KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Everyone. Good morning. Hi. Good morning everyone. Sorry that we started a bit late. There were a lot of people queuing. I think a few more people might join us, but we have a packed agenda today, so we're trying to get started. Thank you very much for, for being here. This is the first EIC where we talk about the Open Wallet Foundation and the idea is relatively new. We really had the first conversations about month after E I C last year and we formally launched the Open Wallet Foundation only in February of this year.
It's really nice to see a lot of familiar faces and it's also really nice to see a few new faces. Thank you very much for your interest in in Open Wallet. You're going to hear today from a lot of different speakers why they believe that wallets are important for their use cases. And a lot of us are interested in wallets, but typically from one particular lens, you know, you may care about wallets because you're interested in digital driver's licenses or digital ID cards or maybe tokenized credit cards or tokenized debit cards or car keys or room keys or health records.
What we've tried today is to bring people together from many different industries to give you an overview why they believe that wallets are important from their particular perspective. We're also trying to show today what we mean by open source coupled with open governance. The Open Wallet Foundation is not a standardization organization. We're not trying to create standards even though we unfortunately compete with the Open ID Foundation and cantara here today because we're having these events. At the same time, we don't compete in terms of our mission.
We're not trying to create protocols or standards. We are trying to create amazing open source software and we're doing that by bringing a lot of folks together because we want to marry open source with open governance. And you're going to hear more about that and you're going to get an outlook at around noon where we hope the Open Wallet Foundation is going to go from here, what our goals are for 2023 and beyond. So I want to make this very brief and to give you just one quick image of what it is that we're trying to do.
What you see here on the left hand side is how browsers are being constructed today. When you think about any browser that you use, of course that browser is based on open standards, html, htp, JavaScript, the standards we all know and need in order to have interoperable browsers. So this is what you would have here at the bottom. At the top you have the browsers themselves, so you know I see Juliana here from Microsoft. Maybe you use the Microsoft Edge browser, maybe you use Google Chrome or maybe you use the opera browser or the Samsung internet browser.
Now, each and every browser that I just mentioned is not just based on those open standards but based on open source software. In this case something called Blink, which is part of the Chromium project and it's basically a collection of code that all those browser manufacturers are using. So why do they do that?
Well, there are a couple of key advantages. One advantage is money. If all of us here are interested to create a web browser and we are working together to create the fundamental components for those web browsers, we will save money. It's very simple. Or maybe you have all the money in the world and you say you don't care, you don't need to save money, you're also going to save time. And even if you have all the money and the time in the world, we believe there are two more key advantages. One is security.
If there is a problem and we see that there is a vulnerability or a weakness and anyone in the community is solving that, it will trickle down to everyone else who is using the same open source component. And last but certainly not least, there are advantages in terms of interoperability. Because even if all of us here are using the same standards but we interpret them differently and we create completely different code bases, we may introduce friction and we may end up with a world where even though we're using the same standards, we have incompatible solutions.
So all of those reasons are here and they are why every browser is based, at least every browser I know is based on open source software. It is true for Edge and Google and the Samsung internet browser and the opera browser, which are all based on Blink, but it's also true for Safari. So if you use Apple Safari browser, safari is not just based on open standards, but it is also based on WebKit, another open source project.
So the big idea of the open wallet foundation is not such a big idea after all, it is very simply to say that what works so well in the browser side will work here for the wallet side as well. That essentially it makes sense to have open source software between the open standards and the wallets themselves. And just like in the browser world, this is not just one thing. The same is true for the wallet world. We're not trying to be king makers. We're not trying to say that one credential format is better than another credential format.
We're not trying to argue that one protocol makes more sense than another protocol. We're trying to bring people together who are interested in specific standards and protocols in order to create open source software together. That is the mission. We launched the Open Wallet Foundation in February and up until today it was all talk. Wouldn't it be great to do something together? Wouldn't it be great to create software together?
I am immensely proud that we are going to announce the first two code contributions here at eic and I hope Daniel, you're going to say a few words about your project and the project from Fabian. Thank you.
Okay, let me see. Does this work?
No, it doesn't. Ah, there we go. Thank you very much Daniel. I'm very honored to be the first presenter after you here at the first O W F workshop, so that's really exciting. Thank you for the invitation to, to say a word or two, maybe a bit more about the SD drug reference implementation. This is one of the first project proposals in the Open Wallet Foundation. I'll be speaking about this one. And now here we have Fabian remotely connected to speak about the second one.
If not, I can talk to that as well. Okay. Just a quick few words, what is SD jot? The motto of SD jot the cradle really is simple, is a feature. SD is a specification that is maintained in the I TF that was actually created almost exactly one year ago. On the way to eic, I wrote the first draft and that's a format for salted hash based selective disclosure in Jot. That's a lot. So you probably know dots where you, especially with jws, have a very simple mechanism to sign documents.
Well, in a, in a wallet world, just signing documents is not enough. You need to do more. And one specific feature that you often want to have is selective disclosure. So the wallet or the the, the end user controlling the wallet wants to have control over what data is released to what party. That is selective disclosure. I won't go into the details of S drot here. We'll have a panel later in the week. I think it's on Wednesday or Thursday with Mike Jones where I'll also speak about the technical details of SD Jot a bit more today.
It's just important to remember that this can be a very important building block of wallets because it's perfectly suitable to express verifiable credentials. Now SD Jot is an ITF draft. As I said, we are working on that. It's in a very good shape already. We are almost feature complete. We have a quite stable format right now. It's usable. You can build it into your application if you like. But part of what we did when developing the specification is we also created a reference implementation in Python. And the question is, why did we do that?
Normally you write the specification and then other people implement those specifications. Well, the specification is just the theory, but just writing the specification when you want to do that, it's a very good input if you have a reference implementation. So a couple of the reasons why we did that is first of all we wanted to have examples. You need to have examples in your specification and of course you can create examples by hand, but that usually means you have a lot of work maintaining the examples. So we wanted to automate that. So we needed an implementation.
Of course, we also wanted to test drive what we are doing. You can write the specification without test driving it, but it usually doesn't end up in a good specification. So we wanted a playground for us to experiment with new features with modified syntax, all of that. We also wanted to produce test cases, and I get back to that in a moment because the Open Wallet foundation I think can play a role in testing the implementations. And finally, we also wanted to demonstrate what a library could look like, what an interface to an Stro library would look like in production.
Just a quick one, again, we are not going into the details here, but the idea is that we specify the kind of examples that we want. So here on the left there's some user data with some special notation that we used to express what we want to have and the examples. And then we can generate automatically from this specification all the things that you see on the right. So we can show what the payload looks like of an SD jot, how this issued, what the presentation looks like. And we even create detailed, so explanations that we can immediately include in the specification as markdown code.
All of that is extremely useful in the development of the specification. Also, as I mentioned, we can produce test cases and we can test the implementation, our implementation and other implementations. Right now the idea is that we create a separate repository for test cases so that implementers off our draft can come take the test cases and see whether they work in the implementation as well.
An idea that that came up is we might also want to think about the role of the O W F in all of this because other projects, they had very good success with interoperability testing between implementations in a central place. So here on the right, that's the, from the quick network protocol, they have this test metrics where you can really see whether the libraries work together with each other. And that of course not only ensures that the libraries themselves are in a good shape, but also that the specification is in a good shape.
Because if your specification produces implementations that don't work together, then there might be something wrong with your specification unless it's intended of course. So what is, what could be the role of the O FB in the SD drug reference implementation where right now this is a bunch of open source code. We do profit from the structures that we have in the I T F, but those are made to develop specifications, not the implementation of a specification. So we do have some open source code, we don't have any governance on that.
We don't have structures, we don't have even real licenses on the code. All of that is something where we can profit from the open wallet foundation, obviously also visibility. People have been asking, Hey, where is your implementation? And I said, okay, it's, it's somewhere there together with a, with a specification. You can find it there if you like, but yet it's, it's not the ideal place to be. I think the O W F is a much better place for this project especially because yeah, as I said, we do have structures that we can profit from. I submitted this project proposal.
I selected the so-called lab status, which is like the simple first status, but I assume that once we get started we can soon also advance into the next statuses. Right now, as I said, the code lives in the GitHub repository of the specification. We want to move that into a separate one and we have started to move that into a separate repository. I'm also talking to Haan yielded from Accenture. He's been working on a library that also implements SD jt, so he's actually implemented SD JT with some extras. So he has REST API interface and we'll be looking into merging the two.
So taking the best parts out of both projects and creating one coherent project. Right now, I think that in terms of maintenance, we'll probably work mostly as before same people. I expect hopefully some more people who who see this project at the O W F. But of course we'll be advancing the specification. So a lot of input will come from us as the spec editors and the contributors to the specification to keep the implementation up to date with the latest development in the specification.
I called this the reference implementation, but there is room for more implementations and maybe reference implementations not the best name. We don't want to say that this is the one and only implementation. We want more implementations. We want to see other people implementing the same spec.
As I said, it's a test, it's, it's like when you have a hypothesis in in physics or something and people test your hypothesis. Our specification is the hypothesis. We show that with our implementation, probably it's we are able to create good implementations, but we want to see other people do the same.
So especially because we notice that other approaches to credentials have the problems that or have the problem that you see only one implementation and you don't know whether it's a specification that is aligned with a specification, with a, with standards you don't know whether it works, works with your framework or language, whether it supports your feature set. So we want other implementations, even if it's not other languages, they may have other feature sets use rely on other dependencies and so on.
And one of those implementations we actually have as a project in the Oak Wallet Foundation, another project proposal. Actually that was the first one. So this one was the second one by a few hours or something. And I hear we have Fabian hok who will say a few words on his submission to the foundation.
Fabian, Hi, can you hear me? Yes.
Ah, perfect. Hi, my name is Fabian. I've written an open source cotton library for the SD JWT ation and I'm happy to contribute to code to the Open Model Foundation as a lab project. My library fully supports the current specification and use data glasses for types of implementation of credentials. I hope it will simplify the development future identity walls and cause it's written in Kotlin, it can be used in a wide range of applications from S to Android. Thank you. Thank you Fian. So Kotlin library as another building block.
The patent library is probably not what you want to use in native applications. It's probably what you might want to use on a server. But the Kotlin library OB obviously very well suited also for use on mobile devices and so on. That's it from my side and Farian side. Next slide is just the I TF draft. If you want to look into the details of S dro, I see some people taking their smartphones out and taking a photo here. So this is the SD drot library, sorry specification. It also contains the code for the, for the library.
If you go to the Git repository where this is maintained, which you can find when just search for GitHub
Some of you may not know that, but SD Jots are playing a role also in the European reference framework for the European digital identity wallet. So I'm immensely proud that Daniel and Torsten who worked hard on this are part of this effort. And I believe that SD jots are going to be one of the key areas where we hope to be able to bring amazing developers together to create great code that can be used for a lot of projects. We're not quite ready to make an announcement, but stay tuned.
We believe there is going to be a lot of development in the SD jobs space, specifically when it comes to the European digital identity wallet. The now we're going to start with our deep dive and we're going to start looking at different areas. And the first area is one that is incredibly important because it's education and academic credentials. This is something that, you know, may not be the first topic that you think about when you think about wallets. You may think about driver's licenses, you may think about tokenized credit cards or debit cards, but it really all starts with education.
So I am very happy to ask Neils to introduce his panelists and I can't wait to hear more about education and academic credentials. Thank you, Neils?
Yes, thank you Danielle. And first and foremost, I would really like to invite all the panelists to come up. That would make my life much easier.
We see a number of opportunities, we see a number of challenges and I think today we have a very interesting group of panelists who will help us understand what, what we're thinking about, what the challenges are, what opportunities we see. I would like to first ask all the panelists to give a very brief introduction about themselves. And then I would like to ask them to please specify at least one of your use cases or one of the, of the scenarios that you think is really where wallets and and self-sovereign identity can be play a critical role.
And then I would, I would also like to really discuss between us, but also with the room, the challenges and the opportunities that we see. So please take your mics harm. Can we start with you?
Yes, you can hear me. Hi. Well thank you for being here for this invitation. I'm very humbled to be here. My name is Harm Aran. I'm the founder of ILAs Technologies. Five years ago I've been in the identity industry for more than 25 years, so getting Gray Bolt at least. And currently I'm supporting in the, in the Netherlands a a European commission funded program for the airport technology lab together with education sector.
So TU delved the University of Delved, also MBO res, a multi-level education collaboration with private sector for public sector for creating innovations in the aviation and and travel industry. Thank you Kla. Good morning. My name is klas. I work for Jian and that's the Association of National Research and Education Networks in Europe.
We, we operate two large trust infrastructures at OME for federated access to wireless networks and ADU gain federation of identity federations in the world. And, and those federations handle hundreds of millions of authentications every year. And I'll get to that when I talk more about our use case. Thank you Class. Rochelle? Hi. Yeah. So I'm Rachel Su. I am a senior research scientist at Frown Hofer Research Institute in Germany and the identity management team. My focus is particularly on the socioeconomic aspect or stakeholder research.
And in this realm I've had experience with working on different trust infrastructure projects such as light and EU project and also the train project, which is also trying to help simplify this process of verifying and translating these academic credentials. Thank you.
Hi, pleasure to be here today. My name is Scott David. I'm at the University of Washington applied physics lab. I'm an attorney for 30 years and as an attorney I basically put intangibles into containers so they could be moved around. And now at the applied physics lab, we're basically doing engineered rhetoric, not rhetoric as fluoride speech, but more as persuasive speech in trying to understand how to engineer across the business, operating legal, technical and social domains. Thank you. Pleasure to be here today. Thank you all.
I, I would really like to comment that with this group of people, we sort of have a very, very good cross section of our community. First of all, we have some, sorry for putting stickers on you guys. That's okay. We have some of the academics who actually do research on a day-to-day, day basis. They are sometimes doing research about the topics that we're discussing here today. But there are clearly also constantly using access and identity to gain access to services that have been shared.
And typically these services are also being shared pen pan-European and even on a global basis then I think class is represented representing one of the people working in the area where we actually provide these services. So we have IT departments and national and international structures in our sector that provide services around trust and identity towards our users. And then finally, Harmon I think presents the, the, the clear need for our sector to collaborate across sector borders.
We collaborate with government, we collaborate with healthcare, we collaborate with commercial and we do this constantly. And this puts all kinds of really interesting challenges, I think, to our ecosystem and our identity ecosystem as well.
So Armon, could you maybe say a little bit more about that? Yes. And welcome the new join us Andy. Welcome. Yes. So a collaboration that I was referring to, and it has been an initiated by the European Commission. The i I see a, a needs and also a more and more initiatives around digital hubs, collaborations in, in, in, in collaboration spaces. And sometimes that's a regional collaboration or sometimes it's a more vertical or industry or sector type of collaboration.
And when you look at the longer term transition for dig digital decades and the interoperability that, that Europe is trying to build, it's really getting to all those sectors working collaboratively and, and not against but with each other and across their own merits and, and, and, and scope and, and and kind of requirements. And look how we can leverage healthcare or industry or financial sector and, and build something together that really have benefits for all. Thank you.
Class, would you like to add something? Yeah, I, I, I mentioned in my introduction that that we do operate a number of large trust infrastructures. Those trust infrastructures have been designed with privacy in mind.
We, we make sure that we use things like targeted identifiers and all those kind of good things. And, and then the whole wallet paradigm appeared and, and it's very attractive for us because it, it in in a way cuts the, the wire between the surface provider and the identity provider. And at the same time it, we do have, as I mentioned, an ecosystem with hundreds of millions of transactions.
And, and we don't want to just throw that away. We have established a, a trust between, in, in my world education world between essentially universities across the world through a, a transitive thrust through the research and education networks, through she, et cetera.
And, and it's not immediately obvious to me that automatically moving to wallets will improve the situation from a privacy point of view. It does have very interesting properties. At the same time, I am a bit concerned on about giving the end user full control over disclosure of their, their attributes. Cause I'm not convinced that they can indeed make an well-informed decision on releasing those attributes.
So, so, so the challenge for us really is to find our way in this, this, this new world without sacrificing all the good things that we have already. And, and without throwing away the child with the bath water, I think that maybe a Dutch expression class, but, but I'm sure you understand what I mean, Rachel. I would have to say I agree with you for the most part.
I do think that giving the user full control can be risky, but I think it's always been kind of hard to find this perfect balance between offering the user control and especially from a privacy or a security aspects that are included in these tools.
But also making sure that it's yeah, user friendly, that people actually understand the decisions that they're making and to the full extent, which, and also if they have like the patience to understand them because I mean, in user experience research, yeah it, it's one of the most common things that people are just, they, they don't have the patience to learn all these topics that we have learned and studied for many years. And we have to find a balance between offering a tool that, like a digital wallet that could be really perfect for our cases, but it has to have a balance.
I've been taking notes, I have, this is good. Very Good. Thank you. I've already learned a lot.
The, so you know, it's interesting in the identity space those folks have who've been fussing around here for a while. We've always been saying where are the relying parties? And it's kind of interesting here cuz the open wallet, I, I worked with a, a Boeing engineer years ago and he, he worked on technical systems and he said, I said, what's the most important thing when you have systems to get them to engage?
He said, you need to find a way for them to talk directly to each other. Open wallet seems to allow for many to many interactions more directly. And so that's the problem is the privacy potentially.
Oh, how do you know who's on the other side? Well, you know, the internet disintermediated all organizations and now we're being invited to re intermediate. And so how shall we re intermediate? One of the things I think I'm thinking will happen here is the, there will be inter intermediary services offered, but now we have an opportunity to be more explicit about what they are and the, the idea of fiduciary type services can be made more explicit now.
So if you have the disintermediation of the centralized authorities and then the parties are looking for representation essentially in different kind of domains. Now I believe what will happen is there'll be a service sector arising that will be explicitly serving users and there'll be folks explicitly serving, relying parties. And so that making the reintermediation offers us an opportunity to structurally allow for that. Cuz many people, many organizations make money by being fiduciaries, right?
