KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
The promise of the DIW (Digital Identity Wallet), which is inspired by SSI (Self-Sovereign Identity), is to give the user more control of which data they are sharing with whom. But do the users really want this? User control was also the intention behind "The cookie law", which brings up annoying dialogs, where only the most dedicated will do anything but accept the default option. This is very similar to the GDPR consents, where you in most cases have no option but to accept, to be able to continue.
The promise of the DIW (Digital Identity Wallet), which is inspired by SSI (Self-Sovereign Identity), is to give the user more control of which data they are sharing with whom. But do the users really want this? User control was also the intention behind "The cookie law", which brings up annoying dialogs, where only the most dedicated will do anything but accept the default option. This is very similar to the GDPR consents, where you in most cases have no option but to accept, to be able to continue.
So Jacob and Martinez has given a very good introduction now to, to the identity wallet and decentralized. And as an identity nerd, I'm, I'm really excited about this, but as a nerd, I also talk to normal people and, and try to convince them about this identity wallet and the good thing. And you know, the first thing that comes up is control.
I mean, both Martin and Jacoba mentioned you get control. Okay? What happened the last time we gave you search control? That was the purpose, right? Of both the cookie law on the GDPR. We're getting all these popups, and I mean, honestly, whoever reads them well, once in a while, but normally get outta my way, right? We haven't really given the user any control. So what does my perfect wallet look like?
Like this, it should be invisible. I, I don't really want it to be in my way. 'cause I know who I am and I want the wallet to take care of all that stuff. So wherever I go, well, it's gonna represent me unless I'm doing something stupid, right? If I go to this backyard finances, okay, hey, please stop me from doing this stupid thing. Okay? So look at looking at the users.
I mean, unless we get users board, this is all gonna fail. Doesn't matter if the legislation said that each member state has to issue Wallet, street, citizen, and residence, if nobody uses it.
So, so what do we want from this wallet? Well, there's some implicit requirements that people don't really, I mean, if you ask them, they don't really know this because they are implicit. And one of them is, you know, we talked about management and control.
Well, yes, I want to have the perception of controlling this, but I don't want to do the management. And I often compare this to an alarm system in my house, right? I could easily buy all the parts and install this myself, but I don't, I pay company to do it. Why? Because they're gonna show up if there's a problem, they're gonna send any batteries, et cetera. They do all that. I want the same thing for our world. I don't want to do that management. I want somebody I trust to do that on my behalf. I obviously want recovery. That's also an implicit requirement.
And for the pure SSI wallets where I'm the only one with the private key, there is no recovery. Well, yeah, and you store this recovery key in a safe place. And people, you know, people, they don't do that. You don't realize it's a problem until you're there.
I mean, if you lose the key to your house, you call somebody and they fix it or your car, right? It's a fixable problem. If you lose your encryption, key to SSI wallet, sorry, come back in 50 years, maybe we cracked the cryptography there. So I want also back to this invisible wallet to be able to set up profiles, right? So whenever I go to a health service, well, this is okay to share this information. If I go to restaurants, share my diet and allergies, if I go to, to a retail store, where am I shaping information and paving information, right? Do this automatic, don't bother me with this.
Every time this has to go automatic and then it's invisible. And I share this different kind of, of information.
And you, almost every presentation, you hear this, well, you have to buy boost, you have to prove you are over 18. I like the example. Much better rebate on public transportation. This could be either because you're of old age, but also it could be a medical diagnosis. And no reason to reveal what you want to say. I am eligible to rebate. I want profiles, right?
Me, the per private person versus the identity nerd versus the photographer, et cetera. You want to have this different profile that can represent you and then sharing different parts of your identity based on that. And you want all this help in setting this up. That is important.
Inclusion, fortunately that's being mentioned more and more now, that we want to be inclusive. It's part of the sustainability goals. And also if you look at the ID 2020 manifesto, it's, it's very clear everybody has the right to identify themselves and also digital. And they think, well, is that a problem?
Hey, everybody has has a cell phone, right? We're online, but there are non-digital out there. How do we handle that for them? Are we gonna exclude them for society? Without being able to identify yourself? You're not part of society. We need to include them.
