KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
From Bangalore to Brussels, projects are launched that view wallets as digital public infrastructure serving all people. Hear from leading voices around the world about the current state of affairs and plans for the the future.
From Bangalore to Brussels, projects are launched that view wallets as digital public infrastructure serving all people. Hear from leading voices around the world about the current state of affairs and plans for the the future.
Morning, welcome to day three of the European Identity and Cloud Conference 2024. My name is Mattias Reba. I'm half of the moderators for today's track and you are in for retreat. I can promise that you are in the room, CO one, and you are here for the track, decentralized identity and global wallet. And without much further ado, I would like to introduce my second half of the moderator crew, Daniel Gold, and he will take over from here for the next panel. Please welcome Daniel Gold. Thank you very much. You should never applaud before the session.
Let's, let's see if we can live up to that. One of the amazing thing about EIC C is that I feel like I almost don't need to introduce myself because I recognize so many people in the audience. But for those of you whom I don't know Daniel Gold, I am the founder and executive director of the Open Wallet Foundation. We are trying to bring as many people as possible together to talk about how we can achieve secure digital wallets that are interoperable on a global basis. We've just announced last week a corporation with the United Nations. So now we have two homes.
One is going to be the Linux Foundation, one is going to be the ITU and U-N-I-C-C as part of the un. And it's really all in the spirit of trying to bring as many governments, as many people from the private sector together. As you have heard, we are really proud of the setup that we have for you today. And we start with a really big panel. It grew quite a big, we're starting with a few people here on the chairs and then you will get a couple of surprise guests.
I'd like to call our panelists, I don't know in which particular order, maybe Christina, Christina Yasuda, whom a lot of you are going to know formally with Microsoft and now with print. And then our host Martin Inger and promote Varma Anil John and Paolo DeRosa. Thank you so much for being here, please, Christina.
Oh, okay. We got, we got instructions that we should flank everyone. We will have only 25 minutes rather than 30 because of some of our surprise guests.
So let's, let's cut right to who are you and why are you here? Christina, if we can ask with you, you have just moved, you've been in Seattle now you are in Berlin. What brings you to Berlin?
Hi, I work for German Federal Agency of Disruptive Innovation. In case people have been wondering what brand stands for our goal, we are tasked to make sure German digital identity wallet ecosystem as a whole is successful and we are focusing on the areas where government, you know, can play a role and help private sector to accelerate that.
So yeah, that's who we are. Good morning. My name is Anil John. I'm a technical director with the US Department of Homeland Security. Reason for being here obviously is that I am my partners in the US government, US citizens of an immigration services and US Customs and Border Protection are the agencies that deal extensively with cross border trade, cross border travel, citizen immigration services. And they are also the agencies that are leaning into and implementing the three party identity model using VER Farber credentials and the associated standards.
So speaking to how to do that in a manner that is globally interoperable is something that I'm looking forward to. Can I ask a quick question? Who here is not familiar with the EUDI wallet project? Can you raise your hand if you don't know what the EDI Paula? I don't think you need much of an introduction.
Yeah, I'll be very brief. I'm, I'm, I'm Powell word for the European Commission. The G Connects are, we are supporting and leading the activity of the development of the wallet. Thanks together with the member state the expert and now we are opening up to all the whole sectors and also the civil society. Just say this, that should be enough and thanks being having me here, it's really a pleasure and an honor, honor to be at this panel of this very great guest And Pramod.
Yeah, it Always wonderful to be here. It's the first time. Thank you for having me here. So I've been the chief architect of India's digital identity system, which is issued 1.4 billion identities, digital identities and credentials. It's used about 70 million times a day. We also collapsed the KYC cost from $20 to 20 cents through complete digital KYC and that allowed a billion bank accounts to be opened for everyone. And we also collapsed the cost of realtime payments in the last 10 years from to about one 700th of a dollar for us to realtime pay for among 500 banks.
So we did a bunch of things and digital ID and credentialing was the essence of much of things we did plus digital payments, which is also coming to wallet. So Great place to be here today talking about that. Thank you.