So I think that we have an opportunity to be careful about that governance or that intermediation in a way that we hadn't before. Cuz we had these systems that were just gifts, if we may from the history. Thank you.
Okay, that's some pretty interesting thoughts and, and some pretty interesting comments. I, I think from my work at Serv, I work for the Dutch National Research and Educational Network. There's three high level things that we see. First of all, I think what we are lacking in, in the academic space is what I would call a base identifier that we can leverage throughout the user's history, throughout the student's history. This is called lifelong learning basically.
So you go from one institution to the other, you want to basically retain some part of your identity so that it does not get sort of erased when you leave the institution. And so this would be like a, a, a thing that you can pin your educational credentials on, you can pin your diplomas on. There's another thing going on called microcredentials, which is basically a subpart of a diploma, so to say.
It basically expresses your, the fact that you have achieved something or that you have a certain skill or a certain capability and such a microcredentials as we think going to be super useful to first of all build your curriculum so that ultimately you get your official diploma. But also to in exchange this kind of information between institutions.
So if you're studying in Amsterdam and then you go to Bologna for a few, for a few months and you come back, you can actually digitally transfer all your skills and your, and your knowledge that you gained the Malone to the Amsterdam University and it can be recognized there. So a base identity plus the ability to have additional credentials, like the learning credentials that I mentioned is I think one of the use cases. The other one, and that's also I think echoed here as well, is our ability to go across sector more easily than we currently can.
This could be the idea that these micro-credentials or this diploma could actually be used when you go to your employer, to your future employer and prove that you actually achieved something. But this is also very relevant in the, in the research domain. Our researchers and any researcher by now I would say is no longer a, an institutional effort or even a national effort. Research is a global effort by now. But this puts a lot of interesting challenges to our identity ecosystem.
Typically the institution is sort of like providing the base layer identity, the affiliation for example, that a person is actually a faculty member for example. But on top of that you see that pan, pan national and pan and international collaborations add additional layers of information on top of that.
So my, my pan joke already always is that you should never make the professor the admin of the wiki system because he used the wiki like 20 years ago, right? So the PhD student is actually the admin of the wiki system, for example. So this is sort of like completely orthogonal to the, to the, to the roles and the layers within the institution. But within the research collaboration, this makes a lot of sense.
So you have to have a mechanism and currently we have that mechanism using proxies to actually add this additional set of information on top of the base identity that is coming from the institution. And wallets might actually be a very interesting way for making that, for making that aggregate and for combining this set of information from the institution, maybe add some additional information from the government so that you have a more trustworthy account. And then on top of that, add this research information, these research credentials as well.
You mentioned already the, the potential rise of additional intermediate, so to say. One of the areas where I'm a little bit where I see there's a, a challenge I would say is that the, the current ecosystem is not very well developed. And also even in looking at, for example, the architectural reference framework that was published by the eu, it's maybe not even very well described yet, especially for areas that are non-governmental, I would say. So I was really wondering what the panelists feel, what should we do? How should we move? How can we, how can we improve on that?
And and do you actually agree that there are challenges here? I could take back that. Yeah.
You know, it's, again, what drives these things is need and availability, right? So sometimes you push something out before it's needed. One thing that's really needed in across every society is an interface between the place where knowledge and information are generated and taught and the place where it's used. And you get think the example of tech transfer right now most universities that are doing tech transfer, tech transfer really is patent licensing knowledge transfers is patent licensing. Not that it's, that's, that doesn't mean it should be, but patents are reliable.
And so that is the vehicle, the container again where the intangible is able to move from non-market college university to markets. We don't have sufficient channels for the places where information are created and, and research is done to markets. This type of situation where you have an open wallet, you can start to have tracking of non-intellectual property knowledge because you allow people to the, you have these other vectors, these other services through which that transition can be made. So the certification is part of that, right?
It's a non IP situation, but you're saying a student has a record and it goes out in the market. So it's an example of how you can do that transfer. It's also valid not just for the student's information, but the things created at the university, the research that's done, the writings that are in the poetry that's written. And right now we don't have sufficient vectors for transferring that information from the place very often generated in university context and a lot of young people thinking a lot of great thoughts. But how does that get into markets?
And not just monetary markets but other value propositions. And it feels like there's an opportunity when the services are added on to the open wallet that again, you have this many to many silo breaking kind of relationship that doesn't just depend on the, whether the thing is patentable or not. Cuz right now there's a really a deficiency. I see it in terms of the transfers out of university of what humans are learning and into applications. Further comments, KLA, go ahead.
Yeah, at the risk of sounding like a dinosaur or sounding like the dinosaur that I am, one thing that that, that concerns me here a bit is listening to the use cases, listening to you Neil's talking about the challenges. You see those user stories, they are all about institutions that work together in, in some sort of framework that, that do involve individuals. But it's all, all along business relations and and and workflows.
And one thing I I noticed when talking to the, the, the wallet aficionados is, is something that, and again, dating myself that I observed also when, when open ID was came up to replace SAML than OAuth, than Open Id connect is this disbelief that everything would be a lot easier and you old people, you made things way too complex. We're going to do it simple. And then within about two to three years, all those same patterns have been modeled in the new paradigm because in the end it's business processes that need modeling. And and I, I see that with the wallets as well.
There is this idea that this is between individuals and they have full agency over their attributes and we can forget about all the structures. Whereas I see that, that in, in the, in the semial world, let's say we have put a lot of effort in coming up with all kinds of mechanisms to agree on what attributes will be disclosed to relying parties and whatnot.
We, we have all kinds of profiles that, that establish that and that make sure that there is no free flow of attributes. And I like to think that that is a good thing actually rather than a, a bad thing.
So I, I am also involved in one of these so-called large scale pilots of the European identity wallet DC four U digital credentials for Europe where we look at the social security and the education use cases and, and I I I, I realize that I repeat myself a bit, but, but that is where we see this kind of confluence between a new approach and maintaining the good ways of, of the alt. And, and, and that is still a huge challenge I think when even dating myself even more, when the web came up, there was this idea of this intermediation and everybody would be their own publisher.
And, and that's of course bullshit. I don't want to be a publisher. I I want somebody else to do that for me.
What you, the only thing you can see is there will be, can say is that there will be other intermediaries. It's not that there will be less.
Okay, I'll step off my pedestal for a second and if the other panelists would like to add to that, Yeah, may, may maybe I try to, to add a positive note to this, although I recognize and I have the same kind of legacy and, and experience and history we share.
So it's a good, I think to recognize the efforts that has put in all the existing standardizations and from centralized to federator to decentralized models and, and what I think is now our opportunity is with private sector, with private sector, with the education together, we can redefine how our future in digital needs and will be working for us, for us all. And not just for the developed countries, but also for Africa. We are one world. So one open wallets foundation. It's creating this, this collaborative space of open source and transparency that we never had.
We were always forced into a vertical or in a technical standard or in a regional standard from legal or from other constraints. And now I think it's a unique moment in time that we have. And also I think the necessity and that's why I'm here and that's why every day I wake up with the new kind of energy and focus for, okay, so this is a unique time we can change what we think was not correct. And that can be an economic values that, that have been constructed in a way that is not beneficial to all. It can be from a privacy point of view or it can be from a societal point of view.
And I think the education sector, the use, I I really important and really appreciate all the efforts that trust over IP for foundation has been doing with UNICEF in a program called yoma, where also education credentials were used as a means of token to share or to change values like development projects and contributions and learnings to even money and transactions for the next bus ticket for the next travel to Europe.
So this is now I think up to us to create the tools, the mechanisms, the frameworks, the collaboration, the open source modules that create really this new balance that we need and that we are looking for. Okay. I definitely agree with that. I also have to say that even though maybe things did not always work in the past, and maybe we are repeating ourselves with some aspects that we haven't, we we're still in a new environment and we're still thinking it from a different mental model today.
As I, I would assume from the past, You're young, Maybe I'm also reflecting my, my age here, but I do definitely think that the new technologies that are in the market now and also the openness to work with different sectors from academia, from the industry, from the public sector, that this has definitely improved the relations and the opportunities that we can offer for future markets. Yes, I, I fully agree, but the rest is itch and I'm, I'm quickly going to check with Daniel, how much time do we, three minutes left.
Ah, okay. I'm wondering if I will. Okay. My personal itch in, in the whole ecosystem, in the whole thing here is, and it was sort of referenced between the panelists also a little bit already. In my personal opinion, the biggest gain, the biggest value to, to be gained with this ecosystem is on the side of the receiving parties. So they will now finally be able to get good quality data, good quality information, verifiable information of course. What is the benefit for the issuing parties?
How can they, in this ecosystem at minimum, sort of sustain their own infrastructures, for example, if they have by now no means anymore to directly engage with the receiving parties and, and get some, get some, what do you call it? Well, kickback fee is a little bit weird here, but to, to get some compensation for their effort, because typically creating these high quality identity information is actually very expensive process.
So I'm really wondering, and I'm, I'm, well maybe you guys have a simple answer to this that would be really great, but how can we, how can we build a sustainable ecosystem that's also sustainable for the issuing side? And in all honesty, I'm not so interested in government here because they sort of have a, a mandatory obligation I think to deliver some of this information. But in other areas, even in education, there's some use cases where this doesn't per se make sense.
So, so please, I I think you're nodding seriously here. So take it away, Just I'm just trying to accommodate Daniel.
Yeah, yeah, yeah. The, so the, I think for me, so we're talking about open source, which is a technical licensing concept. Initially open source software is a licensing concept from a legal perspective, what that, the knowledge of that system stabilizes the technical pathway. We have business operating, legal, technical and social bolts that we have to take care of for anything to work. And so by leading with the open source notion that stabilizes the variety you need business operating, legal, technical, social technical is stabilized.
So it allows issuers, relying parties, data subjects all to be more confident that because one of the things is stabilized, the other things then if they're less stable, at least you have this stability of open source upon which to rely. So it gives you something to start to build more stable system. That would be my take on it. Okay. Any other I I can, I I I like to hear myself told No, no, just kidding.
I, I, I think the short entries, we have to figure this out somehow. A lot will change, actors will change business models behind the actors will change you. You were referring to existing use cases. We have for instance, a, a a use case called in academia that allows students that for instance, want a discount on Spotify to prove that they are a student.
Well we, we, we ask for a, a small fee for any such validation to the service providers, to Spotify. In this case, the moment students carry around a student nest thing in their wallet, we are out of the, out of the flow.
So how we, how will we operate that? We don't have the answers yet. That's the, the bad news. We like to think that, that the whole process behind it has value and that, and that we can somehow make that into a justifiable business case. But we'll have to see the world is changing and, and we have adapted in the past, we will adapt in the future as well. Final comments from Rochelle or her? No. Let's give time. Let's give it back to her. Yes. Okay. Thank you very much. Thank you very much. We started with education and hopefully as you are educated, you earn some money.
So we are going to number eight. We started with the education panel. Hopefully as you're being educated, you start earning some money and we're going to transition to our financial credential panel. I'm really happy to introduce you to my boss, the chairman of the board, of the governing board of the Open Wallet Foundation. Marie is not just chairing that board, but she also played a huge role in helping to set up the open wallet foundation. So I will be forever in your, in your debt.
And Marie, this is going to be the largest panel you have the most difficult job today and I hope you take it away. Thank you Marie.
Okay, we going to have some fun here because we have a huge panel. This is the most popular panel of everything, I think.
But yeah, my name is Marie Sino. I'm in my day job. I'm heading up digital identity at Visa in Europe, which is kind of fun. But in this capacity, I'm the board chair at the opera world of Foundation and I'm very proud of that actually. This is a fantastic initiative. Well done to Daniel. So the panel we have here is about financial services and how the wallets can be used for financial services. So firstly, I'd like to invite my panelists. This is always a nice part. Are they all here? And I think the last person needs to bring a chair. Maybe the last two people needs to bring a chair.
Excellent. An extra chair. I think we're good Now if I'm going to sit, I think we need an, yeah, we need an extra chair. Thank you Li So this is, this is great. Financial services is clearly a massive use case for, for the wallet, for identity, for, for wallets in general, identity wallets, payment wallets. So I just wanted before we, before we get started and I introduce the panel, financial services is one of several use cases and we know them today as Apple wallets, Google Pay, Samsung Pay, there's a few more. If you're in Spain you might use bizo.
If you're in Norway, you use VIPs, SW choose Switch, and they're even turning into a verb. These are hugely important capabilities services for consumers because they're so convenient. So when I see the little sign of being able to use my card through VIPs, I get really excited because I don't have to find it, right? So the point is wallets are attractive for consumers and they're important for financial services as well. So we'll have our little discussion with the huge number of people that we are. This is so cool.
We'll talk about some of the benefits that we see for wallets, some of the evidence, some of the activities going on in the markets as well to build up some ecosystems around wallets for identity as well as pro financial services. And we'll talk about some of the challenges and some and our perspectives on the future as well. So I also just wanted to make one final point before I get the penalty. Introduce themself. We talk about payment wallets, but we also look at identity wallets.
They are closely connected and as the world moves, you know, forward and we look at European commissions activities within the IDAs, the EU digital identity wallet, we see how there's a path. Is it converting? Is it not complicated ecosystems we don't know, but we do know that they cross when it comes to authenticating a payment for identifying a user to open an account even to maybe to hold payment credentials.
So let's, let's see where this is heading in the future. I think that's be one of the nice, nice points for discussion, for discussion here.
So I'll, I'll take us heat and let's start. Let's start over there. And I think we need to share microphones because we are bit short.
Hi, my name is Daryl Goy. I'm product lead for neo, which is the decentralized identity platform at Ping Identity and we're deploying some of the first financial use cases using wallets with global bank operators.
Hello, my name is Javi. Very happy to be here. I'm from Rafis and Bank International, headquartered in Vienna. And we are very interested in the potential this offers around many use cases workforce and how to better serve our customers in different use cases. And very happy to be in this panel and we'll, I'll also talk on Thursday in more detail about some of the challenges we see this could help us solve.
Hello, my name is Denny Peru. I'm from the Royal Bank of Canada. Over a decade ago I was at the RSA conference with, with Diac working on the first wallet, trying to communicate with other services and now we're a bank working on our consumers in an immersive space for augmented reality and virtual reality wallets. So very excited to be here. Speaker 10 00:58:52 I'm Juliana Ka. Pardon me. I'm on the identity standards team at Microsoft. I'm also a fellow Canadian who knew leads beside each other. And I am the co-chair of the trash framework expert committee for diac.
As well as one of the leads on the digital wallet conformance criteria as well as the digital wallet component for Diac. I have a long history in payment and payment innovation over 30 years and I've also built a high assurance digital, both payment and identity wallet and know how incredibly difficult it is and I'm really grateful to have the opportunity to be here. Speaker 11 00:59:38 Thank you. My name is Dima, I Nikko, I live in Australia and most of my background is in consumer banking, consumer banking identity.
And for the last couple years I've been building digital identity network in Australia and obviously building a digital identity network in Australia. You can't avoid topic of wallets.
Yeah, let's keep the one microphone further down.
Speaker 12 01:00:03 Cool. Hi
It's, it was started and is owned by Norwegian Banks initially to create a digital identity for financial services but has spread to now being the defacto digital ID for most Norwegians in all use cases. I have a background in tech policy mostly and did a little swing into the crypto sector to understand how that works. And now I'm in the digital identity space. Also the company that I work for is the sister company of VIPs, which is the payment wallet in our way.
Yeah, I'm very good. Thank you for those introductions. I think we got a good picture of those we have with us here. So I'd like to have a few, few minutes of discussions, you know, between the panel and do feel free to, you know, interact with each other as well as opposed to me interrogating you. That'll be the alternative. It'd be great to have questions from the audience as well. I'll try to reserve a little bit of time and you know, do wave at me if you have something you would like to ask.
So I'd like to start with some of the benefits we see some of places where wallets have been deployed, payments identity, the linkages between the two are just illustrations of some of the, the advantages that we see from that. So I don't know if you would like like to start Yeah, happy to go first.
Yeah, please Go. Yeah, we, we see this as a transformational technology.
We see, you know, we look into the future to so many cases. This is gonna impact us both as private individuals as workforce.
You know, a financial institution is an employer like any other place. And so the workforce, workforce use cases, how do you, you know, during Corona times we've been hiring people with without ever meeting them. So how do you authenticate that they have the right credentials to do the job, what they claim, is it really the right person? There's also been cases of fraud in that area. And how do you serve your customers best?
You know, I can think of use cases, you know what I'm gonna talk about on Thursday is how Federation brought us a certain distance. We are a group of banks and we wanna harmonize and become a banking group. So Federation brought us a certain path along the way, but we became blocked. And so decentralized identity brings us the next way forward. And I'm gonna talk about that in more detail, but also use cases like corporate customers, you know, use a bank sells corporate customers, you know, you serve a company, but there are people who work on behalf of the company.
How do you know that they have the right entitlements that they have not changed role or left the company. So as the workforce use cases becomes more mature, we think about how entitlements there could be connected to financial systems and say, oh yeah, you are indeed the accountant of the company. That's our customer. So you can log in and do what you need to do and your employer has full control if you no longer have that entitlement. So we see a lot of potential there as well. But also use cases of, yeah, new to bank onboarding, the whole idea of kyc, id proofing, ID verification.
We wanna rely on the initiatives happening in the market and also entitlement management for our customers. So we think of the wallet as the main authenticator. That's how you log in. That's how we know what you can do and, and you're good to go from there.
So, which is also passwordless as a site benefit. Yeah, that's a huge benefit.
Actually, I'd like to pick a little bit on leave, if you don't mind, just to share some of the real world examples of how bang is being deployed. Yeah, and sometimes I have to remind myself that because I live in Norway, which is a, an extremely digitized country and society, and we sometimes I think you're from the same country as me, we tend to forget that not every country is at that level of maturity when it comes to digital services. So I use my bank ID multiple times a day actually. So perhaps not all people do, but it's, it's an onboarding mechanism for, for payments.
