do a lot of payment, right? Yes. Anything else? No Payment use case. Payment use case.

Okay, thank you. Potential is a consortium that focuses on the identification, mobile driver's license, eHealth signing, so the core use cases could put it that way.

And ewc, who's representative of EWC in the room. So what's, what's the use case? There's travel, payments and organizational identity. Excellent. Can you Repeat it?

Oh, the use cases you mean? No, if some this I've got a mic. The mic. Oh you got it. The e WC use cases are travel and payments for travel and organizational digital identity. And I said excellent. And I think this whole concept makes a lot of sense.

And if, if you compare that to other initiatives, like for example the payment service directive two, there was done a couple of years ago, it was just a waterfall, right? Legislation, a couple of technical standards. And from a metro standpoint right now it's a real mess. Yeah. I hope that will have a better, a better conclusion in the end.

Paolo, may I ask you a question? Can you shed some light on how the legislative process and the work on the ERA F is, is, is is being synchronized. Yeah. So the idea behind the the RF is thought will be also it's supporting the legal process, but the legal process will not end only with the regulation. There will be other acts, the implementing acts, defining specifically the standards.

So that's the reason why the expert group in AI does working group is, is working on the rf because that will be, will be the, the basis for, for the implementing act, describing all the protocols, all, all the, all the standards. So it's a preparatory work for, for that. But may I stress one thing? So I believe this what what just to said is it's is very important because in, in this, in this strategy that the commission has decided to apply running all these things together, there is one message that it's how much is important for the commission, this project more than others.

So the legislation is running. So the effort doing this in parallel is, believe me, it's huge. It's huge. And coordination stuff. So this is I believe, sorry, not need to advocate for the commission, but this is how this is important for for our Europe. Yeah. Do you wanna take the mic?

No, We wanted to, to confirm. Yeah, it's true. We haven't seen that approach for the previous ci IDAs regulation and is very welcome.

Yeah, I mean in the end as as also Andrew Illustrated, right? It's, it's a really bright sprout scope because we need a very good function and digital infrastructure, digital identity infrastructure for the society going forward to work.

Alright, so let's dig a bit into the details of the a f I'm gonna mostly skip that slide. I think you all already have understood that the a RF will, will refer to technical specifications, will provide guidelines and best practices. And it's got right now five use cases that Paola already mentioned. We've got the different roles in the ecosystem. There are technical specifications being referenced, four different authentication flows offline, online, supervised, not supervised, and two different credential types to type one the famous type and type two credentials.

And as I learned in a conversation with Paolo in the morning, two o'clock, something like that, we arrived from the airport. The, the, the era RF is moving towards kind of a different terminology, right? In the beginning, type one was the high security thing and type two was the, well, you can do some experimentation thing which was not that clearly specified. We will see later on, on a later slide what what's the current status is So we know, know or more talking about the P I D and the e a a instead of type one, type two credentials. I think that's more, more tangible for all of us.

That was one of the outcomes. First the outcomes of the, of working in the, in the export group. And I'm saying we, because Christina and myself, we are based on a liaison between open ID foundation and e c now allowed to contribute to that effort as well. Thanks for that.

Alright, so this is kind of the architecture of the thing. So in the center you see the European digital identity wallet and then you've got a couple of provider that provides the different services. Let me start from the top. So we've got the pit provider that's creating, issuing the, the personal identity data for the citizen or the resident. And the assumption typically is that it is are provided by the member state or the member state tasks, someone to do that.

Then we've got Q E A a providers qualified electronic attribute citation providers and they're gonna issue a variety of priority of, of credentials. I mean in the end it's all kinds of verified credentials going forward, right? Universal t diploma mobile driver's licenses tickets?

No, not no, no. QAA is not a ticket. That would be a non-qualified thing. So qualified things I i I assume are multi to the, to the, to the identity and the EAA are, those are providers that issue any kind of credential. They are not as regulated as the Q A I, but from a technical standpoint it's more or less an an issuer of, of any kind of verified credentials.

And if I come back to, to what Andrew raised the trust thing, I think it's even more complex than you said because right now we already have a trust list in every member state and we already have that trust list of the trust lists which is hosted by the European Commission and it's focusing on identity. But if you're now going, going full scaled, issuing university diploma prescriptions and out on know what, those are all different domains and each of those domains has its own governance, governance rules. So we'll see trustless for all of those domains, right?

So it's even a new, a new dimension that I would like to add to that picture. But I also assume we can come up with technical solutions that at least allow us to use the same technology for managing those different trusts. And then we've got the providers that do the qualified electronic signatures. They already exist in, in EI as one, right?