How, how do we get these people aboard? And that's also back to the form factor. When we talk about the wallet. Most people think about an app on the phone. That's sort of the first thing that comes to mind. The the app is, sorry, the wallet is an app on the phone and it's there and it's only there. And if you go through down the, through SSI road, it's, it is definitely only there. But is this what people want? Is this what I want? I want to be able to access my wallet from anywhere, right? I don't want to be locked to one physical device. I'm sitting at my laptop.
I want to use my wallet at my Apple tv. I'm sitting in my car accessing my wallet. I'm in a traffic jam. I tell my car wolf, Hey, negotiate with the other car wallets in the other cars to get outta my way so I can go faster. Pay them a little bit money for that.
You know, that's an example for, for using the wallet and also for the people that for whatever medical, social, financial reasons cannot have, cannot afford a device. We need some kiosks. It must be possible to go in and also disaster example, my house burns down, burns down at night and I say myself, I even forgot my, I prioritize my wife or my cell phone, right? So I got her out, my cell phone is still in there. I now need to be able to identify myself. I need to be able to access my wallet. I should be able to go to some public office and access my wallet without any physical device.
And we need to solve these problems. And if that's not enough, we need to handle offline situations as well. We need to handle situations where people meet offline. There was a presentation yesterday on this scenario where you have, typically you go into catastrophe areas, you have on rescue missions, you have boats on the ocean, et cetera. We need to have this offline scenario. We need to be able to use the wallet to prove who I am in these scenarios as well, We're talking about authorizations. And I think the wallet is a really good example for that.
Or authorizations can be put into my wallet. I think the challenge with authorizations today is that are missing, which is one of the reasons I come from Norway. We use bank ID all the time, one in five actually share their bank ID with others. Half of those people are frauded. Why do they share lack of good authorization models?
Okay, they are, I mean, at the health platform, I, I'm authorized to look at my wife's health data and vice versa, but it's an all or nothing similar. The bank account. I can give you full access to my bank account. Really what I want is more granular. I want to say you can pay bills up to a thousand euros, but nothing above if it's more. Both of you need to agree on that, for example. And the wallet is a perfect place to put that sort of information. So we need those authorization, those granular.
And also one thing that's come, comes up more and more is we have more and more digital assets and what happens with them when we die. And also if you lose your marbles, I've realized I had some discussions lately on that, that's even more complex because okay, when you die, your egg is just as, as you're not present anymore and your next of kin will inherit you. But if you lose your marbles, it's even a bigger problem. And we have a project in nor Norway now working on this to simplify this process of that, should you give somebody full access to the wallet? Well that's interesting.
You won't get access to the bank ID because bank ID in Norway is in identification means as the wallet is. But you will get access to the assets, the resources. And I think we need to think about that. Okay? Challenges, of course, we're inventing something new. When we invent a ship, we also invent the shipwreck and we need to handle that. It doesn't mean we shouldn't invent a ship.
I mean, I'm being confronted with that sometimes. Well don't, don't you think we should do this? Of course we just need to take the necessary measures. And one of the problems that you know, really bugs me is how do we assure a unique link between the biological generic and my digital counterpart? How can we do that in a good way to ensure it's really me using my wallet.
We see, again, just to mention bank I a lot of fraud is because people are sharing the details. So the user of the bank, I is not the owner of the bank id. What if that happens with the wallet? If you cannot be sure that the user of the wallet is the owner, how can you then trust, I can buy booze or do something else. I'm using the wallet to prove something about myself. And there's an element of trust. You need to know that the user is the owner. This could be infringement. Somebody has been able to take over for whatever reason.
We need to detect that I'm being tricked to use it for whatever reason or I'm sharing it willingly. There are multiple examples. People sharing for convenience reasons. How do we know that the user is the owner?
Okay, so where's the excitement? Okay, I'm excited about this.
I mean, I'm an identity nerd. Hey, this is cool. This is really the way going forward. I've been doing identities for 25 years or more. And you know, we're so excited about all this. I'm going to have control and I have verifiable claims and all these cool standards and stuff. And you start presenting this to, to normal people, non nerds. And you know, well one set of credentials, multiple use in Nordics we had, well that's, we're using that already.