Yeah, I'm Martin Coppinger, I'm here. I think in that case I ask for being part of the panel. I think I have some opinions on when we look at the title of the wallets we want about the user perspective, the user experience, but also maybe the verifier perspective on how would the ideal wallets plural look like.
Yeah, and that's the topic. Everyone here on stage has thought a lot about digital public infrastructure.
We, you know, said earlier this, this week when some of us were in Amsterdam on a panel that we have a perspective here from Bangalore, from Brussels, from Berlin. Anil unfortunately nothing with B but sorry, you can just cook up exactly when we talk about wallets, we want, in your opinion, what are the things we need to get right about digital wallets? What can go wrong and what do we hope that we are going to get right? Who wants to be first?
Yeah, thank you. I think it's important. My organization has a global touchpoint. So it is really, really important that the technologies that we implement are actually based on open standards implemented in a manner that allows for global interoperability. That's easier to say than it is to actually do at a minimum.
We are interested in a, in a future where, you know, I'm speaking to a European audience, obviously somebody in the future who has A-E-U-D-I wallet from one of the member states and is interested in coming to visit or work in the us, you are going to touch my customs and order border protection.
You are going to touch the US citizen citizenship and immigration services, which means that I want to be in a position and my organizations want to be in a position where there are documents that are going to be in your wallet that should be able to be presented to our infrastructure and we should be able to verify that information and at the end of that process we should be able to issue a credential and attestation, for example, an employment authorization document that allows you to work in the US into that wallet without going and getting something else.
In order to make that vision possible, we need to have a agreement on what makes a good wallet. And I'm using that phrase deliberately because I don't think that we've done the work in nor to sort of define the requirements of security, privacy and interoperability at the foundational level so that we all agree what that is and that is a vision and I think, and that is our intent and that is a vision and that is a future that I hope for here. Christina, Anil mentioned digital standards, you know, a thing or two about digital standards. Are we on the right track?
Are you hopeful for the future of digital wallets? Will we get the wallets you want?
Yeah, I think so. I think the first task we have in front of us is to take them to the finish line so no breaking changes at the table, take it to the finish line. So you know, that's glister clear. And then my recent realization is when we talk about standards, probably we should talk about different timelines, standards that we need to cross the chasm, build scalable solutions right now versus, you know, innovations technologies that we need more in a 10 year time frame to, you know, keep challenging how privacy preserving, how secure we can get.
But to answer your first question, I didn't want to go first because I wonder if we focus too much on the wallets in a sense that, look, there's so many requirements for the wallets, there's so few entities, you know, who be able to build it and in the end happy to be corrected, but I suspect a lot of people in the room are potential relying parties, right? And when you think about what data you actually need that should come first, like what data you need in this verifiable format to realize that one use case that can help your business to make money or drive down costs.
If you can answer that question, then you can start asking who is the issuer who can give you that data, right? And once you identify that issuer, maybe the issuer is willing to issue only into one or two or three wallets and issuer has already made the choice for you which wallets you have to use as a very far to get the data from just, you know, and as their perspective that maybe the wallets actually come come first. But I think PerMon has an interesting idea on issuing into user versus the wallet.
Yeah, I think we do too much focus on the tools and the f on the wallet. I agree with you. We must unbundle the issuance completely from where I choose to store those credentials and acceptance. We sometimes conflate these three together. It'd be fantastic if every certificate and every credential and every proof of work, proof of association, proof of earning and proof of who I am, which is identity and all those proofs to be converted to verifiable credentials of some standards, we should not be sitting around the room and trying to standardize it. I think their standards really evolve.
It's okay to have multiple standards then issue to the user. And we were having this discussion earlier a couple of days back, I I think we make a mistake by saying issue issuer will issue to a wallet rather we should say issuer. Issuer will issue to the holder and then Holder choose to add that to even to Google Drive. I don't care. I want to be able to store in a way I want be able to store. You cannot take away the choice of the user. Now of course you want it to be secure, you want it to be privacy friendly.
So you want some sort of a certification levels of assurance to be created because at the end of the day, the user will choose the right wallet for them to choose. It can be an open source wallet, it can be a commercial wallet, it can be anything else. State one of the member state issue wallet, but it's a choice of the user. So issue to the holder, holder chooses to store the way in, in a secure way the way I want it to be stored and it should be acceptable in a borderless Ann's point, borderless and permissionless manner.