It, to me it's, it's just something that is almost an invisible part of onboarding onto various services. I use it to access my patient data when I, or my, my doctor's prescriptions for example. I use it to check into my kids' school for, for information about them or to purchase something where I need to identify myself.
So it, it has, it's such an intrinsic part of my life. And to me, just the, the, the idea of separating payments from identity in two separate wallets as two separate silos is almost meaningless because your identity, the identity is so central. Whether it's, and I saw the open Wallet Foundation as sort of use cases within payments identity and then access, but all, all of those are so intrinsically tied to your, your being able to verify your own identity.
And so bank ID in Norway has just become that very central part of your everyday life, whatever service, public or private that you need to access. I have to say I'm very jealous of that in Canada, we are considerably further behind the fact that I have an identity wallet where I can prove that I'm of legal age, that I can buy a beer at a sporting event is probably our, our, our pinnacle of success in, in our banking space for the consumers. We are looking at wallets because as individuals we perform multiple duties.
We are employees of the bank, we are maybe arbitrators of a will or have legal responsibility. We may participate, as you said, as an accountant for another organization. So I have multiple capabilities in my wallet. The payment side, I wish we were there. Can I just comment a little bit, I think part of the background for why has been so successful also has been a, a culture of collaboration between financial institutions. It's like you're, we're building a house together and we decide to do the foundational part together and then we compete on top.
But some of the basic infrastructure related to payments and identity in Norway has been a collaborative effort that has a really believe driven the maturity of digitization much quicker than in many other countries. Speaker 10 01:07:13 I'm gonna use that as a, a segue to talk about some of the key things with respect to fundamental elements for wallets and the Open Wallet foundation and how it can help, how it can help quite a bit. One of those fundamental elements is security.
You know, we can talk about K Y C or identity, we can talk about authentication, but underneath security for wallets has to be bulletproof, waterproof, it has to be the foundation on which everything else relies. And the opportunity within the open wallet is to come together as a community, a worldwide community to focus on that foundational layer of security for the wallet container so that it can support all those use cases. It can support all of those, the key management, it can support all of the different APIs or interactions that are required. Authentication mechanisms.
You know, we just, we just heard about our, the first contributions in code on the Jot side, which is incredible, but underneath it we need to have this in this bullet bulletproof security in the container. Speaker 10 01:08:37 And so that part I, I really can't emphasize strongly enough that to start at the Open Wallet Foundation. That's one of the primary areas. If we do that well and come together as a community, then we can start to have banks feel more confident in the wallet that's ACC access that's allowing their consumer to access their products and services.
Our governments can start to feel more confident that there's a high level of assurance for that security, for that wallet. It's, it's kind of like the analogy I use is if, if we have all these different components that are like Lego blocks and you snap them together and they're relying on standards and you snap them all together and you build a boat that way, if you put it in the wallet, it's gonna sink it. There's too many gaps between them. They don't contemplate each other.
If we create the security environment that contemplates that and we can attest to it, we can test it, we can hack it and we know we have it's reliable and dependable enough to now start layering on our standard based use cases, then I think we have a really strong foundation moving forward. We have three, three real world use cases we're deploying right now.
One is, I know in the US we're way behind cuz we do check cashing and check cashing fraud increased by 84% last year in the United States. So e, even for non-customers is proofing them and issuing them a reusable proof as it were. Every time they come into cash. Their small business payroll check is a very big valuable thing to the banks, including reduction of fraud.
We have another bank, top five bank, global bank, they get 300 requests a month for open Id connect connections 300 a month because of all the FinTech companies and business affiliates and, and these business managers are telling the technical team, you must do this through. And they can't. They can only build maybe 120. Now think they have to manage all those O I D C connections. So scalability beyond security is key here. Enabling the banks to have many business affiliates and enable financing and, and operations with organizations in a very lightweight m MOU model. That's it.
You don't need to integrate anything on the end. So we have one credit union empowering their customers to get discounts at coffee shops. That's the big driver is to build brand loyalty for their customer to actually use this credential at coffee shops and get 10% off your food. Right. And that can be enabled. So those are three examples of being deployed now.
Yeah, great example of benefits. I think we need to move on to some of the challenges as well and some of the future. So I see your point with the security being one of the main topics we need to work on. A wallet becomes national infrastructure. So security is essential. We have others as well. Digital divide, it's a big concern.
You're in, you're out. But for some of the experiences now we have a great p selection of people from Australia.
This is, you know, wonderful And you, you're building a new scheme now. Connect id, what are some of the experiences that you see that you need to overcome some of the, of course you have, there's a, you know, it's a great mission, right? There's lots of prospects, but I'm sure that there's some challenges as well. Speaker 11 01:12:05 I think private privacy and security, probably the main challenges for anyone to overcome adoption is probably easy if you sort out privacy and security at least relatively easy.
Just a general comment that I'd like to make that because of the initial success of wallets in some of the, some of the countries, for example in Australia, I don't carry wallet, physical wallet at all anymore. Now I get annoyed if someone is forcing me to present a physical credential somewhere. And that's the expectation on consumer side with yeah does to happening as well. There is expectation on regulator side that there'll be more and more wallets everywhere else.
This is why the, the challenge, I think the challenge, the next challenge for us will be the scale this, because everyone will be built in the wall and this is where why I think it's a perfect time for open wall foundation to start the journey, but it's, yeah, the challenge from my side is probably the scale and scaling out those deployments Speaker 12 01:13:08 You mentioned earlier the digital divide and that is particularly relevant in Australia with a lot of our remote communities.
And the, the concept or the, the aspect of the wallet that sort of attracts me to it is that it can work in an offline fashion and that is highly relevant in parts of the country that just don't have the connectivity that you might be used to in Norway or other parts of the country. As hard as that is to imagine if you have, if you have visited Melbourne or Sydney, but it's not everywhere.
And, and so making it work that way is, is the first one. The second one that I wanted to mention, and that's where the global nature of the open walled foundation is sort of particularly attractive, is that Australia is a migrant economy and we have lots of people come in that have credentials that locals don't understand, need to translate whatever. And so some level of interoperability at a global level should do a lot of good for the Australian economy. Please go. I think the, the challenges that we see forward is first of all the, the compliance challenge.
I think I cannot agree more with what you said Juliana. So, but we are looking at where does, where's the right balance between usability, user journey and, and security of course cuz we are very much hopeful about the opportunities, but also dreaded about what if, what if the user installs a suboptimal wallet, a wallet that's not compliant. What if the user does not have the right credentials, the right authentication factors on the wallet or they're downgraded?
What if the user is being tempted by some underworld operative to sell his identity and add another fingerprint or face to the device? So we are very hopeful in looking into the efforts of open wallet foundation, the E U D I, the a f all of these.
We, we, we, we think, okay, they're gonna put passports and identity cards on that. They'll have to figure it out and we'll follow in the, in the tracks. So definitely the security is a huge one, but also as I said, the right balance to, to the user journey and the ease of use. So as was said in the previous chan, the previous panel, people are very quick to say yes, yes, next, next, next. And not really consider what they're doing. But you know, you put so much value in your wallet, it's a mobile phone, it can get lost, it can get stolen. So what does it mean that I lost my wallet?
We, we also very want to find the right balance of can you back up and recover the wallet in a safe way without compromising on security. So really looking to find yeah, the right balance between all of these with, with security has to be no compromise there. Of course. Speaker 10 01:15:53 Yeah.
And I'll, I'll follow that on with, you know, having had such a long, long time in, in payment innovation, when I st first started looking at identity in a unique way, honestly, I was like, where are the rules? I was so used to being in a regulatory environment, in a place where everything had to be certified, had to be compliant before it could be used. And in the identity side it was, I was literally looking for any kind of rule.
I could see standards, but with respect to policy and governance coming down into a wallet for identity so we could do the things you're talking about that we're all talking about, that seemed to me somewhat absent. And so I think this is an opportunity now, and I'm quite passionate about this, that we can literally start as, as we see eis, we're starting to see in the us we're gonna start to see regulations coming down through, through nist.
Speaker 10 01:17:00 We have an opportunity now in the open wallet foundation to start to create the foundations for governance, for those regulations to hook in so that the wallet then we can attest to it, we can apply rules to the wallet's level of assurance that can be relied apart upon by multiple parties in the ecosystem. And both the user, the, you know, the, the poor company that's just wants to accept a payment with proof of age and meet their regulatory requirement in doing it so they don't have liability. We have the time is now to do that.
And the open wallet is a phenomenal vehicle because it's independent, because it's an a place where we can collaborate on those complex things and really work through the issues as, as a community. I think one thing that's very much show about the future is that there will be more regulation Yes, around identity and wallets. I mean observe the, the UK as well as to eu. There's lots more coming and I think it's going to be fun to make sure that their wallets that are adhering to the regulation and to the rules as they're being set up.
Another good point was brought up regarding looking towards the future, you know, you can see an album on the third topic, right? And that's about scaling a wallet is actually an ecosystem. At least that's how it, how I look at it in my mind. You need to have, you know, issues or verifiable credentials or your identity or your driving license or your, your cards, whatever you're holding in the wallet and you need to have relying parties as well. So building up that kind of ecosystem I think is going to be an interesting challenge.
But this, it's about collaboration, right? It's about finding the good business models and, and working together. Speaker 12 01:18:48 If I could just interject on the relying party side or the, that part of the ecosystem.
I think there's also an element here where we are looking to wallets to drive core principles like privacy in order for relying parties not to over request data or make use of zero knowledge proof for simple things like can this person pay a rent amount, a weekly rent of a certain amount by virtue of what their income is and what the banks have seen as their income come through. And I think that's where financial institutions really have an opportunity to drive data minimization into the ecosystem, but that obviously relies to an extent on the relying party doing the right thing.
Yeah, That's an excellent point. I also think it's super important that everyone in that ecosystem sees the benefit and what's in it for me, the issuer, the, the individual who owns the identity.
If, if the issuer and the relying party both have efficiency gains from, you know, an easier exchange of my data, why should I care? I also need to see a benefit in that.
So the, the use case and the models, the business models, those really need to be developed and we're still at, I believe at a very early stage in developing your complete and beneficial ecosystem for all parties. Absolutely.
But, and I, I did think it was really interesting in the previous panel where it came up, you know, do people, should we really give people full control over their own data and giving consent and to them choosing who to give consent to? And, and I don't have a great answer on it, but I I just, if we go back to the analog world where we also had credentials, we were actually at liberty to to, to give those credentials to whom we choose.
So the fact that it's all digitized and we can do it with a swipe or with a click of a button, you know, I don't think that that that poses a danger to, to the individual more than I believe that that would be actually an improvement as to how it used to work. We are going to run outta time very quickly, but that was an excellent point. I wanted to see if there's maybe one important question from the audience and it has to be important and relevant. Okay. So there's lots of expectations here.
Okay, we got one brave guy, can you please say your name and who you're from so we know how to best answer you. Sure. My name's Michael bla, info networks. And the question is to live so big fan of bank ID over the years been following it. My question is liability. What happens when there's a breakdown in the system? How do you the liability in the broader system?
Oh, that's a huge question. I'm not, I don't have all the answers to that as well, but within payments or identity, identity, I think Payments is pretty well known. Identity is really the unknown. That's really gonna be a key.
Well, you know, the focus is on of course preventing the possibility of fraud of, i I haven't been in the company long enough to know whether there have been any huge cases of that and how liability has been dealt with. So I I need to look into that.
Yeah, it's a, a important and complicated question. We get some help from IDAs in terms of the issue of the density credential and I think otherwise there's a lot of commercial agreements as well that underpins who takes liability for what, but great question.
So I'll, we'll just close the panel, but I would like, before we do that, I'd like everybody to kind of give their last their final statement. You know, the challenge to the O W F, what they ask is, you know, why this is an important initiative and then we'll hand over to the next topic. So please Gerald, go ahead you first.
Yeah, the reason Ping is so supportive of o f is because we have to enable the art of the possible rapidly. We have to fail often and early and, and get these use cases going now and not wait. And if we rely on the platform wallets, it ain't gonna happen. They're gonna be highly restrictive, hyper controlled, a very long process to interact and integrate. And so this is an opportunity for financial companies especially to help lead and be early adopters and, and be able to demonstrate the value right away.
We are looking for two things as a bank that wants to adopt quickly, but be on a safe path. The first is the O WF as an opportunity to achieve robust maturity and governance and compliance to provide the level of security and usability for the customers. The second thing, which I'm not sure if it's the O W F directly, but it's this whole great move that's maturing every day and that is to see higher interoperability. You mentioned relying parties, we'd like to see everyone who's doing open ID connect core and that might connect to the intermediaries option.
We'd like them to keep on doing what they're doing before and be, have the water transparent to them. So we, we are working now on such interoperability and not achieving it, but we don't want you to start learning totally new standards and that really solves the relying party challenge. Whatever you did before is gonna connect. That's just another option that's gonna work at Justice.
Before Being a member of CANTARA and the vice chair for the Identity Assurance working group, I would like to see O W F participate with us possibly for the accreditation and, and, and the approvals of, of the systems that we're working on. So both in North America and the UK around the world, we work with the assessors to, to validate credentials. We work with NIST on the standards. It'd be great to say that this is an approved wallet, this has been validated, this is a trusted service and, and have a stamp of approval.
And that's something that, you know, selfishly at Cantara we do and there's a workshop going on downstairs and if, if we can work together more, I think that would be great.
Speaker 10 01:25:00 Yeah, my point is similar to that in that I think, you know, we've, we've all provided different perspectives around the same thing and with, in regard to the open wallet, it's an opportunity for the standards bodies, the associate members of which there are a lot of, of involved in the open wallet and a lot of really strong, strong capable minds and a lot of energy from there as well as the developers who are creating wallets, relying parties, platform providers, the the banks.
It's an opportunity to all come together in one place and work through these very specific but very difficult challenges so that we can create a conformant or a set of conformance criteria for secure digital wallets. Whether they house payment identity com, educational credentials, whatever it might be that we can create consistency there that can be relied upon, can be attested to and can be certified, for lack of a better word.
Great, thank you. And now short for the remaining, Speaker 11 01:26:16 We've discussed challenges in the world space. I think my hope for foundation is that we can find commodity solutions that can be accessible by all the parties.
Speaker 12 01:26:31 I guess this being the financial services panel, I would just encourage everyone to look at the success factors for bank ID and for I'm concerned one of the success factors was that it captures some of the value that is generated on the relying party side for the benefit of evolving the ecosystem and anything that ignores the need for a charging framework, it's probably not very attractive to many players in the ecosystem.
I I can just conclude and say the Open Wall Foundation fantastic initiative, especially because the regulations is going on in the EU will make the wallets in within the EU conform to many to the same framework. But this is a global space and what the Open Wallet foundation can contribute to as far as standardized and interoperable wallets across the globe is, is great to fully support. Wonderful, thank you very much. It's great Discussions. So the number seven. So the next panel is about the very foundation for wallets in many ways, which is your identity.
It's basically your government id, it's your driver's license. It's really about the, the credentials that you use to prove who you are. And the person who's going to moderate is someone who I met as a competitor and I can tell you you don't want to compete with him. I'm really happy that we're part of the same team.
Derek, please take it away. Speaker 13 01:28:57 Good morning everyone. It's nice to hear what Daniel is telling about me, but it's, it's not so, not so crucial like, like he said.
Yes, my name is Doug and I'm really happy and I have a pleasure to moderate the next session now. And it's, I think very important that we speak about governmental IDs and tribal license as well because I like the, the format this mornings that all panels already highlighted that it's very important that you have to bring all the credentials together because only when we have a chance to moderate the process between the governmental approach and all those approach in the financial sector, educational sector, then we have a chance to really accept you have an accepted wallet by everyone.
This is exactly why it's needed to bring all the different perspectives together. Some aspects about me that, you know, who is standing here, I'm running the digital identity business with telecom and we as Dodge Telecom, we are part of the German ecosystem of digital identities and also running the European large scale pilots here from our perspective. Speaker 13 01:29:57 And therefore I'm very happy that we can discuss this topic with our panelists.
And I would like to highlight also very, very important topics that Joanna made cybersecurity because I have founded telecom security in 2016 and runs as four and a half years as CEO and I know how relevant cybersecurity is for digital identities because digital identities with cybersecurity, it doesn't work. It doesn't work. Therefore I'm, I'm very happy that we had this to point already in the panel before, but I would like to give you a little bit an overview what we would like to discuss in the next 30 minutes.
We would like to speak about the relevance of the public sector and the identity, identity wallets in the public sector as such and would like to clarify as such also what kind of a key trust anger we would like to use and we have to use maybe a little bit because it's, although a question about dependency as second point of us of the open Wallets foundation to the governmental organizations and the authorities because we are not alone and they have the rules, they have the policies from the governmental perspective and we have to find ways how we arrange with each other that we can bring.
Speaker 13 01:31:05 And this leads me to the third point, how we can really generate a mass market breakthrough in the market for digital identity wallets. This is exactly what we would like to discuss about we, and this is a really good keyword is my dream team of panelists. Therefore give a big applause to the colleagues we are, which are coming on stage. I'm Kuta the I of S use director identity standards of ping identity commercial director Europe of Gen digital Daniel Gas, the, sorry, the commercial.
It's a Daniel Gas is a co-founder and member of board of director of of PIV and we have Oliver, OU Oliver as well. Okay. Oliver as the director. Identity standards of spruce id. So since we have everybody knows, I think one is missing, one is online, one is online.
Ah, okay. Here.
Ah, wonderful. And that's my empty seat right there. You're behind me. Wonderful. Okay great. This was not informed to me though, therefore we have now everybody here on stage and at the beginning I would like to say let's stop with a short introduction and tell us a little bit more what you are doing, especially in your companies because I told already the names of your company, but maybe you can give us a little bit more the relevance of your job, especially also in the area of digital identities for governmental sector.