Well, you can prove you're over 18. Aha. So you're building this really expensive system so you can buy booze, you can prove who you are. Well I have my ID document. You can log in across eu, eh?
Okay, why limited disclosure? Doesn't Facebook know everything about me already?
I mean, how can we get the excitement around this? How can we get users excited? What makes user excited? Simplification? If I can simplify people's life, I can say, Hey, the government is now going to issue this wallet and it's gonna make your life simpler. Or you're gonna get some benefits or it's even gonna be fun and it's gonna make you safe. But what are the use cases for this?
Well, one I could think of and back to, to the, one of my first slides. I mean, what if the wallet would do this on my behalf, right? Don't show me this wallet here, here is my, my profile. This is what, this is the information I'm okay to, to share with the cookies and the, and GDPR, et cetera. And don't bother me as long as the, the sites I go to comply with that don't bother me.
If not, you know, pop up something and then who knows to whom you've given GDPR consent. Does anybody have a, do you have a write down? I've given GDPR consents to all these companies. Nobody knows that the bullet could do that for us. I could get a full overview of every cookie I accepted, every GDPR accepted and I could exercise my right to be forgotten in a very simple way. I could get this up and I could select them and say, you know, forget me. That would be, I think telling people buy, buy cookies and GDPR popups. Yeah.
That, that could be one. Okay. I guess a lot of you guys also travel. These are the first two pages of my how many pages of my travel apps. I didn't put in the one for, for Frankfurt, but I, I realized I had to download that as well. And I guess if I put 18 cities on here, nobody would be able to match 18 cities with 18 apps. Why is it this complex? Why can't I have one travel app in my wallet that will work all over Europe that at least people that travel would get excited about that, that would be a really good fit. Same with parking.
I mean, how many parking apps do you guys have? And it was this charging electric cars. How many electric car charging apps do you have around? Same problem, right? This could be in the wallet, like one way of doing transport parking, things like that. Face-to-face verification could be interesting. This is from the Swedish Freya app where I can actually bring up a QR code. You can scan the QR code and you get some verified data. Freya is not a wallet yet, but there, I think the most wallet ish app we have in the Nordics, at least Swedish Bank Id came out with a similar thing.
I can also show that QR code over a a over a, a video call. So I can just hold it up and they can compare my face and see that there's some, you may try to send the code, but now it's gonna say it's expired 'cause it has a time limit, obviously. But that could be a good one. Or even prove you're a doctor, somebody fell over on the street, you know, come or yeah, I'm a medical doctor, you know, well, can you prove it?
Yeah, here, right? So that could be an interesting use case. I was also challenged because there was gonna be a visit to my office, which was today actually. So I don't know what happened with that. But they were gonna have a lot of teenage girls coming in to tell, tell them about technology and the excitement around it.
And, you know, I was challenged, you know? Okay. What would they find exciting about digital identity? Right.
Well, so I started thinking, you know, okay, well they are heavy online users and they are at risk, right? For stalking, for grooming, dating fraud, et cetera. What if we can use the wallet to protect them in online forum? You need to prove you're a teenager to get into this forum, right? Or a location. So only for, for example, without revealing anything about yourself, your name or you know, where you come from, et cetera. You only have to prove you're a female and you're a teenager and you get into the forum. Would it make them excited?
I don't know because I, I wasn't there, but, but I'm gonna test it at some, some teenagers. But I mean, this would be seen as useful. You would hopefully be safe. But we are back to knowing is the owner of the wallet, the user? If we cannot trust that, if somebody's dad took the wallet and used it. So if it's q and a time, I think this is the time where I ask the question to you guys, where's the excitement?
What, what are the exciting, how can we create this excitement? And this is an honest question because I, I'm really, we really need to get there to get some excitement around it.
So please, you know, any ideas you guys have come back to me with that and I'll, I'll be working on that. And I've been always, you know, concerned about people in this.
But now, you know, we need to get the excitement. That was the end of our presentation.