If you don't do that, we will continue to create silos, member state driven silos, political silos, geographical silos where human beings want to move around, study a work in various geographies. And we want to be able to open up and it's very key for global south, I'm speaking because the biggest biggest case use case for us is the cost of identification and cost of verification.
And that cost is so enormous in global south, unless you collapse the cost through digital verification, none of the services like banking, you are talking about behind the stage, the banking services, insurance services or any of the services will not be opened up. So we are very, very, very supportive of what you all guys doing it, but keep it user centric, permissionless and borderless.
Paolo, do you care where where pits will end up? Yeah, I cannot agree more with Pramod and Christina said because from from technology's work in the institution, what, what we at at least I believe is that we are here to shape technology to reach a goal and not vice versa. And we always get lost sometimes in talking about technology, how it should work and maybe it's not the right conference to say that I'm saying something naive, but, but I mean what's the good wallet is the good wallet that will work at scale and will will be delivered looking to the needs of the user as was said already.
So I think, I think we need to shape the technology around, well obviously our principle that privacy and security, but all these things need to find the right trade off in order to reach that goal to be simple, usable and be around the needs of the user that not just the single user but also the whole community. And we know that this, the people are not constraints to necessary borders and, and, and silos that we are creating that technology or why we, I should have decentralized or centralized people doesn't care at all about these things. Okay?
So, and that's, that's why we are here to try to try to find this balances in the technology because we need to shape the terminology looking to this, not vice versa. This I think is also the message we, I try to explain yesterday. So let's not get stuck into fragmentation because of many reason that are not, do not care the user, the people that at the end are going to use the this system. Amen.
Martin, you are our host only fair that you have the last Word on this question. No, a lot of plus one first. So I think there were a lot of astute things being said already. Just a few thoughts from my end. The first thing is, is wallet the right term? So when I look at what I want to have in this thing, probably it's not a wallet that fits into the pocket of my suit anymore. So it's probably much bigger in the sense of thousands, maybe tens of thousands of verifiable credentials I have. And then I look at it from two perspectives.
I look at it lesser from an issuer perspective like some of others, but more from a holder perspective and from a verifier perspective, from a holder perspective when I take my own situation. So I have a couple of personal, a couple of business devices and I, I want to, to avoid that we end up, I talked about in my opening keynote about the risk of the wallet becoming the next decentralized silo.
We must avoid this situation and I I for instance, if I take the loan sample, so I apply for a loan and this is a business case where we're talking about incredible amounts of money for banks when you look at a KYC and email processes. But this is something I definitely will not do for my smartphone. I will do it from my desktop computer or for my notebook. So I want to have more than one wallet, but few of my choice I want to have the verifiable credentials in and there will be credentials I have in multiple wallets and I want to do that very simple.
I want to decide not only put it in that wallet, I would even say put it in that and that and that wallet and keep it synced. That is what I would like to have from a user perspective, which is not simple from a protocol perspective, but we need to fix it. I believe the other thing is, when I look at it from a verifier perspective there, when I talk with enterprise, there are two things which are popping out immediately. The one is a very well working revocation. So Martin is not a copy and call analyst anymore.
He's, he is and I will be there around for a while, but that must be there immediately. We will have also situations probably where we even go into sort of a real time issuing, think about liveness detection in a verified viable credential context. That is something where we probably go away from a pure three leg approach with issuer holder verifier, things to think about.
I also, that would be my, my last thing here for, for now, I would propose that we rethink the term level of assurance in the context of what we are doing here. My recommendation, well my proposal is, let's call it provenance. Provenance is different because provenance means it also shifted the the blade because for, for LOA you say the verifier has some guarantee of some liability. Provenance is much more a buy sided thing about which enables us as the verifiers to decide about the trust level we give. And I think provenance is, might be the better term in what we are doing here.