Speaker 14 01:32:30 Yeah, hello
Speaker 14 01:33:12 Hello, my name is Andre Kra. I'm the CIO of ZA Altos something. Zas is an SSI startup because we are very visible in that space, but ZAS has been around since 35 years. So we do digital ecosystems, individual software development and digital identity and trust things. So I'm here because we are the, I think one of the early advocates of ssi, particularly in Germany, but also now throughout the world. We think this is the game changer for everything that we do digitally and online and that's why we are involved in that.
We are building substantial tech for quite a while. We have been around in this space since 2015 actually. So it's a marathon, you all know that.
And yeah, so here to basically show a little bit of what we have done in this space and also have done for government, I think we are extensive experience in that field and I'm happy to share those. Speaker 12 01:34:10 Thanks. So I'm Andy Tobin. I work for a company called Gen Digital, which might be a new name. A lot of people will recognize me from when I used to work at nym. The original s SSI startup shortly followed by East Nym was then bought by Avast Avast big cybersecurity company was then bought, bought by Norton Bigger cybersecurity company.
And the end result is Jen Digital, which is the world's biggest cybersecurity company. There's a, a unit in in Jen called Digital Trust Services, which is the one that's that I work in. We're focused on digital wallets, we have 500 million users around the world. So it's like dreamland for the s S I world in the wallet world, how can we get a wallet of 500 million users? I also set up with the Swedish government, the E U D I wallet consortium, which is one of the large, the four large scale pilots and a number of few folks in the audience are members of that consortium.
So very interested in the EI das world as well. Speaker 16 01:35:15 Thank Very good. My name is Daniel Gasta. I'm the co-founder of Provi. We are a Swiss startup. We initiated the company in 2017 at the time with division of SSI behind it. Basically we wanted to bring SSI to the Swiss government was a bit too early and we started building solutions, mobile solutions, more and more classic PK solutions. In the meantime, we also developed solutions for the ISO MDL product. So also data is a product that we offer and the circle close again.
We also implemented the product based on Hyperledger, the Iris. And now we all bring this together into one.
The, the project we are doing at the moment. We try to consolidate all of these efforts into one new product that is scalable in the end and interoperable between these standards. And I'm representing here Switzerland as well when it comes to the Swiss initiative for the national E I D, which is very similar to the UI DS 2.0, which I'm happy to talk about. And I'm also co-founder of DDAs, which Swiss association of all the companies working in digital identity space, which we also are very actively engaging also internationally. Speaker 13 01:36:24 Okay.
Though we hand over to Andrew here. Maybe I sit on the other side. Maybe it's better for me that I can see you as well. Otherwise you are in my rear. That's okay. I think it's maybe easier.
Okay, Andrew please. Speaker 15 01:36:35 I'm Andrew Hughes, I'm director of identity standards at Ping Identity for the last couple years now and also for 2023. I'm chairman of the board and presidents of Cantera initiative. You may have heard from Denny Purview my, one of my co-chairs in Cantera in the last panel Ping is has been a federation identity federation company for most of its existence.
We are now moving into the decentralized identity world and I I, along with my four other colleagues working exclusively in identification standards, authentication standards, we're working jointly with our product management team to make sure that our decentralized identity products address the needs of market conform to standards as they are developed for any kind of credential and taking our our customer experience back to standards bodies for real world experience to inform the standards. I'm calling from Victoria Bridge, Columbia, Canada. It's dark outside here.
Hopefully the weather's nice there. My main focus work is ISO mobile driver's license and E I D I I do government issued mobile credentials. That's my standards job right now. And it compliments the commercial focus and the large number of high value relying parties that Ping has as our customers. So as a large I am provider, I am service provider, we can make the connection between issuers and relying parties and consumers of credentials and that's one of the things we're focused on right now at Ping. Speaker 13 01:38:50 Okay, thank you very much.
And it shows, it's a really fantastic team and we have all the diversity coming from US Canada, we have uk, we have Austria, we have Switzerland, and we have Germany and we have all different governments. This is a problem and maybe the beauty as well, therefore let's have a look how we can can manage this from our perspective that we bring really governmental IDs into life in our open volatile foundation approach for really secure digital identity.
S therefore, I would like to start with one question to each of you because if you look into your country into you have different circumstances, you have different frame conditions, what is from your perspective based on on the, on the governmental and on the policy side, the central trust angle for your country. When you speak about in central and central governmental ideas, this is very important for me to understand. Okay. What what you would like to, to steer Okay. Where you are coming from and you as part, part of the over there.
Yeah, but is there an additional additional gas steer on the, on the panel? Yeah, yeah. Speaker 14 01:40:00 Sorry everybody. I was a little absentminded distracted by other things going on down the corridor. My name is Mark Hain, I'm here representing the Open ID Foundation. Speaker 13 01:40:09 Ah, wonderful.
Mark, I was informed that you are not part of our panel, therefore a little bit confusion here. I was informed Speaker 14 01:40:14 Was part Speaker 13 01:40:15 Of the panel. That's all good. Okay. Okay. You have introduced yourself. Let's start with the question once more.
Again, key question is what kind of relevance of government ID you see and what kind of an type of governmental trust, anger you believe that your county will, will choose? Is this at the end something more going into the P I D which we had seen in the European digital identity framework in the architectural reference framework 1.0 like PI's personal identity card or is this more the tribal license as we have heard from US and Canada?
What, what is the situation in your country? Hello?
P i d lot of states have the, so currently a situation is basically that most countries, most states in the US have the, so the, the driver's license is, and it's will most likely will be on this day the, the, the identity in America. So I think it's, there's a lot of opposition against having like a state level identity. So I think, which doesn't mean that there, there is no room for innovation because we know that the driver's license goes digital with MDL and so on.
Speaker 14 01:41:40 So I think it's very likely that this will stay, that the trust in the United States, Andre, Germany, well you all know Germany's mostly very special in everything that's going digital. So, so I mean look, we have IDAs I think for 12 years or so, we have German IDAs notified e I D scheme, I don't know for how long, but it has the, the has been around for 10 years with its e i d function. Does it have any relevance or if you uses it or if you, okay, yeah, well, okay, ent, so yeah, so it has no, and please excuse my radical illness here.
It has no relevance and it is highly secure. It's, it's a very, well probably still modern product, but it was a failure from the start. And we have to ask ourselves the question, why is that? So I I want to offer two explanations. Speaker 14 01:42:48 The stakeholders who basically issued it didn't promote it adequately. So citizens in Germany were advertised against using the E I D function by the issuers. So you as a citizen were not inclined to use the E I d if the issuer tells you, oh, you actually don't want to use this in the, in the federal offices.
And the second explanation I want to offer is, did it have any relevance on the acceptance side? It didn't. So you didn't, you didn't have the opportunity to use it anywhere. And I offer another one, usability was, let's say suboptimal. So I think we have a strong trade-off between usability and security and I think this is something that we have to solve at Open Wallet for good. Definitely. And we have to make the product relevant both for the users who have the data in their wallets and for the acceptance side who want to use the data out of the wallets.
So this has been very screwed up in Germany particularly, and I hope we now have the chance to rectify all this, which was a good start with the, with the IDA stuff and now with Open wallet and hopefully which has an impact on the wallet, we can solve it. So, and this is my hope, Speaker 13 01:44:01 Really, really big challenge here in Germany. I can confirm to this and therefore I'm very happy that we have this EIC here in Germany.
Therefore hopefully a lot of people will hear what we are telling about and to, Speaker 12 01:44:12 Yeah, I'd love to say how the UK is doing fantastically better than Germany in this situation. However, in in the UK it's, oh, I can't really use the words.
So the, there'd been a few changes about how things have done. There was a program called Gov UK Verify where the government paid third party private sector companies to verify government documents to then be used by the government, which didn't seem to make much economic sense. That program has fallen away, millions of people registered, you know, not registered.
They, they, they got ID verified, got a, a digital ID account with a number of ID providers. The government spent a lot of money on it and now that's been canceled.
Now there, there's a different route that the UK is going down, which is to set up a framework saying this is how it should be done and certifying certain providers that they, they are doing things as they should be done. Speaker 12 01:45:11 But very much there is the same pushback against having a government ID card largely through some of the tabloid newspapers that think it'll be the end of the world if that happens.
However, on the positive side, the UK government is participating, well let's, let's get this exactly right. The, the UK government department DES sit, I invited them into our IDAs consortium. They were very happy to take, come in and take part and participate to see how IDAs is working because no doubt there will be Europeans with I a credentials going to the UK and vice versa. So I think that's a waiting at the moment, some ruling from somebody in Brussels as to whether D sit can be part of a consortium like this. So it's all very interesting and intriguing.
But there is, there's currently no IDAs equivalent in the uk. It seems to be being devolved to private sector organizations Speaker 16 01:46:15 And Switzerland. And before come to Switzerland, the UK started this great initiative last year to introduce the MDL as well. And then unfortunately after the government change, stopped it again. Speaker 12 01:46:25 Which government change was that?
Was it Speaker 16 01:46:27 One in October now DV had the quick, yeah, they were about to issued the tender and unfortunately for known reasons anyway, for Switzerland we have the same situation like in Germany we can keep that short. We had a very checkered history since 2010. The government wanted to introduce digital identity over-engineered product first one.
And then in 2019 the government tried to follow the likes like bank in the Nordic that failed in a referendum of the citizens because this was seen as the wrong way go the wrong way to go by issuing government through private sector entities. Which was good in the end because this basically restarted the whole initiative in the government and now focuses very much on delivering a VC based solutions. So basically a digital credential through a wallet that follows pretty much the standards that the E I D is not proposing as well.
So we will hopefully in 2025 have a national E I D in our national wallet and hopefully in an open way that we can have different wallets that we can choose from as citizens. And so the future is bright at the moment, but the proof lies in the pudding of delivering this. The law is now going into parliament this fall and hopefully there will be not another referendum that stops this initiative. So we see our finally nationally ID in 2025. Speaker 14 01:47:57 Quick, quick comment from my side because I'm also active in this, in this process in Switzerland.
So this reboot of the Swiss e I D initiative is just amazing. I think whatever happens, the team they have assembled on the government side, they really know their stuff from the legal perspective but also from the technical side. So you have people from the government who have really a clue about the technical stuff. Well I think this is really, really new and this is really, really cool to see in Switzerland how they approach it. So stay tuned. I think this is going to be very interesting.
So I, I can add maybe a couple of things beyond what Andrew said about the uk. So I think it's, it's fair to say that we're keenly awaiting the enabling legislation that underpins what's going on around the, the trust framework that the department for culture, media sport or is it DSET now has been working on for a little while. Speaker 14 01:48:55 I agree it has been disrupted by multiple changes the government. So that's unfortunate.
And I would say from this community's perspective, there's really not a lot of clarity about what the technical solution might look like, whether it's a wallet or some sort of more transactional open ID thing. There has been a couple of pieces done by some of the people involved that showed both a verifiable credentials based approach and an open ID connect based approach. So that's probably, I think the, the other thing is just re reinforcing the point you made about identity cards and documents.
You know, the, the official kind of golden source documentation we have in the UK technically is entitlement documentation. So entitlement to travel entitlement to drive a car is not an ID card. And that's I think going to be an interesting challenge, but potentially pitting it in the hands of the, the citizens through a wallet might help us get over that hurdle. Speaker 12 01:50:01 Yeah, I just a quick follow on on that. I think people don't, and they have this kind of ID card mentality, what they need to probably figure out is it's digital identity without an ID card, right?
So a digital equivalent of the paper documents you already have that you're happy with. Speaker 13 01:50:19 Andrew, could you share your perspective as well, but is your central trust anchor in from your perspective in US and Canada? Speaker 15 01:50:29 So I'll bring you bring back the discussion to the original question as you mentioned, what's the source of trust? I I will notice, I will note that everyone on the panel has said the same thing in different ways with different words. So let me try.
Governments trust only one kind of secure document or a credential, digital credential, they only trust credentials that they themselves issue. It doesn't matter who else issues. If the government issues a credential, they will trust it because they know the rules, they have the laws and regulations behind it. If a commercial entity tries to produce something that they would like the government to trust and it is not gonna happen. Speaker 15 01:51:20 So that's the answer.
The, the source of trust for governments to consume is credentials that they issue themselves using their own processes and using their own rules. Non-government consumers of those secure documents trust whatever documents they're required to by regulation or what they believe is useful. And I think for open wall foundation and the, the things that we will be working on is first of all make wallets that governments can trust because they have input and can guide the development of those wallets because they only trust their own stuff, right?
And then make them easy to use so that corporations and private people will want to use them and want to use the digital credentials that they have to or half. So that's, that's my quick answer. Speaker 13 01:52:20 I fully confirm I think the government will only trust mainly this what they have issued by themself and that was a key question. We have understood all that we have in Austel, Switzer and Germany more the Eid D us, it's a mixture between mainly mobiler license and all the a i and other AI as I'm kind of an i d in uk. Yeah. Depends on what will be the future will bring.
Therefore the key question is now for me, if you look a bit into the EU regulation into and look into the architecture architectural reference framework 1.0, the ZEBO specifications regarding the protocols of almighty connect for verified dams and all the, for the mobile driver horizons. At the same time, to be honest, currently I see little bits a problem that each country will pick out of sis what they want and at the end it's not really compatible to each other. Speaker 13 01:53:04 This is a little bit the situation on which we currently feel as, as Germans a little bits a problem.
Maybe we are especially as you said Andre so special that we take the the highest secure things at every time. Therefore the key question is what, what, what is your understanding of an ecosystem of digital identities in your country that you can overcome this hurdle?
That at the end you have a really harmonized approach all over Europe because it doesn't help you when you have maybe in Germany a really highly secure system and then somebody comes in from Italy, I take especially somebody which is not sitting on, on, on stage here some country and then this level of assurance high is not really a high under understanding and perspective of those countries that are represented here by you.
Speaker 14 01:53:49 So you've touched on the point and an area I was gonna go following on from Andrew's comments actually, which is the government's trust the identities they issue to their own citizens. But there are plenty of cross border use cases outside of Europe, outside of US. We're I think gonna need to have trust established in other countries issued credentials as well. Speaker 13 01:54:14 And and the European large scale pilots, they will had definitely to, to moderate this process. To be honest, I'm part of this process.
I see that currently there are a lot of intents to come to this kind of synchronization, but mainly each country is currently doing is by themselves alone because they try to find a way how they can combine this with the traditional legacy systems and legacy support as well. Therefore, I believe that we have to overcome my personal perspective also the situations that we have to combine the new world of SS ISF or identity W three Z credentials with for sure the old world OMI deconnect. Otherwise it doesn't work and therefore I like this proposal of the OMAD connect for verifiable credentials.
But nevertheless, if this is not harmonized all over Europe, then it'll end up in a catastrophic. Speaker 14 01:55:02 So the protocol level's great and we're very supportive that clearly as an open ID foundation representative here, I'm super supportive of that. But there's, there's a problem at the Symantec layer as well. You talked about the, you know, substantial assurance level that works within Europe, but the NIST assurance levels from the US are not directly translatable.
The GP G 45 assurance levels from the uk, again, not directly mappable, there is a piece of work going on looking at the, the, the mapping of assurance levels between different jurisdictions that's going on in the open identity exchange. That may be interesting as well.
Speaker 13 01:55:43 I think watching, watching the time, I have lot more points maybe you can put it into, into your summarization into a little bit because I would like to understand from each of you in perspective, what do you think what we will have been achieved maybe in 20 26, 3 years from now on together with the Open Wallet Foundation, especially in this ecosystem of digital identities.
What is the contribution of your company, of our organization that we can make the world of digital identities more easier, more secure and more suitable that we have really at the end a must market breakthrough?
I think, you know, contributing source code will help basically like lot of faster, like an ecosystem of diverse wallets and would help, you know, like we would have basically like a more diverse ecosystem of wallets and opposed to just the, the mobile platform wallets that are available today, you know, Android than iOS. So I think that's really important to, to contribute open source. It'll also help by the way to understand whether those standards actually viable, you know, and we, we can battle test those standards that we, that we define in all these organizations.
Also like myself, those one of the editors of the open foundation standards on credentials. So I think it's really important that we try out these things, establish a lot of open source components in the future. Speaker 13 01:57:24 Andrea, Speaker 14 01:57:25 Well I want to briefly touch on this topic. What can we do in the U to make it work across the eu? So I mean we have the powerful tool of implementing acts, right?
So if implementing acts are not just about the law and the regulation, but also about the technology, then we can, we have at least a slight chance that we will have interoperability within the EU jurisdiction. So I don't know, this has never probably been done, but with the A R F, we have at least a chance that we can form a baseline of stuff that needs to work interoperably together within the eu. Can this be a best practice example for the rest of the world? I don't know. I think we have at least some kind of common standards that are already out there that are useful or considered useful.
And this brings me to my conclusion in the end, it has to be useful to pe to people who use it on the user side and on the cons consumer side, basically organizations digesting the, the data and the, the information from the wallets. Speaker 14 01:58:21 If it's not useful, it it will not fly nevertheless what the technology is. And the the other point of that is this whole trust thing thing, I think people want it to be useful and have the feeling that they will not be screwed over any time they use it.
So in the banking area we have I think a very good grade of not being screwed over in any type of financial transaction all the time. I think if we achieve this level of assurance or confidence in the system, the ID world, I think we are, we have a winner Speaker 13 01:58:54 Fully confirm and to please, Speaker 12 01:58:56 Yeah, I think there's a massive opportunity in Europe with, with IDAs to, to harmonize digital trust across a whole continent.
Hundreds of millions of people right now though there are a lot of problems, it was early days, but an example you gave the the member state specific implementation of pit issuance. Okay, it's got to be consistent across member states, otherwise it's gonna be, you know, Italian person can't go into Greece, et cetera.
So, so that's one. Then there's many, many others. The good news is none of the problems are insurmountable. There are solutions to all of them, you know, do come along to the IDAs, I'm gonna trail my own track Friday morning. There's a whole i a track you'll learn from a lot of people who, who are very experienced in i a s, none of the problems are rinse mountable, but they need to be addressed really quickly.