And I, I would say that's the most successful part of, of IDAs one. You agree?

Okay, good. So then on the right hand side we've got the relying party and EU digital identity wallet provider. So the EU digital identity for wallet provider will be an entity that's a new entity and it will be regulated and needs to be certified in the same way as Q TSPs are today. Huh. And on the left hand side you see the different bodies that are Yeah, that have a task or role in that, in that whole process. So for example, conformance assessment body will for example assess the conformity of a EU digital identity wallet provider to the legislature.

And then in the end we've got those trusted list provider. And yes, you see in the center there's a user and I hope, and I agree with Andrew, the user experience is gonna be very, very important. Yeah. But I'm as architect, I want to focus on those, on those canonical computer science rectangles for the moment.

Alright, so let's talk about technology is our question. If you can get back to the previous picture. So as presented before, the trust list is not unimportant, but I see a dotted line to the trust list. So I wonder, and maybe Paolo again, you're close to the center Luxembourg where things happen, how does that link to, for example, and I'm not saying that I'm an advocate of it, but for example to E B S I or the vector scale pilots, any links there or it's completely decoupled, Sorry, between who?

So, So the commission is not only giving subsidies to the four largescale pilot mentioned, but also giving subsidies to things which come out of the e BSI project, like the vector largescale pilot, which is hitting that layer. So I wonder how you see the relationship between the LSPs for the E D I wallet and the fact that a trust list is like our trust anchor.

Yeah, I mean that, that's a quick answer. It's just a, a possible implementation of the trust registry or trust list. So it's one of the option and and it's part of that picture Too question over here as well. But the dot, all of them are dot line just because the beginning we, we didn't focus on that part. So you see there is no scope for now inf the RF was meant to be a document, living document and this will be updated, but obviously the how and if you look closely you will see that one one dotted line is missing because it's missing the dot line from the wallet to the trust list.

But this is, yeah, there are few mistakes. As I say, this is a development process and also for this technical specification and it was will be improved.

But, but just to answer to your question, yes, the epsy is there because that one of the possible implementation of how you manage that part. So can we, the speaker carry on so that we can keep I'm bad, like down. Thank you. We'll come back to you then. Thank you. Here let's quickly talk about the actual technologies underlying the a f. So two big columns, protocols and formats.

And I think bottom line, what needs to be understood is for I, neither of these, you can't just take and run with it as either have been talked from to Torsten, you need to, on top of that, select trust frameworks need to select crypto space. You need to select identifiers. So in the end you would need this kind of interoperability profile that you know, you would implement according to your use case needs and whatnot. And I think two requirements that drove these choices, one is a need to meet different use cases, right?

Like we've been hearing therefore big large scale pilots right now, which, you know, each of them focus on different scenario. And maybe in ideal world we could see, you know, one thing meeting, oh the requirements. But right now the hypothesis is that maybe that's not true. And another thing is let's try meet online, let's try meet the use cases when there is an internet connection, but there is no internet connection, right? So keeping that in mind for protocols for both issuance and presentations. When you ha when you do have internet connection openly for fiber credentials.

So there is available for credential issuance and for referral presentations and the protocol, it builds up on owas and vast experience that that community has been building up throughout, you know, 10 plus years. And the benefit it would give is security in those research has gone into it, but also hopefully helping it across the chasm, right? The systems we have at large scale in production do utilize those us and connect of any connect protocols, right? That's the libraries you guys have. That's the knowledge and expertise that your developers have.

So minimizing that gap to bridge that and make the transition towards this decentralized identity world smoother, but also helping to, you know, benefit like take, take the best of the both worlds, right? And also for proximity when you do not have intern connection. So when you want to present your credential using NFC or Bluetooth low energy connection, let's 18 0 13 dash five. And for formats though, that's the protocol is how you issue and send, right?

How you communicate between three components and formats is how do you express the data that you actually want to, you know, tell about the user. And one again, another requirement is was select disclosure to mini to data.

I, I prefer the word data minimization, but essentially minimizing the data that gets to the verifier in the end. So that was important components, I think that was, that drove some of the decisions. Safety disclosure Jots is a work happening in itf. So if you think jots cannot be selectively disclosed, we are trying to break that now, now, now, now you can, there's this new work happening and for proximity. So you can present both of them, both vector disclosure jobs and iso mdoc using open a fiber credentials.

Unfortunately, right now, if you want to present using NFC and Bluetooth only Isom dog fits that purpose and they're, yeah. So that's kind of the thing.

