Markus Sabadello: U.S. Permanent Resident Cards with SSI

Thank you very much. Yes. I think that this event there's already been quite some conversation and presentations about SSI and DS and very fiber credentials and related technologies. Will, I will talk a little bit about one specific project, one specific use case with the us government, where these, these technologies were, were applied. So this was a program that the us government, or specifically the department of Homeland security started over a year ago. It's called the Silicon valley innovation program. That's an initiative where from, from time to time, they look for, for startups who work on, on interesting technologies that could be applicable to some problems that, that the government has. And I, I should probably point out that the department of Homeland security in the United States specifically has supported, did, and verified credential technologies for a very long time. Actually, the very, very first version of the, of the specification was funded through program.
Similar, similar to this one. And this one specifically was, again, it started about over a year ago. This one specifically was about the use of the ATS and the use of verified credentials for government use case. There was a phase one of this project and of this initiative, which finished about in, in May, 2020, and in, in this program related two use cases, basically there were, there were two use cases that the department of formula insecurity was working on. One was about importing raw materials, importing steel lumber, oil materials like that from from foreign countries. And the government was, was interested how verified credentials could be used as a digital replacement or digital equivalent to, to more traditional paper based credentials and documents that that are in use today. So it's basically a, a supply chain use case to, to be able to track and verify the, the origins of, of materials that, and, and to also verify identities of, of companies that are involved in the process of shipping materials from referring country to, to the United States, the, and the second use case, which, which this talk is really is really about, is about the prominent resident card, which, which is better known as the, as the green card.
So that's well known identity document for immigrants to the United States, right? A document that allows you to live and work in the us, which of course today is also a paper based classic identity card. And here again, the government is us government is interested in whether that can be replaced with a digital equivalent, essentially modeled as a, as a verifiable credential with some potential benefits, such as increased security based on, on strong cryptographic algorithms proofs on, on very fiber credentials and, and increased efficiency. So this may not be so relevant at the moment, but at least the last year and the years before the, there are very increasing numbers of, of travelers and passengers and tourists enter in the United States. So right now, as we, as we all know, there's, there's not so much traveling happening in the world, but in, in general travel and immigration and crossing borders is constantly increasing, increasing.
So that government department of Homeland security is also interested in whether these digital equivalent of paper based credentials can be used on one hand to offer more security. And on the other hand to, to increase efficiency and, and this programming, this Silicon valley innovation program. So, but there were these two use cases, and there were seven startups that were selected and finished the phase one of this program, and these seven startups were divided or assigned to, to the two use cases. And this, this talk, we, we focus on on the permanent resident card use case, which also our startup at Daniel tech was, was a part of. And basically during that phase one program, we worked on an, on an architecture where we tried to model the issuance and verification and, and other processes related to the permanent resident cards, using technologies such as DDS and very fiber credentials.
I think this general architecture is, is probably familiar to, to most where we, where we took, where we have an, an issuer, we have a holder and we have a very fire. This is the, this is the triangle that we see in basically everywhere in the SSI ecosystem in, in verified credential architectures. In this case, in this specific use case, the issuer is the us citizenship and immigration services. That's one, one branch within the department, formula and security. They are the ones who process applications for, for green cards, for permanent resident cards, and then decide who, who, whose applications get accepted and who, who can obtain one of the green cards. So we, we said they would be an issue for verified credential and then for verifying the, the credential, the verify role that would, would take the role of the classic relying party and, and accept credentials.
We played with some, some variations of that. So we, on one hand it could be TSA, the transportation security administration. Those are the, the officers, the, the immigration officers at the airports and at the border crossings who check your passport or your, or your green card. So that's another, a different branch also within the department of Homeland securities. So we would have issued and verifiable from department formula and security, but different branches. And we had some variations here. So for example, we also said could be something else, right? If I, if I receive a green card in the United States, I can use it from many things. I can use it for travel. I can also use it for applying for, for jobs to prove that I'm allowed to, to work. And so we had some, some variations there. And the most important part here was that the, the government in, in this program was very clear that different companies, the different startups that we're participating here must be interoperable and replaceable basically. So we set up this architecture where some of the participating startups had a product that allowed the issuance of, of credentials. There were products for verifying credentials, and then there were wallets. There were startups that offered wallets. And in this use case, we were four startups. So remember in total, there were seven startups in the program, but four were assigned to this specific use case. And so among the four of us, we, we tried different combinations where one company, one startup would take the role of and provide issuing, issuing service.
One company would, would provide a verification service. And one, one company would provide a wallet service. And ideally the objective was for everything to be replaceable and interoperable. So here are the, are the startups of the four startups that provided implementation of the credential issuing service, verification service, all of everyone. So all of the participants had a issuing product, had a verification product, and three of the participants were not, not us, but three other participants also had an implementation of a valid service. And so the interesting challenge was to try different combinations of these components and in order to do so, of course, we had to work on standardizing the, the interfaces. So on one hand, we had to work on and test interoperability of protocols for, for an issue, how an issue would, would transmit verified credential to a holder's wallet, how a holder would then present the credential to a verifier here we worked with, with DICOM, which is one prominent protocol in the decentralized identity ecosystem.