I'm, I'm personally quite concerned about the huge focus in IDAs right now on MDL to the detriment of a focus on W three C verifiable credentials. Okay, thank you very much. Speaker 13 02:00:09 So there's only one way to combine it, otherwise we have no chance.
Yeah, i Speaker 12 02:00:12 I and well I think the reason, the reason there are two protocols is because there isn't one protocol that does everything right and maybe an outcome in, in 2026 is we figure out a protocol that does the whole lot because having two protocols and then different variations of those protocols in the same wallet is, you know, it's hard enough believe me to develop a single wallet with one protocol in it, right? So lots of problems, non insurmountable, lots of work to do by some very clever people.
Speaker 13 02:00:41 The remain remaining panelists please watching the time. We are a little bit overtime already though, Daniel, please. Speaker 16 02:00:46 Yeah.
Okay, let me be the one that is probably the least technical person in this room. I'm hopefully the most pragmatic when it comes to finding solutions when it comes to really getting things done because I think the situation is as bad as it can be when it comes to our personal internet identity situation. So we should start getting things done and not try to boil the ocean with standardization across all these things. And we need to get things done and get the people on board and getting used to what is gonna be like wallets that they will use every day with the credentials in them and stuff.
So I think our fear is too much. Not standards. Not standards. Working together, not doing things. And then security is coming as a always the, the stumbling box is always security problem. If you wanna over-engineer everything to the highest standard of security, then you will never get things done because then the people cannot use it anymore. And so that's the trick gets things done in a pragmatic fashion, that's what we try to help. But Speaker 13 02:01:39 Security could be, could, could, could create it really easy as well.
Yeah, implementation as Andre Speaker 16 02:01:46 If you wanna, Swiss example is always if you wanna use your digital identity to, to log into your nuclear plant and start operating the plant through the idea like this of course then you have to hire security issues at hand. But you can start somewhere else. You can start with some simple use cases in everyday life that are useful. Speaker 13 02:02:05 Mark, and Speaker 14 02:02:06 I'm speaking down the corridor in one minute so I better go but I think we will have solved some of the problems in three years time.
I think a realistic solution that will deliver a wallet that works in multiple places. Cross borders is a bit further off. I'm sorry to see, but to your point, let's start doing it. We will learn lessons gotta go. Speaker 13 02:02:26 Sorry Mark, thank you. Pick applause for you already, but last thank you Mark. A last sentence for intro as well. Intro please. Speaker 15 02:02:35 So I'm far more pessimistic than everyone else on the panel. As we are all probably aware mobile operating systems today completely segregate and separate app to app communications.
Everything is mediated by the mobile operating system and there is no expectation we should have no expectation that the flow of digital credentials will occur in any other way unless the operating system vendors are encouraged to allow third party credential routing credential res request routing that does not have to flow through the operating system and be examined and routed. This is a massive problem, we're encountering it today in the ISO work group. We know that, you know, iOS and Android will do a very good job but there is no room for open wallets in those ecosystems.
They work differently, the OSS and unless they're the vendors are encouraged to actually allow people to choose which wallets, if any they people want to use. Speaker 15 02:03:50 It's not gonna happen because the way mobile devices are engineered today is you cannot talk to an app unless the operating system allows it. And if you have your credentials in a wallet that is not the system wallet, you can't get at 'em. That's what we have today.
So hopefully the O Open Wallet Foundation will offer leverage and encouragement and support for the EU digital identity wallet and other wallets that that come out to find a better way to allow people to have choice of credentials and where they want to keep 'em because we're stuck with two providers of operating systems for mobile devices and neither of which works perfectly for people. Speaker 13 02:04:42 Thank you Andrew.
I think a great panel and we can summarize as we have still massive problems as we had deemed, we have various kind of implementations already existing, but what we have to find is a way to overcome those hurdles and the good thing is we have it all in our hands, all the technology, we have all the power and I think we need a public private partnership approach be between the governmental organizations and us as technology, as industry to make it happen. Otherwise I think we have no chance to really create a mass marketplace.
So with this, I would like to say thank you to my panelists, big applause. And we hand over back to Daniel. It is probably fitting. The next panel is about travel and health. Two things that most people would probably not have combined until a few years ago with the pandemic with Covid passes we have seen just how closely health and travel is related. I am really happy to welcome Annette with the delay. Annette is, you know, not responsible for the delay, but you are working for ata so my flight was delayed for 90 minutes.
Maybe there is poetic justice here that the, that your panel is delayed by 15 minutes. Annette is also working for the government of Aruba and one of the first members of the government advisory committee of the Open Wallet Foundation. Just as Derek said, we are thinking about open wallet as a public private partnership. I'm really happy that you're here and I look forward to the panel. Thank you Daniel. Good morning everybody. Is it?
Yes, it's working quick. Correction. I do not work for ata, but a lot with ata. Yes. Quick introduction. My name is Annette and I have a background in international border management and in 2013 I was lucky to be involved in be a co-lead co initiator to a, what was a locally federated identity management system using a biometric token at the airport of Aruba from curb gate uniting in a uniform manner, three stakeholders, the public and the private stakeholders, airport, airline and government. And ever since then, digital identity and travel has been my core business and and passion.
If we talk about travel and health credentials in in travel, the wallet is is extremely important and I'm very excited to be here. Thank you Daniel for inviting me. Because we talk about a global issue, we talk about crossing borders, having relying parties that are public and private and, and of course we talk about sending our credentials in advance from our wallet in order to get a service. When we travel, we want to walk at the airport, not have any lines, not have any stops, but preferably have a walking pace.
We want to have a digitization of the admissibility whereby we don't have hassle when we arrive at a, at a gov, at a destination, but everything is sorted out before we go. We don't want another covid, god forbid. But if something else happens, we want to be able to have our health credentials in our wallet and be able to share it. If we talk about travel, we talk about global, we talk about crossing borders. So what is crucial to crossing a border in the analog world? It is our passport in the digital word.
It is a digital version of our passport and we're very lucky to have a cred set of specifications, which is the I K O digital travel credential. In order to use that.
However, even though it's been around since late 2021, the specifications, we have seen a few pilots so far I've been in happy to be involved in one. We need more pilots, we need more happening here because while it is fantastic that we have this, we have a few challenges and that will for sure be one of the topics we'll be discussing. So without further ado, I would like to ask my panelists to join me up on stage and as we have somebody joining digitally from Geneva, I will also take my seat here. Hi.
Yes, can I? Yes. Hi. Perfect. I would like to start. Well thank you all for joining. Start with a quick introduction. Dan Speaker 17 02:10:06 Who? Dan Baumer.
Oh, yep, Yep. Speaker 17 02:10:09 Okay, thank you. Dan Baumer with Accenture. Let's see. In terms of travel, many, many moons ago I was chief engineer for alternative inspection systems, which includes global entry, which folks in the US may know an expedited, trusted traveler program. I've been doing identity management related work for 20 years now. Worked on some large scale identity programs and I'm working with Annette and Louise in on ida's one ID program.
And yeah, I'll just leave it there in terms of travel. Thank you Heather. Speaker 18 02:10:54 I'm Heather Doll, I'm CEO of inicio and at Inicio we support our customers with the deployment of verifiable credential technology. I've been working closely with Annette for quite a while now with the government of Aruba, in addition to c a who is also a partner in that project. Tess. Hi. Thank you for having me here. I'm probably the strange duck in the pond.
I don't know that much about digital identity, but I used to work with Gartner, the company, or global Analyst firm, investigating the impact of new technology. And I actually tweaked a little bit what I've learned there. And now we set up a methodology to look at what is the impact of new technology when focusing on economic, societal as well as business value.
And the Ministry of Economic Affairs in the Netherlands has asked me to run, which is called a value track on the digital wallet, to identify what are these keys values that we're all working towards too, as well as a citizen, as well as a company, as well as a government. And from there I'll explain a little bit more probably after we run this session.
Perfect, thank you. Or during this session, sorry, Neil, after I, I'll be asking you about it for sure. I'm curious, Ricky? Speaker 11 02:12:19 Yeah.
Hi, thanks. My name is Ricky. I'm from Verity.
At Verity, we are building basically organizational and product wallets everywhere where verifiability is needed for compliance. For example, we have one product in, in the US running in production, which basically brings compliance to big pharma companies, which wants to run against the drug supply chain security act. This laws in place in the US this year, which prevents fraud in the drug supply chain in the us. So I'm coming basically from the organizational perspective. And compliance is something which is for us very important.
And we see upcoming regulations, especially in Europe, for example, for the battery passport, for the product passports coming up, which is relevant for organizations and products, which also needs to have wallets. Yeah, yeah.
That's, that's from us as an introduction. Thank You, Louise. I know you'll be flying in. Hi. So don't be surprised if you see her later in real person. It's not a, she's not a ghost. She'll be flying in tonight. Speaker 18 02:13:32 Thanks. Thanks Annette. And thanks Daniel for the, the invite to the, to the Pan Loma.
Just, sorry, I'd booked my flights before accepting this invite. I, I do arrive this afternoon. Hello everybody. I'm Louise Cole, the head of customer experience and facilitation for aa, ATA as the, is the, the International Air Transport Association. It's the trade association for the World's Airlines. We represent some 300 airlines and around 83, 80 5% of total air traffic. And we support many, many areas of aviation activity and help formulate industry policy on critical aviation issues, but also the development of industry standards for aviation.
In my, my particular area, my portfolio, we also have the one ID program, which is looking at the use of digital identity in, in aviation, particularly at the point of the service delivery aspect. So the, the point from when the customer is ready to complete the requirements for the, the government in order to be able to be cleared, to get on the plane, and then all the touchpoints at the airport that, that follow there. Ideally using biometrics for a seamless flow.
As, as Annette had said in the industry as the whole, we are looking at digital identity really from the entire passenger journey, from inspire to shop, booking a flight, managing any ancillary purchases or corporate discounts, et cetera, right through the, the process. And then being able to reuse that identity, loyalty, et cetera, on future journeys. So instead of an end-to-end journey, persistence and in the digital identity allowing for, for the entire travel experience.
Thanks, Louise. And I will stick with Louise for my first question because I know that in a previous life you were the chair of the, is it a subgroup of the new technologies working group at I K O I K O being the international civil aviation organization that has a traveler identification trip program, and that program deals with our passport standards and also our digital passport standards. So could you very briefly explain what the DTC is and how extremely important pivotal it is for the whole of wallets and travel and health? Speaker 18 02:16:24 Thanks, Annette.
I forgot that I forgot that bit. I didn't previously, my, my, my previous career, I, I guess I'm on Korea too, joining ATA four years ago. Previously I had 25 years in government in the government of New Zealand, a large majority of that within the identity and passport services and within that represented New Zealand in I K O, the International Civil Aviation Organization, which is the, the UN agency responsible for our standards for member states right across aviation.
And I of course works very, very closely with iko o many, many matters in order to keep in parallel between the needs of the industry and the needs of the member states. And within that new technologies working group, oh, I think it began 20 14, 20 15. The notion it started as the notion of passport in the cloud, which seems so ridiculous now. But that work went on in the policy space to really determine the policy and the requirements or a digital equivalent of the, of the passport of the machine readable travel document.
Speaker 18 02:17:39 And the continued evolution of that from, from paper passport to electronic passport to digital passport. And through that work began on the digital travel credential. The DTC as a, a hybrid approach to was the approach taken, the mandate given from the ako was very strong that anything produced in the digital realm had to be at least as secure as the electronic passport.
Very, very difficult proposition. And the, the digital travel credential, therefore has already specified the, the virtual component of that. A lot of people call that DTC type one, but it's, it's actually an special name is A E M R T D bound dtc. And it's essentially just the data packet that's extracted from the passport chip and how to have that extracted complete so that it can be verified, verified virtually. Speaker 18 02:18:43 What everyone is waiting for is the specification for the physical component.
And many of the same problems that the previous panel, I came in just to hear the end of the previous panel and was quite jealous that I wasn't sitting in the room because it sounded like a really fascinating discussion. But the, the, the same problems I believe are being encountered there in terms of the where to store that and the device, given that the member states don't have control of the device and the issues with the operating systems. Andrew had mentioned at the end of that session there. So work is still progressing in that, in that space.
From the ATA perspective, we don't want to wait for I K O to determine the physical container, the secure, the secure element, the wallet, whatever it might be for the industry to be able to leverage the digital identity technology that's out there today. Speaker 18 02:19:47 So we acknowledge essentially in the industry that there might be some parallels and some interims that could last for many, many years.
But there is a lot of aspects in the traveler journey that could be streamlined and and consumer could have a better experience, an experience like they get in most other places today without the industry waiting for the member states to, to resolve the issues regarding the, regarding the standards. And we do see the open wallets as the way to go in terms of being able to get some harmony across the industry and know that that pain point might be the physical passport still being needed for the border check.
But there's certainly a lot of other steps in the customer journey that could be smoother for our customers and have a more modern digital experience. Thank you. Louise.
The, the DTC or the DTC type one? Ik. DTC type one officially is crucial because it's our passport and we will be traveling with our passport forever I guess cuz it's the only standards that governments amongst each other recognize and can read and can verify.
Heather, you have now recently done a pilot. You are busy with a pilot still using a digital travel credential. Now one of the difficult things about the DTC is that it is can only be called a DTC when it is the file as is. You read it, you verify it, that's it.
Any deriv, any selective disclosure that you apply to it and it's not a DTC anymore. How have you dealt with this in the pilot in Aruba? Speaker 18 02:21:43 Right.
I, when I look at the pilot in Aruba in March, and I look at the years we've spent on verifiable credentials, there was that hope that one day you would be able to legally cross the border using a verifiable credential and always seemed like a moonshot. But we did it, we crossed a border in an existing immigration system using an I K O DTC type one. And when we talk about how was that done, yes, you can't apply a selective disclosure, you have to transmit the D T C and its totality. But in addition to that, governments will want more information that is particular to that government.
In the case of Aruba, they want to know your flight, they want to know where you're staying, they want to know your departure date. But by necessarily adding that into dtc, then it, it ruins the dtc. Speaker 18 02:22:40 So we were able to do that by not only passing the DTC type one in its totality, but also providing additional credentialing ability to that government to obtain the necessary criterion information they needed to make that decision on whether that traveler would be able to cross the border.
The key part is they were able, the government of Aruba was able to make that determination before the traveler left their home. And we were able to do that by combining I K O D TC type one in its totality of an acred verifiable credential. In addition to that, another type of credential that PR that transmitted the additional data. So a solution was found, Speaker 18 02:23:26 Yes, solution was found and there always can be a solution found with this.
It may not seem like the first thing, it may take like for us an entire team to figure this out, but we reached a conclusion And then I'll go straight onto Dan, this type of solution. Is there will that will, will we need an international standard for that international practice for these kinds of solutions? Speaker 17 02:23:54 Yes.
And well, so one ID does encapsulate that that approach of a hybrid approach of using the DTC because a passport's currently still required to, for international travel and emphasis on international travel and other information, as Heather said, is is required. So the standards around that are, you know, will come from the likes of IDA and W three C and and thing. Yeah.
And yeah, and and and diff and i e TF and organizations such as that I will say in in ISO world and get, bring it back to, to wallet. So iso, there's a, a subcommittee, SC 17 that's all about security devices for personal identification.
Well, SC 17 working group three is, is who provides the technical specs for I K O and that's for travel documents and working group 10 Andrew and, and folks like that is MDLs. We just started ISO advisory group three to deal with identity wallets in Europe.
There's, and we'll talk more about this in the next session on standards, a sister organization that's doing similar personal security devices for personal id. Yes. And the MLD of course is used in US already for travel, Speaker 17 02:25:26 For domestic travel. The md Yeah, the MDL can, can be used TSA is, is is piloting that and physical driver's license as well. They have readers for, for the physical driver's license and are are, are using that as well. Yeah.
So that is, it's a big thing in the US because it's taking off, they're using the Apple wallet only so far from Correct. Speaker 17 02:25:52 In a couple of states. Yep. Yeah. In a couple of states, yes. Okay. Yeah. Ricky?
Yes, for health and travel of course we need credentials as well to verify that we have either a vaccination or that we have a, we're in need of a wheelchair or we have a pacemaker or how do you, do you have any experience with that? Speaker 11 02:26:17 Yes, so we worked or we are leading a working package in ID union kind of known I, I hope and, and this we kind of looked in certain use cases of, of health and which kind of credentials are, are there and which pilots are out there in the world.
And I think there are some, some cool existing pilots when it comes to vaccination credentials. I think New Zealand was a part where we, where we had this really big South Korea had a very big pilot in, in, in yeah. Field testing this four rare credentials and vaccinations. We in a union built our own pilot in regarding selective disclosure and only showing certain sets of data to the verifier.
Because when I remember the past from my vaccination credentials, which we really not had had in Germany, and, and part of selective disclosure, I always needed to show everything I needed to show my real passport. I needed to show my whole vaccination credential. And in ad union we worked out away with certain set of technologies to only show a certain set the, the, the only the dates or the, the, the attributes of my passport of my ID card, which I need to show that, that I have the real ID card.
I don't need to show a, certainly my birthday, I don't need to show my address and stuff like that. And that's what we worked in I union for example, And is, for instance, a world health organization involved in standards that will allow us to travel and share these standards in advance. Speaker 11 02:27:49 Not as I know so far. So in the at uni we also worked out a trust framework or trust id. Yeah. And how we could, could leverage that.
We made the pilots or the, the poc the proof of concept we worked out with together, like we named the archive I as a trust anchor and to, to basically issue kind of doctor's licenses to the doctors which are allowed to basically give, give out vaccines. And they basically then issued these vaccination credentials to, to the users. It was just a proof of concept. But these kind of things like this, this set up, this trust framework Yeah. From the world like health organization internationally need, need to be defined to, to have this like running. Yeah.
Well it's all about interoperability and standards. I know that's been repeated in every panel so far, but if you talk about this, it's, it's global. It's crossing borders, it is sharing your credentials, not with a private party in another country, but also of course with governments in another country. Quite complex. And how do we get there?