And yeah, do you want to add something? Yeah, well one of the, of the reasons, or one of the consequences of the fact that Christina just out outlined that in proximity right now, the, the protocol that has been chosen is supporting the mdoc credential format only. There is a requirement in the aircraft that a pit issuer, for example, need to issue the credentials in both formats so that the, the user can then flexibly use that through different protocols.

I guess the hope is that there is some conversions around protocols and so on to that in the online and in the proximity scenarios, there is flexibility, what kind of credentials and what, what credential formats can be used. Do you want to add to that or?

Yeah, I think you very well explained, say the idea at this stage to provide a more flexibility possible. And that's the idea why, why we decide to request both issues and two formats and there are different needs and these formats are supporting.

So that's, that's the reason why, Yeah, it doesn't come for free. It increases the complexity significantly and also has consequences on the, on the way trust is managed. For example, we just came across that in in one of the last meetings. So because Mdoc only supports X 5 0 9 for that, and even though SDK is more flexible, we somehow are tied into that. But that's the consequence, right? And we need to get going and then see how we're gonna start that sort it out. I think we are through now we can take questions no more. No.

Oh, sorry, sorry that Oh no. Yeah, no, just that I will be very, very fast.

So what, what we are working on, so the rest of you already know. So we, so the main topic right now where the expert group is working as a trust model to try to define how the trust will work in details for each of the station, but also in general, in more general sense, you will see updates coming in the next week and to the ref. That's the good things.

Like it's, it's coming in update more or less each month. The revocation, that's somehow part of their trust, trust model and privacy and security consideration, legal person identities, it's also quite important. And other requirements, it's, I mean it's still huge work to do, but yeah, the more, more important pieces are coming next, next month. Cool. Are you ready to take questions? Yes. Right? Yes. There's a lot.

Well, Dan was, Dan was we, we blanked you earlier. So go go ahead Dan.

Yeah, thanks a lot. This is very helpful. So my question coming from a biometrics background is on Elway high, which you need two of three factors. One can be inherent or biometrics, which according to legislation is comparing a physical characteristic against an authoritative source. So in your diagram of to the wallet, will the PI include biometrics that the will be, okay, so how, what is gonna be the authoritative source for biometric and where does that comparison happen? Is it on device or in the member state And the vice?

For now, this has been not properly discussed, but for now there is no intention to put any biometrics due to privacy consideration. But I cannot say the last word because there is ongoing discussion on this point. But right now there is no information of biometrics in the p i t.

Okay, So, so you have a choice of two of three character, two or three factors, but the third factor being inherent are biometrics is not on the table. So you really have a choice of two of two. What about Picture? There's no picture That that is a biometric Slow down. Yeah.

Let's, let's keep it's, it's no down. I I have a simpler question for all of you. So trust model and revocations, right? So that these things have come up a a lot during the talk and, and I feel like there's a, there's an answer which is yeah, that that'll come, we don't know yet.

To me, these things are very much on the critical path of actually being able to do this at scale. And I just wondered, I mean tossed, and I'll look at you for words of comfort, right? About what does the, what does the path look like to actually have those important but very difficult pieces actually on, I Give it a first shot. I think that's the typical situation where there we can all agree we need that. It would be cool to have one mechanism. We can agree on that. Absolutely. And then the next question is what's gonna be the mechanism? And that's where the discussion starts.

And I think that's, that describes the, the situation right now very precisely the trust management mechanism at scale is a general challenge. An unsolved challenge in the SSI slash decentralized identity space has been for years, no one really solved that problem. But there are some pretty pragmatic solutions to that.

I mean, the European Union already uses trusted list, right? I mean, and if you do not fund anything better, let's go on with it, right? I mean it doesn't scale and I would say to really larger numbers of, of, of, of entries. But it's there and it can be used along with long-term validation, which has value, right? And there are other, other concepts like epsy, hazard strategies and so on. There are a lot of different mechanism in the end, they all use similar mechanisms. It's in the end a decision that needs to be made.

And with that, I would Just to take advantage that there are a lot of large scale pilot implementers in the room. We need your help here.

Yeah, we have hypothesis, what should work, what could work but don't. It's a, it's a, it's a, it's a hard balance, right? You don't want to get it wrong and expose privacy on the internet, but at the same time, we have to try it out. We have to, you know, see and prove what works.

So, because if we don't, if we keep, you know, arguing among ourselves, there'll be, you know, couple of huge giants that will just impose their own trust framework on all of us, right? So let's work together on this and figure it out.

Okay, well thank you very much.