And we worked with that's a browser based JavaScript, API credential, handler API. And then we also had to standardized here internal APIs that an issue would use, and that a verified would use if the, the department of Homeland security are specifically the citizenship and immigration service, if they use one of our products provided by these startups, then they wanted to make sure that the, the API will also be standardized and interoperable with others. And one, one very strong assignment that, or requirement that we all had was that the work that we did on these interfaces must be, must be published and must, must be done in an open environment. And we did a lot of, a lot of this work in the WC credentials community group.
Here's some of the technologies that we used obviously did and verified credentials. We used Jason LD. Jason LD is the representation that the format of verified credentials, as I mentioned, we used this chat big credential handler API, a browser based API for issuing and, and presenting credentials. Here's some, some technical examples. So for example, we, we had to work on and, and agree on how we would actually model the, the green card in the form of chasing and the verifiable credentials. So we had to come up with a vocabulary and we had to, to map the, the contents of the, the physical green card, what are the, the attributes, what are the, the claims that, that are on the physical permanent resident card? We map that to, to adjacent LD vocabulary and, and that we were able to issue very fiber credentials with, with attached proofs signatures.
The, so that's one of the, one of the pieces of, of interoperability that was, was important. Then, then we worked on, on this credential handler API. So as I, as I mentioned, that's, that's a browser based interface. So if you, if you open a, an issues website, you, you go to website of the department of Homeland security and they want to issue a verified credential to you. Then within this, this program, we, we use this, this API in combination with a, with a certain format that called the, the presentation request for on one hand for issuing a, a credential to, to a hold. And on the other hand for offering a, a credential to holders, what do you, what do you see on the, on the left side is, is one example of, of a presentation requested your credential query. So this is some, some code through which a verifier can, can request a permanent resident card from a holders wallet on the right side, you'll see a piece of a piece of JavaScript for offering a new verified credential to, to a hold of, for, for storing it in a, in a wallet.
And all of this is, is ongoing, is very much working in progress, but it's happening in public places, in, in the credentials community group, and also in the, the decentralized identity foundation. There's also some work happening on credential exchange. So this, this building block for, for transmitting credentials and requesting and issuing credentials between the issue and the hold and the, and the verify, and, and this is the, this is the, the last piece. This one now is the, the, in the set of internal APIs that, that I mentioned, this is how the department of Homeland security would talk to one of the products in internally that our group of startups would provide, if you want to be an, an issue, and you want to use a product that, that offers issuing and verification capabilities, then we also had the, the assignment to come up with with an open API.
Those are now also also work items in the credential community group. And they have already changed since then. So this is not, not even the latest, latest version. This is all happening very fast, and there's a lot of work in progress, but it's also very important for the government to avoid vendor lock in right to standard and into our problem interfaces. And yeah, based on that, we, we also are specifically, or still from, from transmute. He's, he's very active in writing a test suite. So we, if, if we have these, these products that implement these interfaces and APIs, we also had a, an automated set of automated tests that will test the endpoint of different participants in the program to check if everybody quite the same interface has the right inputs and outputs. And based on that, there are some, some test results. And all of that is, is also also public.
I can try to do a very quick demo. I think I have just few minutes, a few minutes left. Let me switch to, to my browser. I will, I will try to show a demo website that we built that, that simulates the website of the citizenship and immigration service. The assumption here is that somebody has just received their physical green card in the mail. And with that, they received some kind of authorization code, which they can enter here. This is a demo. This is a mock up. This doesn't actually check, check. The code is very simple demo, but then, then there is a button. If, if I click on this, this will invoke the, the chappy interface that I, that I mentioned, the browser based API to invoke a wallet, a browser based wallet, I can actually choose between different wallets provided by different startups to see if there's interoperability.
And this case is actually a two step process. First I have to select the wallet. And then I, then actually in the next step, I receive a, a credential that could be collapsed into, into one step. But for documentation purposes, these are two separate steps. Anyway, I'm being, being offered here, a credential, the digital equivalent to a permanent resident card. I can look into my, my wallet. I can, this is a browser based wallet. And then, and then I could use this. I could use this credential here in this case in a, in a fictional job application platform. And in this job application platform, I have to prove that I am allowed to work in the United States. So again, if I press here invokes this chappy interface, it opens my browser based wallet. And from that wallet, I can present the verified credential. That is the permanent resident card.
Now behind the scenes, a lot of things are happening, did that did, is, are being resolved. And the verified credentials are being checked, approved are checked, and, and it worked. And in this demo, I used the issuing software from one company, a wallet software from a second company and a verifying software from, from a third company. And that's it. Project will, the Silicon valley innovation program is still ongoing. There will be a phase two and some other support, and also interaction with other programs in, including, for example, in the EU, there's a program called se lab European self-sovereign identity framework that also supports startup and startups. And there's a lot of communication and interaction happening between these groups to hopefully enable as much interoperability as, as possible. Thank you.