The Dutch ministry test question for you, Dutch Ministry of Economic Affairs and climate policy, that doesn't sound like travel, but they are involved in the EU large scale pilot that is doing the travel use case, the EU Digital Identity Wallet Consortium. And why are they involved? What is their, and why do they involve the value track? Well I think to explain that I should explain a little bit more about the value track. And you just mentioned rules earlier and you got various rules, right? You got rules on value. How do we create value?
If I'm a traveler, then I would like to understand if I'm okay with the client, the climate. For example, if I'm a traveler, I have to do with health. If I'm a traveler, I want to rent a car maybe or go to a hotel. So there are so many surfaces aligned that you just said. It's about crossing borders, it's global, but it's most of all complex. And so if we look at and somebody, and now he's not here but about semantics. We have to analyze certain sets of rules and who defines these sets of rules and who has these rules in their minds? That's all of you.
And when I used to work with Gartner, somebody said, well, how can Gartner know what the impact of new technology is? And I said, now Gardner doesn't know, you know, and you know, but because you don't know what you know, you're not gonna know and therefore there's an issue. So what we need to do is create transparency on what we all know in order to understand what the new ecosystem is gonna look like. So it's not just about what is the answer to the new ecosystem. It's about what is the question to our eco network?
Because that will define to what values we're gonna deliver layer one under what conditions and constraints from a product development, a market development, because you're looking for a market solution because it's a technical solution that should be applied. And we're looking for business development because otherwise the whole chain is not gonna move. And that chain is from product to end consumer. And when you look at the wallet, the end consumer is gonna decide whether or not to use your services. So it is by definition based on values.
If we can deliver those services, we need to have strategic alignments, we need to be compliant, we need to get funding that is related to another set of rules. And in the end, how can we create transparency on those rules? And that is something that can be defined by running these surfaces against a de-risking profile. Because in the end, the wallet is a set of transactions, is a set of contracts, it is a set of promises.
If we don't have a collective, collective promise from our citizens that they're gonna buy our services, we cannot say that we're gonna get 10 rental cars here because then the risk is too big for the provider. So we're talking about de-risking and we're talking about creating transparency on these set of rules that are, that have been applied. And then because we do that, we also know who is behind it. Because if I know that you are working on Aruba and you've already had some transparency on some of these rules, then I can offer you access to her knowledge.
So that's the way value tracking works. Is it already there yet?
No, it's as complex as the whole wallet though. We are making some really good progress. And this is why we said we would trigger you a little bit to get a first understanding of this concept and then perhaps later on we can show you more. And the reason why the travel use case is so important for the ministry is because it touches on every other ministry. So we're even looking at the health IDs with the Ministry of Health, we're looking at the retail organizations who deliver certain services as well, but it, you know, is overarching and therefore it's so extremely important.
And we're gonna run one hackathon on the eighth and 9th of June from the Netherlands. So you're Morgan and welcome to join. We'll find a way to communicate this to you. And in September and November there will be a follow up where we're gonna work with some of these parties who run these kinds of analysis. So that might be a nice learning moment too. So it's more than I'm very open to you, all of you. Please share your knowledge because we need it. Thank you. And we need to have it transparent and accessible. Exactly. Because we're all talking about interoperability.
We talk, we need rules, we need regulations. Some are being developed like AI does too. But what is happening in other countries? How do we know we can be interoperable? What are we working towards? Just touch on that Aruba finding a solution for the selective disclosure, but is that going to be the solution that everybody will use or how do we know what to prepare for? So I think we have, yeah, quick get a, get a bit of a note there. Just wrapping up with that in mind, the complexity.
What do you see as a challenge as the, the, the first challenge that we will have to tackle Dan, starting with you? Speaker 17 02:34:55 Sure. And I'll use this opportunity to go to touch on health a bit where we, we did a bunch of us in the room worked on the Good Health Pass collaborative. Yes. Right? Yeah.
And, and ultimately the suggestion was to use W three C compliant verifiable credentials to get the selective disclosure because what what precipitated was non interoperable QR codes that had personally identifiable information Yeah. And personal health information in the clear.
And, and so they weren't interoperable, they weren't privacy enhancing, they weren't secure. And so I think in terms of the challenge, the lessons learned, that's where we, we need to keep pushing ahead. And I think the, with relation to wallets, this is where the wallet is gonna be that secure container of these type of credentials.
Yes, absolutely. I totally agree with you, Heather. Speaker 18 02:35:56 From where I sit and being in the field actually deploying these solutions is that this is a far greater ecosystem. The wallet happens to be one component of an ecosystem, but there is so much more. Yeah. That has to be interoperable and there are multiple layers to this ecosystem up from the technology, from the standards that we talk about. But there's also business transformation.
There is change management, there is an incredible business human component that goes into marketing, governance, legal business development. And so we have to be thinking not only about the interrupt, the standards, the regulation, the technology, but we have to be thinking about how do we communicate this? Because our biggest channel inches we're not actually the technology or the standards, it was the people and the changing of a business and the way things operate. That was the most difficult part of this deployment. Yeah. How do we get the trust from the user?
How do they know when they use a solution or wallet that they can trust it? Totally agree, Tess.
Yeah, I think I already said it. It's, you know, we use value tracking as a method for an ongoing learning curve. And this is one of the most exciting areas to do it because I don't believe that it's all in silos, health and traveling. And this is just, you know, in hindsight it will be obvious and you, it takes an unusual mind to undertake the analysis of the opiates. And I think we should get these, you know, these various minds together by systematically asking the right questions on these levels of rules that I just mentioned.
Speaker 11 02:37:48 Yeah, we talked a lot about standards, rules and regulations. And just to give it a positive note from our personal or our opinion, you can still start today because a lot of people always see, you know, I need to wait for this regulation. This standard is not really there yet at the point in time where we, where we want to have it. So why should I start now?
You know, creating products based on these kind of things. From our standpoint, we also had the same thoughts years ago and we just started to create one ecosystem. So what I want to say is you can start small ecosystems and micro ecosystems today to solve certain problem. So if you see something coming up where you think you have enough people issue us verifiers holders frameworks on board, then just do it. Create your own ecosystem to solve a certain problem with safe sovereign entities. So do just do it.
I agree because it's actually what we did with the last value tracking session is we created ad hoc feedback loops from of stakeholders and based on that we were able to actually advise on policy making. So it could also be the other, other way around. Speaker 11 02:39:03 The only thing you need to do is to be, as I think we said multiple times to be open and, and the the rules you set for your own ecosystem needs to be open, open source and exactly needs to be available for everyone, But get going, start doing it.
Yes, exactly. Nike principle I like to say just do it. Yeah.
Louise, you're the final. Speaker 18 02:39:23 Thanks.
Thanks, Anna. The pandemic was a massive crisis for everyone in the world, but airlines in particular, aviation was really, really hit hard. And at the height of the pandemic, when testing started to become a requirement everywhere airlines were desperate for, for something interoperable.
And the, the message to ATA was really just do it from our members. And the ATA Travel Pass came into being act at incredible speed and it was the first and and biggest brief concept of SSI in the, in the industry.
And it, and it took the trust off government as shed credentials and turned them into VCs that the industry could trust and also measured and helped passengers understand the requirements through rules engines to understand what they needed for the particular country they they were going to. It was a very, very messy time of differing regulations and, and, and rules placed upon people and placed upon the industry in an inconsistent manner.
Speaker 18 02:40:38 And I think that that, if we don't, from that, that's the, the one ID technical specifications, the first tranche for the schemers for the verifiable credentials will be ready at the end of this month. So that's fast tracking and certainly has learned from the ATA Travel Pass experience and it, you'll be, you'll be pleased to know that the, that it's a very similar solution as to what you landed on in, in Aruba with, with your pilot around the way in which the DTC is handled and selective disclosure still possible.
But the, the, the biggest challenge to me is always gonna be if we don't have the government consistency and approaches and management and, and standardization industry can certainly work around and, and we can find that path to harmonization and interoperability, but we, if we end up with a whole lot of different specifications and regulations state to state or region to region for the, for the wallet, then this is a problem that's going to be way, way bigger than anything we saw in the height of the Covid pandemic. Exactly. Thank you Louise.
Crucial to the domain of travel is the involvement of governments and government IDs, or at least the digital travel credentials. Our power e passport. There is much more we can discuss. This is way too short. Luckily there is another panel on Wednesday afternoon, which I will invite you to. Big round of applause for the panelist. Great discussion. Thank you very much. And I'll hand it over to Daniel. Thanks. Thank you very much, Annette.
Daniel, you stay because you are going to be the moderator for the next panel, which is about how open standards and open trust frameworks work together with open source software. I am very pleased that we have two more speakers here, Claire and and net, which is especially appreciated because as I said at the beginning, we're not competing with standards, but we are today competing for time because Open ID Foundation actually has their event next door. So net thank you very much for being here, even though the, the Open ID Foundation has an event as we speak, come on up.
I'm really looking forward to your, to your panel. Judith. Hello.
All right, chairs, music's gonna stop. Thanks, how are you? Nice to see you. Speaker 17 02:44:10 Okay, so as, as Daniel said, we're gonna talk about what wallet standards and frameworks exist or should exist that support interoperable open source wallets and yeah, so we have a large panel of limited time. So let's let's do a, a quick intro and, and maybe with that let's start getting well some answers to that question. So what standards and frameworks do you see contributing to that exist today or, or should or are in development to achieve that, that goal?
So quick intro and and answer. Yeah. Speaker 16 02:44:50 Okay.
Hey, hello everybody. I'm Toss Lo that I'm with Yes and also technical advisor to the Open Model Foundation. I've been doing standards for quite some time at Opend Foundation. I tf diff Trust o p couple of other places regarding wallets. There are a lot of different standards and there will also be sessions here at EIC around that.
I mean, since I'm also an author of one of those standards, I highly recommend you take a look into open ID for verify credentials. Right, right. Speaker 19 02:45:25 Hi, I'm Nick Mother Shore, I'm chief identity strategist at the Open Identity Exchange and we are looking at standards around wallets and any other form of identity at the policy level. So rather than the technical standards, we're looking at standards around general policy, legal issues, data management and in particular standards for proofing individuals.
And we've identified that there are actually, there's a lot of gaps there. So when we talk a lot about technical standards and technical interoperability, if we get that working, then knowing what we're sharing and what it means is going to be a challenge unless we have a way of describing the policy and oex we're working on, I think of the open policy rules exchange framework that will enable those policies to be expressed. Speaker 21 02:46:11 Good morning everyone. Welcome to eic. It's already off to a great start, isn't it? Yeah. Okay. So my name is Judith Fleener.
I am the executive director for the Trust Over IP Foundation and what we're doing at Trust Over IP is working on the standards recommendations for a complete architecture for digital trust over the internet at scale. Now that's an easy task, isn't it? In really what it involves is having a lot of collaboration with all of these organizations and developers that are sitting here and in the rooms here. What trust Over IP when it was started a few years ago was focused on was the fact that my, my partner here from the Decentralized Identity Foundation Diff was doing a lot of work.
You asked what standards are being developed on verifiable credentials. All the technology W three C open, ID connect all these people were working on the technology pieces for the stack, but no one other than Nick here was focusing on the governance side of things. Speaker 21 02:47:30 And for anything to work, you have to pair the governance with the technology or you don't have trust. It is the governance side of stuff that actually is where the human legal business trust exists.
And so with our complete architecture there is the complete stack for the technology side paired with the government side. And so when you ask what standards are being developed, we work with all the standards because what we're looking to do is create a way for them to be interoperable so that we can have scale and not end up with a bunch of silos. Speaker 20 02:48:08 Thanks. And we'll talk more about the stack tomorrow. Speaker 21 02:48:11 Oh yes, Speaker 20 02:48:14 Claire please. Speaker 21 02:48:15 Thank you Dan. Hello everyone. My name is Claire Nelson.
I'm the executive director for the Decentralized Identity Foundation, otherwise known as diff. We are also a Linux Foundation project and subscribe to the notion of open standards and open source software. As everyone has said, thank you my fellow panelists for saying that we all work very closely together.
O W F Trust over ip Open id, it's, it's quite a, an example of people with a common interest and the one thing that I will say is if you're implementing DIDs decentralized identifiers and verifiable credentials and using open wallets, et cetera, there are two things that I've heard as a theme so far. And number one is my favorite cuz I come from a cybersecurity background and that's security. So we're all familiar with privacy by design, security by design. There are many people that have written papers that it's much easier, a lot less expensive if you bake all that in from day one.
And then the other part is impro interoperability. So there's a lot of work going on in, I think that you'll see as the organizations are are working more and more closely, we'll have more and more interoperable proof of concept and reference software.
Hello, my name is Daniel fet. I'm with lead and I have a background in security as well. In my case, the analysis of web protocol security. So things like or connect. And I'm also author of a couple of standards in the ITF and Open ID Foundation. So I hope that I can bring some of that perspective to the panel. And regarding the standards that should exist. Last year when I traveled by train to E I C I started writing the SD draft. So selective disclosure jots.
Cause we thought the world needs a new standard that which is always well easy to say, but we need a new standard that is simple to implement that that gives you the straightest way from A to B to create credentials with selective disclosure. And that's what we did. We wrote a draft and today it's already very much visible in the community. It's being proposed for many projects. It's in the A R F as well. And this morning I also talked about the implementation part of that standards development that I'd like to bring to the O W F.
Speaker 23 02:51:02 So I'm naser, the chairman of Open ID Foundation. Do you, do you guys have a heart of open id? I I I guess you, and even if you don't, you are actually using it every day. Right? And OP Open ID Foundation is a global standard organization on digital identity and API security. And it's totally free to participate. It doesn't cost any, it's zero and it's totally open. All our discussions are logged and you can always look back on why that change was made at what point and so on and so forth.
So, you know, it's really easy to participate platform and we also provide rigor to the discussion. For example, in the working groups like fpi, thanks to, you know, Daniel and other people, we've been applying formal analysis in mathematical analysis and proofs on the security characteristics of the protocols that we write. And so for this kind of, you know, decentralized or identity or issue or holder verifier model, we also, I believe that we also need something like that because we really don't know the security and the privacy properties of these things.
I'm also very much into the privacy field. I'm the project leader of ISO IC 29 100 privacy framework. That's the central international standard for privacy framework. And so we are, I'm doing the intersection of those security, digital identity and the privacy. And you know, currently I'm really believe that we need to bring them together and give a lot more rigor in the discussion. And that's where I probably can help. That's it. Speaker 19 02:53:14 Thanks Dan. I'm Adam Cooper.
I'm gonna wear my international development hat today and speak on behalf of my colleagues at World Bank and lot of the work I do in international development because standards are really important in that world. I have a background also in the UK government and in the European Commission and many of the other places and lots of the things that we've talked about today. I've had some finger in the PI somewhere along the years and with these guys mostly. But from an international development point of view, it's a lot of what we've spoken about so far today is, is fascinating and really valuable.
But we have to remember that there's 8 billion people roughly in the world, and 6.7 billion of those are in developing countries. And I spend a lot of my time last week I was in Jakarta in Indonesia because I'm working with the government there. What do they need to do? They've got 240 million people in the country. They've already got ID cards. They want a leapfrog all their neighbors, they want digital identity, they wanna think about wallets, but they're from a position where they don't understand this plethora of standards. They don't know what good looks like necessarily.
They need to put it in the context of the problems they're trying to solve, which are massive. Speaker 19 02:54:33 Their, their problems around trust risk, they have legal ecosystems that are only just evolving. They have a, a privacy law for example, that's, or more or less copied from GDPR and they're just about to implement it.
We, we in our ecosystems have a lot of these things in place already. AI dust that we spoke about before, it was kind of easy to write the legislation for Eidu to create a trust work framework. Why? Because we had the, all of the treaty and all of the EU laws that were already in place that gave us this backbone of legislation that made it happen. That's not the same everywhere else. So for example, I'm in discussions with the Asan countries. So Jakarta also has the headquarters asan. What do they want to do? They want to have interoperability with digital identity for international trade.
Where are they looking? They're looking at e IDAs. They're saying to me, this is the IDAs thing, this looks really cool. Can we use that to reach? My answer is not really, but so what we need to do is be able to navigate what my basic message is. We need to be able to navigate this incre, incredibly rich standards world in a way that's easily understandable to government so that they can put the, put that into context of delivering real value to people. And that's, that's what it comes down to for me. So Speaker 17 02:56:02 Yeah. Th thanks Adam.
That's a, a, a greats segue brought up I think a bunch of points from previous speakers, you know, and I mentioned real briefly, you know, in ISO world we have one working group focus on travel documents, international, specifically international travel documents. And why is IKO so successful with the passport? It's a closed ecosystem, right? You have 193 member states that agree on a very specific format, protocol and, and, and signature. And then separate from that working group 10 is MDLs, which has a separate format, protocol, and signature.
So how do, how do we get around that? And I just want to make sure that we include wallets in that because you know, Nick, you mentioned and, and we mentioned specifically identity proofing and then Judith jumped on the governance bandwagon. Governance in a closed ecosystem becomes easier. So I want to touch on, on that with respect, again bringing, making sure that we include open wall, you know, wallet, it's in, in the governance and that, that ecosystem.
Speaker 16 02:57:10 Yeah, I would, I would like to, to to start by reflecting on, on different, different ways you can do standardization. So when I listened to what you said I was thinking about, well yes, that's why open standardization is a good idea, right? Being inclusive, allowing anyone to join in and, and contribute to to standardizations is the best way to come up with reasonable standards that are sustainable and work in any place. So at Open Foundation for example, we are cooperating with mop.
And MOP is very experienced enrolling our digital identity in the, in the, in developing countries. So we are cooperating with D for example, on the proximity protocol for presenting credentials. And it was really amazing to work with those guys because they, they really opened our eyes about what other people have at their disposition, right?
So, and it also helped us to, to come to pragmatic solutions. And it's important to notice I'm a German, right? So getting, getting pragmatism in the, in the equation is very important.