So let's think about it because l lo A is also a bit load overloaded already and it it implies a lot of liability guarantee, legal aspects, et cetera. If we know where does it come from this specific verifiable credential, then we can make a informed decision and that would be prominent. Thank you. We want with the entire track today to enable you in the audience really to be part of this because ultimately, you know, we want to answer the questions that you have.
This is a very condensed panel, but if you have a question now's the time to ask In a minute, but here's what someone else might bring in some sorts. Please show up again.
Yeah, we go. Thank Speaker 10 00:20:42 You so much for this very interesting discussion. My name is Thomas Loner, I come from data protection NGO and have been quite involved in this space, particularly in the EU legislation and thanks for the US colleague to bring up the example of border crossings. I think several others are likely like hotel check-ins late at night, many situations where consent is not really meaningful because it's very hard for a user to say no.
So how would you respond with the ri to the risk of over-identification or oversharing of personal information to situations where we might lose anonymity even in an analog world anonymity that we have to today where particularly marginalized communities might also rely upon. How would you account for that in the ecosystem on a microscopic way? Thank you.
Okay, so I, I think Daniel, you, you said the some something i i a concept that can be useful to answer to this question. That is DPI, right? DPI is digital public infrastructure. That is a concept that was emerged in in G 20 in India last year. And I think I like it because is a kind of pattern that described how the society now is thinking to build this infrastructure like physical infrastructure, right? Like the bridges, like the, the roads and so on, so forth.
And where, where the, the word public stands for public interest doesn't stay for public sector. And why I'm saying this because in the, in the in DPI and the the digital pipeline infrastructure, there are three main components that are the key. I mean there the needs to be built up, digital power infrastructure, let's keep it out for the, the the physical one like the, the, the connection. But in this three, these three are fundamentally the data exchange mechanism and that's is what the wallet is providing the payment, the fast payment system.
This is also a very important component that will allow a lot of use cases. And the third one is the legal identification. It's the legal identification. So why I am saying this, so with these three things, you can build upon a lot of use cases that are then taught to give inclusion to people, right? So welfare. So as the society is transforming digitally completely, it's, we are in a second stage of the digital transformation where the whole society is there.
When we talk about over asking for identification, I think this is something we need to work together on and explain that where the legal identification is needed, then that's the right tool to use. On the other side, we don't have the needs to use a legal identification. So I think, I think this, this is the, the, the key factor, this is the DPI is built to provide a public interest where there is a government or a, a private entity that needs to provide a service for a good reason. So I'm thinking about what India did, it's incredible.
So or what for example, in, in, in, in South America they're doing providing identity to people that have no nationality because they are migrants across all the staff. So we need to think about technology, how can improve this? So this is the way we need to think about and we not should, we, should I do agree what it should prevent to be abused in a sense the word is not needed. I don't need to use a legal identification to open my email account, right? So this is already a reality. So we don't want to change that.
We want to include people to have access to more things that they don't have today. So I think this is the way we need to look at. So when I heard that question, what I heard were two things, power imbalance that exists when an entity that is asking for information in order to provide a service and the current ecosystem where people just simply click the defaults that in order to share more than what is needed. So I do think that that in particularly in the context that we are operating, both of those things come into play.
And I definitely agree with aspects of what, and Apollo mentioned, obviously we come from different jurisdictions, so we also have different underpinnings. I will simply note that I think this is also work, I think that needs to be done in this space. Magic is not over, you know, and the couple of pre pieces here are for me it's also you, you need to recognize that imbalances exist. So how do we actually bring in accountability into the mix so that people who ask for more than what they need are actually held accountable.
That is a policy and a legal question that I will leave to people way above my pay grade. But at the technical level, I do think that we also need to have a discussion about perhaps coming up with default attribute bundles for specific purposes. So that when a person is given the choice of selective disclosure within a particular context, there are a, a, a specific set of attributes that might satisfy that needs, they are checked by default or they're not checked by default.
Is that something that might be worthwhile to work on so that it makes the user journey and what needs to be shared easier? So I that's where I came from on That question.
Christina, we just heard about, you know, digital public infrastructure. Polo mentioned it. Pramod co-invented it. I think there is an interesting digital public infrastructure project in Germany. The German word is Funke spark in English. And I think you have some announcements about those sparks.