That's my, that's my take on that. So open standardization also helps with, with, with those challenges. And at Open ID Foundation, as, as NET already mentioned, we, we are living that. And you Speaker 17 02:58:18 Might one mention it's modular open standard eif you mentioned it's modular open standard Speaker 19 02:58:24 Modular open source identity platform. Thank you. Full disclosure, I've on their advisory board, but yes, Speaker 17 02:58:31 But it's all open source. Speaker 19 02:58:33 Thanks.
Yes, completely open source. Speaker 17 02:58:35 And I don't know if you wanted to dig into nicka a bit more. So identity proofing, you know, when you look at Nest or or eu, and this is a bug for me, identity proofing, one of the main things it does, and this goes to the talk on, on the government issued IDs, is it's supposed to, if done correctly, if done correctly, establish uniqueness within the context of a population. And we haven't spoken about that. Speaker 19 02:59:05 No, no, no.
It's, it's interesting cause we look at all the technical standards. We talk about MDL standards, digital travel credentials, which is standards for a credential itself. The analysis we've been doing, it's been starting to unpack the things you need to know about a credential in order to trust it. And proofing is one area. We need standardization in data that goes, you know, within the credentials so that they're not every credential isn't using a different format and different name. It'll be a lot easier if they all standardized the data.
We'll be calling for that on the analysis we're doing on the global interoperability work. We've got so far 178 I think different characteristics that we've found. And it was interesting saying, well was saying that in some countries you've got GDPR legislation. So for a framework it's simple just to point at that and say, okay, we, we, we run with that because it's there, it's prevailing across the economy.
Speaker 19 02:59:53 In other places, like when we're looking at the latest version of nist, we're seeing a lot of data protection things creeping into NIST because it isn't there as a federal level and at most states. So they're having to put them in at the NIST level. So now in this analysis, each framework we go through, we're finding more characteristics. I think by the, by the time we finish the analysis of the eight frameworks we're working on, we'll probably have around three to 400 characteristics.
So far, not many of them have the same characteristic, which is a bit worrying. So that's, you know, what what we're trying to do here is find harmony and enable interoperability. Our analysis so far is, is showing that this isn't just not quite there. There'll be a normalization step where we bring those three, 400 down to maybe back down to 200. Speaker 19 03:00:35 But there's a lot of different approaches. And rightly so, people have different risk appetites, they have different laws, they have different cultures.
So this is reflected in the policy level more so than the technical level. So it's gonna be harder to standardize at the policy level. On the proofing side, actually, we're finding that most people use one of five golden credentials, passport driving license, bank account, telco account, or their own national ID card. They're the things that they use to uniquely identify the individual and they tend to combine them. They put them through different proofing techniques like face-to-face proofing or remote scanning and then they combine them again to commit with assurance levels.
And we're finding that so far in the analysis of four frameworks, we can, we've created a methodology that enables us to add that up from the base credentials to the level of assurance consistently across those frameworks. So that's, that's quite exciting cuz that means we hopefully have a dynamic wallet that moves from framework to framework and reformulates its levels of assurance as it goes depending on where it lands. I'll speak more about that on Thursday morning.
Speaker 17 03:01:40 And then in Judith, not to give away from the, the panel discussion and trust over ip, but in terms of yeah, governance levels of assurance and you know, how is that, how is trust over IP adding that to their, to the framework that we could. Yep. Speaker 21 03:02:03 So as you mentioned tomorrow, trust over IP is having a, a panel on our complete technical stack or defining, you know, the scale protocols. So let me talk a little bit about, we have the technical side of the stack and the governance side of the stack.
And since you just asked about governance, that's where we really started is to create a governance meta model. We're not creating a governance framework, you know, that's for the ecosystem to be able to do, but what are the questions that you need to ask when creating that? If I make this technical decision here, what do I need to incorporate into my governance framework? So the whole metamodel for the governance framework that gives you spreadsheets that you can use to help identify those questions, et cetera. It's the first thing we worked on.
Then we reverted back and I, I just kind of wanna highlight what we're working on most right now on the technical side for trust over ip. Speaker 21 03:02:57 We, we called it trust over IP because we kind of think that it has to do with the same hourglass principle of ip, you know, IP works because it doesn't try to build too much into that IP protocol.
You know, you can make your other decisions at layers above and you can make your other decisions that layer below. And so for scalable trust, we want to minimize what's in the protocol in the center, which we call the trust spanning protocol. And there are meetings now we have an European time zone one, so for me, I'm a Pacific time zone, it's at 6:00 AM we have the exact same meeting at 6:00 PM in the evening. So the Asia people can be involved and some people go to both and and translate what's going on.
But in that trust spanning protocol standard that is trying to create, what they've realized is really there's multiple protocols. Speaker 21 03:03:55 And so it's all defining how do we get to where we allow for flexibility. We let people use open ID for verifiable credentials where that's appropriate with existing systems, use W three C standards and credentials where that's appropriate in their system, use mdl, but have a spanning protocol that allows for these to inter-operate in a clean and efficient manner, allowing people to make decisions.
So that's one area that that's being worked on. And the other is in the area of trust registries, because you know, with decentralized trust, we're talking about having something in a wallet and everybody wants to talk about the issuer, a holder verifier, but from the verifier and the issuer, what you're really checking at this point is just who issued it and has it been tampered with?
You know, is it still in existence without having all the governance that goes with it, you can't decide whether you trust that issuer. Speaker 21 03:05:04 And so this is where trust registries come in and there's a lot of different ways to create trust registries.
You know, there's simple ways you could tie it to, you know, DNS structures. You know, it it, there's different models, but what you don't want is to have a bunch of trust registries that can't rely on each other.
Again, in the governance standpoint, it's the governance decision, what I'm going to do to trust. But wouldn't it be nice if there were protocols that allowed the developer of this registry and the developer of this registry to have a protocol such that, hey, once we decide this jurisdiction is one that we want to, you know, we know their identity proofing, we know their levels of assurance, we are allowed then to say, okay, we trust that we put it in our trust registry, the two inter-operate.
So that's the other main standard that we're working on right now is to be able to have people look at the various trust registries such that they can inter-operate so that the governance decisions then become easier and able to be machine read. Speaker 17 03:06:18 Thanks.
And, and we know in the EU the A R f, they, they talk about trusted lists. I don't know the Adam's shaking his head so, and so as Judith said, you know, it seems kind of, you know, if you're there, you're, you're trusted, but you know, are are there levels of assurance in that or are we baking that in somehow? And what are you trusted to issue Speaker 19 03:06:44 Trusting what's wants to say? But I'd like to say that I've got an answer for that.
But just on trusted lists, trusted lists have always been of a bone of contention with the IDAs we spoke, we, we tried to legislate for it in the first version of IDAs. Nobody wanted to take ownership of it because it means the, the concept of that means creating a central body.
So, so who runs the central body? Yeah, so that creates his own question.
So, so we parked it in e IDUs one pretty much now, hopefully we're trying to have open that discussion up again and figure out a way of doing this and, and maybe close to the inside technically than I, but, but before you, before you kick in, we, we have trusted registries now pkd, for example, for passports, great example of that. Unfortunately not every country's in pkd and some choose not to deliberately, which means you end up with multiple lists anyway. Speaker 19 03:07:37 So just proofing a passport is problematic.
So, so yes, they're really valuable, but will we ever get that situation where they're all interoperable and there's, there's one way of doing it? Maybe. I'd like to think so. I think it's highly unlikely. I think that the real solution is when countries create their own trust systems, trust frameworks, if you wanna call them that nobody seems to use that phrase anymore, but, or they'll legislate around how this works and every country's gonna do it differently and that will remain the truth.
We have to accept that what we can do is create tools that make it a bit easier when they implement technically yes, absolutely, let's do that. But we have to accept that there's gonna be lots of difference.
Sorry, go on. Speaker 16 03:08:21 I think the, the problem space is even more difficult if we, if we really are embrace decentralized identity because the trust list that exists today in the European Union just covers, just covers trust service providers. So it's a certain kind of service that is regulated under the IDAs part two regulation.
And it's, I think it works okay for the decentralized identity, you, you, you must just accept that every domain has governance rules, right? Whether you are allowed to issue vaccination certificates or whether you're in university or I don't know, whether you're a government agency or you are a, I don't know, a city, it's completely different. So I'm assuming there will be different trust registries, whatever technology might be used for those different domains. And then you have to do jurisdictions and so on.
This, it's a multidimensional problem and this is one of the open topics still in the architectural reference framework for ida. Speaker 16 03:09:18 So it's being worked on right now and as an open ID foundation, we are also helping with that because we have a liaison with the European Commission now. So we are working on that topic.
But it's, it's, it's pretty hard. And when it comes to inability, I think we can agree on certain standards for protocols and, and credential formats. The community is somehow settling around that. But we intentionally, right now we are doing that right now we do a high assurance profile for open a D four vc, but we left out the trust management for the simple reason why there are so, so many technical options right now that need to still be sorted out. Speaker 17 03:09:54 Did did you want to, you were shaking your head. Did you want to add to that conversation?
Speaker 23 03:09:59 Not so much, but I was wondering if Toon is going to touch on the, you know, game POC and kind of things. Oh yeah, how could I missed? I was you like, would you like Oh, go ahead.
Yeah, Speaker 16 03:10:13 Yeah, sure. I mean, oh there are so many things going on, right? Sorry for that. So I mean the, the gain gain was I think announced here at that conference, Daniel?
Yeah, yeah, it was here announced at, at at at eic and, and there is one, one community group going on at the Open ID foundation. We are building pro prototype of a network of networks and we, which means there are existing identity networks and, and as, as the game principle is to, to leverage what's, what's what's there. So build on what's been built, we try to not change the way they manage trust within the different ecosystems, just the ecosystem being one of them. But we tried to, to build a layer so we can connect all those islands of trust in a network of networks.
And as a technology, we used Open Air Federation, but we also evaluated all the technologies, DNS based ones and so on. But that's what we came up in, in in that prototype and it's up and running. So we successfully did it and we are planning to enhance it to also incorporate verified credentials because right now it's based on a federated model. Speaker 23 03:11:15 Yeah.
So we, what we tended to think was that, you know, UniFi, you know, creating a great unified model is so beautiful, but probably not attainable in the near future while, you know, my eyes are still black. So, you know, what we opted was to connect those, you know, existing or forthcoming islands right now that's probably much more attainable I guess. Speaker 17 03:11:49 Okay.
And, and Daniel, we haven't spoke with you for a while, but on that topic or if there's a, a burning issue that in, in terms of standards on open wallets that you'd like to voice? Yeah, let's hear 'em On that topic. Maybe from a different project that we are involved in the ID union project. I think it has been mentioned here as well that showed us, or that gave us a lot of experience on the existing standards. So we started that a while ago, when was it, three years ago or something close, so let's say three years ago or something. And we started and we wanted to build a prototype.
So we really wanted to implement very simple thing, lock into a next cloud with your verifiable credential. And it turned out that that is not so easy as it sounds because obviously you do have standards or defecto standards in the field already. You do have established software packages that, that do things, but there was no interoperability in the sense that they all work together, they adhere to open standards and they are really available.
So what we notice is often you have one software pro project implementing certain thing like credential format, which at the same time serves as the defector standard. So maybe there isn't even a really a standard document that you can work with and then it's written in some language.
Say, say it's, it's written in, I dunno, Python and you wanna use it on your mobile device where Python may not be a good choice and you don't find any other implementations and it goes on like this. So you have the, the next cloud written in PHP and then you have some other, some other component in Java, so you need to build bridges and so on. So it was really a mess we noticed.
So what we see in the standards that to is very active on, in the open 84, we see World and in Trot we really, so we put a lot of the learnings that we got from ID union into these standards to create standards where you not only have one implementation where you have a real standard that you can refer to and where you really can expect people to adopt a standard and not a certain software package. So that's the journey that we had with, with the ID union project.
Speaker 16 03:14:50 I had a conversation with someone yesterday when checking into the hotel and I surprised him by saying, I could imagine to have 10 as digital projects at O wf. I would be really amassed and pleased if we would have 10 different projects for St. Jo for different programming languages. Why? Because that allow people to use the programming language and platform of choice. And that is something that you can only do with standards and that's why standards are very, very important for O wf Speaker 17 03:15:20 Claire, you're months into your role, right?
It's it's months still there. Yeah. Not your at, at diff So what, what are you seeing?
What's, what's your major push there? And, and again with, with the focus on open wallets, you know it, I know you have the Universal Resolver, but the Universal Wallet, that's, that's w3c not diff. Right? Well Speaker 21 03:15:48 That I, that brings me to the most common question I get as a person working at Diff and collaborating closely with the Open Wallet Foundation. And the question is, well, do you overlap who does what? And so it's very clear we have a, a very crisp answer to that.
So Diff works on open standards and the Open Wallet Foundation works on software, open source software. And so currently White right now there is a working group at Diff and we're, we're researching and creating a specification for backup of a wallet. And that's meant to work in concert with Open Wallet Foundation. So we've talked a lot about interoperability. Well it happens at a grand scale with the standards, it also happens very locally as all these different groups work together. And then I'll, I'll have, I have one more thing. We've been talking a lot about trust and privacy and security.
I spent a lot of time in the privacy field and there's a saying, you wanna write this down, you can have security without privacy, but you can't have privacy without security. Very good. So do we have time to do a closeout or that or just is there a quick one? Cause I think link you're also needed. Speaker 17 03:17:10 Okay. So why don't we do that?
Just, you know, closing thoughts, you know, just real briefly, please. Yeah, Thon, oh, I talked, Speaker 24 03:17:17 I talked, I talked so much though. Speaker 19 03:17:20 Yeah. Quick closing thought. Sorry. Speed. The OD o o IDF one as well now. So quick closing thoughts. I've got keynote on Thursday morning, I'm gonna be closing that, talking about collaboration and interoperability. I know we've said it time and time again, but that's amongst us. It's amongst the identity community Only we can make this happen together.
So that's my call to action to all of you and will be on Thursday morning as well. Speaker 21 03:17:47 So I have a, a closing comment which is piggybacking on what Claire said here, the standards organizations will be working on the standards closely working with the Open Wallet Foundation that'll be doing the code. Now what we understand at the Lennox Foundation, we're both Lennox Foundation projects, open wall to Lennox Foundation project is, this can be very confusing. Which projects do I belong to with regards to what it is I'm working on?
And my answer is you kind of need to have a toe in each one of them because they don't work independently, they work collaboratively. And the Lennox Foundation is coming out just this week at their open source Summit North, which some of our people are at. And some of our people are here in Europe. We spread the world at launching what's called the digital trust initiative page on their website to outline what the various projects, of course were here with the digital identity once, but there's finance ones, et cetera.
What, what are the pieces that are being worked on with digital trust? So go, go to Linux Foundation and check out the new digital trust page that'll be coming out later this week and we'll see you tomorrow if you wanna learn more about the trust over IP stack at five 50 we are doing defining the protocols for internet scale digital trust. I'm looking forward to seeing you there. Speaker 20 03:19:13 Okay, thank you Nick. Thank you. Speaker 21 03:19:16 Just to close out. Thanks Nick. Speaker 25 03:19:18 Thanks Nick. Speaker 21 03:19:21 I echo what Judas said.
Look for the Linux Foundation announcement for digital trust initiative. There'll be a website, many quotes from some of the people in this room. And then just one other thing and that is when you think about the identity portion of the open wallet, think of something that needs to be cryptographically secure. And that's what DIDs are all about. Decentralized identifiers and I'll be talking about that, not here, but in other places. And the notion of decentralized identifiers based on cryptography is the core of what we're doing for the standards. Thank you.
So you know how people have a hard time thinking about concepts where they don't have a word for maybe in the language. And I think it's similar with standards.
No, it's similar with standards. They allow you to, to talk about a certain level in the stack that you wouldn't be able to talk about earlier because it would be embedded in your software or it would be implied or whatever. So standards really help you to think about security implementation, also governance things. So technical standards both also in governance standards. So I think that's the role that standards play in the space. Speaker 23 03:20:46 Yeah, so a lot of talk we did in this session about the difference between the open source implementation standards and the governance.
Actually they compliments each other. And one, you know, you are actually getting into other field then, you know, just don't, don't be afraid of crossing the the fence and come to the the standard standardized organization. You know? So that's my advice. And also we kind of, in this field, I really feel the need of talking precisely, we tend to use a term very loosely and without the precision we'll be making circles.
So, you know, and the standardization is actually pretty good at making those, you know, precise warnings and things like that. So, you know, even if you have never participated in part standardization, I highly recommend you to. So that's my take. So Speaker 17 03:21:55 It took us about a year in ISO world in ISO 3 0 1, 0 7 presentation, attack detection. Most folks call it anti spoofing or liveness detection. It took us a year and a half to come up with pad. But to your point, Speaker 23 03:22:10 Yeah, I mean the shameless just shameless advantage.
So I'm going to be hosting a session tomorrow called Fall of Decentralization. All right? I mean everybody talks about centralized and decentralized, what do you mean by that? Right? And so if you're interested in, you know, something like that, please come along. Thank Speaker 17 03:22:35 You.
And Adam, Speaker 19 03:22:36 Yeah, I, I'm gonna do a talk about centralization, decentralization as well. So that should be interesting. But I think for me there's a real power in open source implementations of open standards and it, I can't understate that power.
I mean it, it's just phenomenal. When I, I was in Bangalore a couple of weeks ago with a group of African countries and with Moip and we've gone in a very short space of time with Moip from creating that open source project with just one country with the Philippines implementing. They've done over 80 million plus people now, by the way, through that system, I sat in that room and it was packed. It was a hole twice the size of this, it was absolutely full. They've now got 18 plus countries signed up to do this. And why? Because they've seen a thing implemented.
Standards can be very dry and hard to understand and yes, exactly. Speaker 19 03:23:37 It makes them so real and that offers us such power in the world because then countries will participate more and implement more of the right things and not the wrong things, which they have in the past. And can I also make one, one plea as well? I would love to see a much wider and varied participation from many countries globally because it tends to be dominated by European US folk, which is, you know, that's not bad, but it's good. I wanna see more, I wanna see lots more African nations in there.
I wanna see more Asian nations in there because you know what, in the line of work I have, I'm out there with huge projects that are doing hundreds of millions of people to give them digital technologies like this and other things as well because it's, you can't assume everybody has a mobile phone. Sorry I'm going on too much. But I go back to it's, we're at that point now where we're demonstrating the power of standards by implementing them and openly Speaker 17 03:24:38 Thank you. Thank you panel. Thank you.
So we're running now half an hour late eight, we're now running half an hour late. We're going to do the next conversation on digital assets and access and then we'll just wrap up very quickly and we'll try to be within five minutes or so. So with that Lasa, thank you very much. Speaker 17 03:25:41 Ah, the fantastic panel is on our way. So I kind of like, first of all, I think I should give kudos to all of you that been here kind of like all morning without doing a mile break. It's not kind of like afternoon.
Speaker 17 03:25:59 So first of all, kind of like when Daniel called me, I dunno, couple of months ago and talked about open wallet, it took me one millisecond say I want to join this. And not only for a reason that I'm kind of like, first of all, I'm a guy that never had a physical wallet. So I always been searching for shit in my backpack and my trouss, but I didn't want to end up with kind of like 20 different digital wallets. That's even worse. So come and, and secondly the other thing, you had a three keywords this morning.
One of them is very dear to my heart and also kind of like a little bit into to myself, I used to work for a company called Sun Microsystems, rest in Peace. So what really caught me there was one of the first things I was exposed to was something called the Liberty Alliance. Speaker 17 03:26:53 And some of you with gray hair like me, kind still remember it. And there was one company that came in and basically said, just stop what you're doing, just have only one IDP in the world and you don't have to worry about it. And of course lot of companies said, oh this, this doesn't smell good.
We also want to kind of talk to our customers. And of course Liberty Alliance got funded, had a collaboration. Well a lot of lot of companies all across, across industries. So the other side of of open source is you mentioned kind of like the cost actually doing some to, to something together, but just a couple of other things also. It's what happens if DART waiter suddenly come in and acquire your company and take all this fantastic technology and make it closed source.
And I think some that was actually the leader of the web access management space back in, in 2020 or nine 20 or 10, kind of like the com company came in, took all the source code away, closed source it, and guess what? Speaker 17 03:28:07 The day after the community put it back online and we carried it on.
So that's, there's also a life insurance in the open source thing. And last thing I'm gonna say before kind of like introduction to the to the fantastic panel is the, I think adoption conquers everything. So doing code, doing software, start testing it, try it in use cases is actually what's wanna make a difference. Of course standards are important, but a lot of things have changed. Like back in, in the early days people working in the standard station organization was just there to, to try to prevent the competition to have any deployment.
So now it's all about collaboration and it's much better. So with that, let me introduce the defined panel. Fabian.
Yeah, Speaker 23 03:28:54 Thank you. My name is Fabian Boman, I'm working as a team lead as the, at the Kadana Foundation. So I have a background in computer science and bioinformatics. I switched from VW Smart Production Lab to the Kadan Foundation in the September last year. And when I started at CF, I started as a blockchain developer. So my first task was to, with the team to implement Kaan ballot, which was a voting application for the Kadan summit. And when we started with that, we thought it would be very straightforward, but it wasn't.
So typically in, in the Kaan ecosystem, you vote with your stake because kaan is a, is a proof of stake. Blockchain delegated proof of stake and, but in this case it was like we need one user, one one vote, which is different than the other approaches that we have in our ecosystem. So we did our research and we ended up with a very cumbersome setup of using a mixture between SMS and discord validation where we send an a private message to SMS or discord bot and the user had to sign this message with, its with the wallet. We are now iterating over that.
So we are added the team at CF focused on SSI and D I D solutions that also tries to figures out our works with different companies focusing on KYC. Speaker 23 03:30:32 And we hope that we will came up with a better iteration for the next summit.
My team, so at with the beginning of this year, I became a team lead of a team called Ecosystem Architect Chain engineering. And my team is mainly focused on provide help or ecosystem components that may not exist or help to improve the existing solutions. So all of the stuff that we are doing is or will be open source and we are trying to bring adoption to with our frameworks and software. Currently we're working on different things like for example the simple wallet connector, but also we implemented the standard which can be used to act with peer-to-peer between wallets and depths.
So without using a central server, just using web Torrance and or web to trackers and web rtc. Yeah, that's me in a nutshell. Sorry for that. Speaker 26 03:31:44 Hello everyone. Katrina Dao. I'm the founder and CEO of Miko and we are focused on building some of the components in building blocks to enable many of the use cases and evolutions that we've been hearing about all morning in particular, wallet services, secure data storage, and the whole credential life cycle management. So that's kind of from a technical point of view.
If, if I could jump to where I think the conversation particularly over the next few days needs to head to is this move that we have now between the physical and the digital, between where we are in this room here and now where we might be able to pull out some artifact, even a digital artifact and prove something about ourself or, or even assert that we're in the room and this move into the spacial web where we won't physically be present but something will be acting on our behalf.
Speaker 26 03:32:49 And so I think there is a quickening around the way we represent digital assets in the physical and the digital and that smooth transition. I think philosophically we all have to trust someone sometimes. So we have to work out what that is and also this harmonization and adoption of standards is in critical from a scaling point of view. But you have to start somewhere and if we all wait until everything's ready, then we won't make a lot of progress.
So I'm, I'm delighted to see how some of the various bodies are coming together and there's this harmonizing theme, I dunno from that last panel, but it's the first time I think in a few years that, that you feel like there is this through line which I think will create clarity, which is great. Speaker 27 03:33:42 Cool. Hi all. So I'm Fra Edwards CEO at Czech. So we're building what we're calling trusted data markets. Practically that means payment or privacy, preserving payment infrastructure for ssi, decentralized id, verifiable credentials.
So being able to solve for verify pays issuer, incentivizing issuers to issue those credentials out from the data silos they currently have. But maintaining the entire thing is a privacy preserving system. At the same time we've just launched into beta something we're calling creds xyz. It's basically credentials for typically like gaming, crypto web three community members and focusing a mix of kind of an issuance platform, a wallet all very much focused around the individual having that control but also kind of instantiating all those interactions.
And the reason we're doing that is basically just explaining SSI to lay people where they currently really don't understand it, getting it into their hands and making it just really, really easy to use. Speaker 27 03:34:40 So that's us.
Hi, I'm as Johnson founder and CEO of Nuggets. Nuggets is a verified self-sovereign decentralized identity. We specialize in identity payment and compliance. We have a a wallet, what we refer to as like super wallet because we're involved in multi rail payments within that we think identity on its own is very much an island, but when you bring identity to payment suddenly you get very concerned. You can log into my e-commerce account and see that I buy my socks every Wednesday and I don't really care about it, but as soon as you start taking my payment details I get very upset about it.
So we feel very strongly that identity and payment is tied together and that's something that we're working on throughout. We've worked with a number of sectors within the region. We predominantly do financial services but we work through all the way up to web from web two to web three with defi and crypto and now more recently with cbdc in terms of our digital assets, which is also extremely exciting. Sits very close almost to the crypto realm in terms of what it done is coming from a a very different approach.
But what's very exciting for me and I think for all of us is that privacy and security is first in mind on these new genres of digital assets that are coming out from day one. So that's very important to me and I believe to all of us here today. Speaker 14 03:36:21 Hi, I'm Andre Cora, IT guy, heart businessman by education. I'm CIO of za ATO is often considered an SSI startup. We are totally not, we have been around for 35 years, so we do SSI stuff since 2015.
So HS in the SSI space, founding member of trustworth, founding member of Open Bullet Foundation, software foundation, founding steward, all the stuff. So we're knee deep in SSI for for hs. I think I've mentioned it a couple of times already in individual conversations and other panels. I think all the stuff we are building has to be useful, otherwise it will not be adopted. So we have asked ourselves the question, how can we make it useful in the access world? So we are also very much involved in everything considered identity and access. So we have thought, how can we make it useful?
How can we make this wallet thing useful to people? Speaker 14 03:37:20 And we have, we have made one thing, we ask ourselves the question, what is it that you do every day? What is a tedious task and what is something that you need? We basically made the wallet able to log into your Windows machine. We asked ourselves the question, why didn't Microsoft build that already? It's there, they can do it. So we said, okay, let's build it and we did it and I can show it to you.
This is the very, very tiny thing that we do with ssi, but I think it's such a powerful communication tool so that you can actually use your identity wallet to sign into something you use every day. And this is just like the starting off point for our identity and access suite soul, which basically enables decentralized identity for everything and everywhere in the enterprise context. That's me in a nutshell. Speaker 17 03:38:10 Good, thank you.
I I was on a panel kind of like a month ago or something and there were a lot of great technology companies including myself, not a company sitting there and people asked us, so what have you achieved over the last 10 years? And it was, it was kind of silent for 10, 10 minutes, but I'm kind of like open wallet is of course kind of like in a big toolbox or new technology coming out. You already mentioned ssi, decentralized web three, kind of like the whole whole ang with buzzwords.
If you do kind of like, and like Bill Gates, he was now talking about the death of the password in 2004 and last time I changed check this like 2023 now. And anyway, so where exactly do you think we are? What is the state of the union? Where is our actually practically implementation and how long would it actually take to go from web two to web three? Speaker 27 03:39:07 I mean I, I think at the moment what's really interesting for the first time ever, we're getting to a point where the digital identity is a gateway to the internet.
Yeah, that's the closest you can get. We started on mainframes, went onto business, computers, went onto desktops, laptops were on device. And we're getting to that phase now where digital identity can be that gateway to the internet and that and then your device will be an interface thereafter. And I really think that we are, that's where we're at at the moment and although we are sort of at the starting point almost or there's been a lot of work done in identity for many years and and but what there's becoming is almost a movement.
And what you find is someone might specialize in financial services, someone might specialize in education, someone might specialize in travel. Speaker 27 03:39:56 But as a whole the movement is coming together. And that's a really important point in terms of where we're starting from to make a change now and moving forward. And I think to extend that, it's like one of the symptoms we are seeing is like everyone and their mother wants to become an idp.
Like the best example in the UK is Nike now is an IDP to Footlocker, which shows that basically like everyone is go gonna become sorry, is gonna become an attribute issuer everyone. And that suddenly doesn't work in necessarily a federated model where everyone has to connect to each other because it just becomes spaghetti. And that's where I think moving into that, that kind of SSI model is starting to come through.
But I think it's really being driven by like almost consumer behavior, especially in Gen Z where they're looking at this going like Gen Z's got this behavior where they want a completely customized and unique experience whenever they do anything, but they want it to be absolutely seamless. And the only way you can start doing that without just completely surveilling everyone all the time is issuing attributes all over the place but putting them under the control of the user.
And so weirdly you're getting like Gen Z consumer behavior, maybe it's just the latest thing that's pushed the movement along that's starting to shape everyone into becoming attribute providers, which is just creating this kind of push into, into this direction, which is, it's great for us I guess on the stage. Speaker 14 03:41:12 Yeah, totally agree. I think we are getting to this completely hyper-connected world where we basically have to have efficient and scalable means of authentication all the time.
Look at the capabilities we currently see with deep fake videos and chatri PT style things. All this combined is going to be a security and, and and a fraud nightmare actually. So I think we have to come to a world where we basically, basically every time authenticate, maybe strongly authenticate an an interaction we have in the online world. And if you think that through to the end, you basically, if you hear the term zero trust architecture, I mean this is nothing but that. So if you want to have zero trust world, you have to have decentralized decision points.
We had to question what is decentralization anyways earlier. So you have the decision points like the endpoint, you and your wallet interacting with a certain IT asset, whatever that is, or a door maybe even then you have to authenticate with this thing as directly as possible. This is zero trust. So having the agents that interact make the decision, do I want to interact and do I want to do something? This is zero trust and now we are going with IDPs and all that good stuff, which is very useful. It has been very useful but this is not the target state.
It cannot be be because it will just not work like the spaghetti example of Frazier put. Speaker 26 03:42:31 And I think, I think many of us in the room have been working at some of that underlying foundational work for almost a decade now. I mean I guess we've been talking about ssi, decentralized, the beginnings of, of wallets. And so I think where are we? There is now I think enough confidence and there's enough maturity. It doesn't mean there is zero risk, but I think there is enough confidence to move ahead and start actually implementing.
And I think, I think just the examples of what we've talked about here on stage, there are every day increasingly there are real life examples to point to. So I think that's, that's where we are in terms of the maturity cycle. I think there's a lot more confidence as that confidence builds, we can then start to manage some of the risks because the risks become, I think really at the end of the day, the risk really only become evidence through implementation.
Speaker 26 03:43:30 You can talk about things and you can design something and it can look absolutely fantastic on paper, but it's not until you put it into the hands of a customer, a citizen, a patient, a student that you actually understand where things are frictionless or where things create additional risk. So I think, you know, if there's one mantra, it's it's implement, implement, implement. And then I guess the only thing I'm a little bit worried about in terms of where we are is we're talking about wallets.
And I understand, but I think to your point, the form factor, I mean our mobile phones are old now as a technology and I think we need to be thinking of the concept of wallet in almost a container less way because my coffee machine will need this capability, my refrigerator, my car, my wrist, maybe some internal organ that's being monitored through some sort of thing that I swallow. And so I think sometimes the construct of wallet, it, it almost suggests that we are bound to a device and I think where we are is we need to be thinking now around how we move between the, these physical states.
Speaker 23 03:44:48 Yeah. As a, as a former employee of a big company like vw, I think to switch or to move from web two to web three, it's also essential to to educate and to bring up standards also for, for those big companies because it feels like that they don't get the benefit yet to use blockchain. But it makes sense even if you have a big company with with brands, it makes sense to use blockchain and trust across those brands. All of them.
I I think not all of them, sorry, a lot of them that I spoke with, because our department also work with blockchain, I think they still thinking that if there's something on chain, it's there forever and that they're sharing their data with a, a bright audience or, or the whole world. But this does not need to be true. We need to set standards, we need to educate and yeah, I think we Speaker 26 03:45:51 Have to help on the business cases. I think that's the, that's the disconnect. Yeah.
There, there is a dis a misunderstanding between the technical and the business and the utility and we need to, to do more to close that gap. Yeah, Speaker 14 03:46:04 I I think in Germany we have the saying, doing the one thing without neglecting the other. Right? So I think standards are terribly useful. I totally agree. I'm a big fan of standards, you know, all the, the processes, the tedious, most tedious thing that you can do. So I I I I appreciate everyone who's doing the work in the standards, but because I've been there and I've stepped out again, but I appreciate this.
So actually I think doing stuff while building the standards and rolling out stuff where it makes sense is what our most vital interest is, is these days. So actually we can look at fields where we can have compliant and and aligned to standards, kind of scalable solutions that make just sense and provide this usefulness to everyone who's involved. I give you three parameters, if they come together, you will have an ideal use case for deploying decentralized identity. Speaker 14 03:46:55 So first thing is it's a totally tedious manual process with lots of paper involved.
The other thing is, it is it is not completely bound to regulatory standards. So you have some leeway to do stuff. And the other thing is, it is something where you have interoperability needs across different industries, many different stakeholders or different organizations and you want to bring them together in the most efficient and flexible and dynamic way. So if these three things come together, you will have a perfect use case for decentralized identity and what I call often decent digital transformation.
And we have built a, a product exactly in, in this kind of sweet spot and, and it, it's, it's just flying. So you'll be seeing something coming out of our kind of ecosystem with a partner, which is also leveraged through trust and open wallet and, and all that good stuff to demonstrate scalability in a cool use case across many different organizations. And it is just useful because it's coming from the domain experts who saw the case and brought in the, in the, in the, in the the business case and said, wow, I understand this SSI stuff can solve my problem for good.
And yeah, we have to look for these use cases and then build them. Yeah, Speaker 27 03:48:14 I think what we've heard a lot today about technology in terms of different approaches coming in and what, what the Open Wallet foundation does is it, it has a, a good approach towards people at the end of the day because as we're saying, all these use cases are basically people pain points. Yeah. And we don't need to know if there's blockchain behind it. We don't need to know there's SSI or DIDs behind it.
What we need to know resolves their pain and it does it in the most private and secure manner. So it is really important that that people interface is still there. Speaker 17 03:48:49 Yeah, totally makes sense. We're running out of time. I kind of like, I think there's only one word also I think it's very important the collaboration kind of leave us on stage here and talk about bank ID and how successful that actually is in Norway. And of course all the banks was kind of like collaborating.
The interesting thing is kind of like the same infrastructure is the most successful public government infrastructure also. So not only can I go to either all the banks login to all the services, I can actually reach 3000 government services with the same bank id. So actually a really good example of collaboration between the government and the private industry. And with that, I think we are out of time, So we have almost achieved it. Thank you so much for enduring here without bio break.
Drummond, are you going to say a few last words Exactly that you, you've heard from so many panelists here we're going to try and we've taken you half an hour over, a little over that. So we're not gonna hold an overall closing panel. We're just gonna leave you with two key thoughts about the Open Walnut Foundation. We're here to produce code, so if you have code that you want to contribute or you know someone who wants, who is in that position, talk to us. Okay? It's all about that code and what it proves out. The other thing we need is resources to do the work.
And that means if you're interested in membership, talk to us about that. This gentleman here will certainly talk, you know, he'll talk your off about it if you want, if you want. And we thank you all for, for coming this, you know, I I as with Andy Tobin, I'm from Gen Digital, we are totally committed to open wallet. We're one of the four premier members and you'll be hearing sessions throughout all of the rest of this conference on different aspects of this. I'm glad we started out with this because it's gonna take us all week to to, to talk through it. Back over to Daniel again.
Thanks very much for coming. Thank you very much. Enjoy your lunch.