So my name is William Collier. I am one of the co-founders of Trust Agency. Trust Agency is a consultancy company that is specialized in ADAS consultancy. So we are already busy with adas from 2015 and some years ago, we and teams and myself, we joined together to create a trust agency. And since then we've done projects in, in for different companies. One of the major companies we are working for is Belgium Mobile ID who created, its me in Belgium. And so that's why also on my name tag, I have Belgium Mobile id, because on Friday I'm gonna present for Belgium mobile id.
This one normally has to be given by women teams, but because he was very, he had an urgency with the customer, he couldn't join and took over his presentation. So the basis of for this presentation is a feasibility study that we are doing in cooperation with a company called Hyper Volt.
Hyper Volt is a company that delivers a SaaS solution, a software service solution for keeping and managing secure information for a company sensitive data on amongst others passwords.
And so together with them, we started the feasibility study to see how we could optimally implement electronics of attributes in the business context. That study is supported by the Flemish government in Belgium Flyer who gave us a subsidy for executing the study. And so the study's o ongoing, it's supposed to be finished by August, but in the meantime, we already have some information that leads to some conclusions. So examples of attributes in business, there's an enormous lot of them.
Of course, you've got people who work in or with organizations. A very obvious one is the role of a person in an organization, but you can also have certain characteristics of people working on, on in organizations like for instance, the trainings that someone has followed, like for instance, certified information system security professional might be willing to share the fact that he has followed the training with other people via a certificate.
But also for objects do remind that in IDAs two, electronic at stations of tributes are also intended for objects.
And here I took as an example, the conformity at the station of a car, for instance, which today is a paper document, a paper certificate, which might perfectly be changed into an electronic at station of attributes. There are an enormous lot of other types of attributes where companies define these attributes. And according to adas two will be the primary source, and so the authentic source for those attributes. So today what we noticed from our interviews that we did with companies is that there are three main types of sharing of attributes that are used today at this moment.
The first one is of course, paper documents with all all kinds of stems and, and signatures. There's still a lot of those going around not to be underestimated and leading to a lot of work of, of manual stuff to be done and, and typing over in systems and stuff like that.
Something that happens quite a lot as well today is electronic documents, typically unsigned PDFs. So unstructured data not signed, so not, not a lot of security.
And another type that happens a lot is online lookup services, A central system where the data is being gathered and where people can either manually log in and, and look up the data or there is an API, which can be used and, and often it is both for service systems to automatically fetch the data. So all of these systems that are used today have pros and cons. Paper is a very easy to use as an easy adoption, but the, it's often quite difficult to validate whether it's falsified or not. And the automation is of course an issue. PDF is more or less the same.
You have not a lot of automation possibilities or, or easy validation either. So that's doesn't bring a lot of extra value except that it's much easier to send over to other companies. Lookup systems. Those are have the big benefits that you can automate, but there is an adoption problem. You really need to have access to those, that system. And so everyone needs to link with one central party.
I don't have to tell you that a two is in effect in the meantime and that it brings to novelties European digital into one of the, but also qualified electronic attestations of attributes or non-qualified electronic stations of attributes. The big benefit that this brings is that where we already know verifiable credentials in the past, that now we will have a standardization that will be imposed via the technologies that will be indicated by the implementing X, and they also have legal value. There is also the European digital identity wallet.
Of course, I don't have to explain anymore, but it is after one and a half days at the EIC. The topic has been discussed quite a lot already, but some things which are important for the uptake of electronic attestations of attributes in business context and which will drive the adoption quite fast, I think, is that this is a tool that will be delivered to each European citizen.
So each European citizen will have access to it. It will also be imposed on a number of companies, like the very large platforms, but also several sectors like banking energy, et cetera.
And so that means that the electronic stations of attributes, formats and, and the technologies around it will be pushed quite a lot by the European Digital identity wallet. That means also that it becomes applicable or available to business processes as well. And that you have, we will have a tool that will help a lot to secure and automate business processes with electronic stations of attributes. So the properties which are interesting for businesses, it's verified information. Normally the it's cry cryptographically verifiable.
So you're assure that it's not being falsified, it's structured data which allows for automation. It has some building privacy characteristics, which can be important to convince people to adopt them. And it has a decentralized portability. So that means that you don't have to, to integrate with companies you deal with. You just can in different possible ways, provide at the stations to another company who can verify it and who can take in the structured data from the attest station without even needing any API integration or whatsoever. And not to be underestimated.
Also, it there is a traceability and auditability, which is possible with electronic at stations of attributes, which might be quite important for any compliance procedure that you might have in your company.
I can't click on the next one anymore. It's not a touch screen.
So,
Oh, okay. So the ecosystem in, in the business side, we will have an authentic source, which is obviously the business, which is the source of the information. There will be someone who will need to be to create the electronic destination of attributes that someone will be a, a truster provided by definition. If it's the company itself that does it, then that company will become a trust service provided by definition, which means that it'll have a number of compliance requirements to deal with.
It'll be an important entity under these two, for instance, it's there, it'll be supervised by an a supervisory body and stuff like that. Also, if it's non-qualified. So it's possible as a business to issue your own attest stations, but that those are the consequences. And so companies today already issuing verifiable credentials or in that case, by the way, then once the electronic attestation of attributes exists, of course the, the TSP will not keep it within either.
It can be taken up and or, and or distributed with and, and by a wallet, a European digital identity wallet or another kind of wallet. Or it might reside in some company systems.
And if, if it's for object, that's not required. If it's for people, then consent might be required to, to deliver it to other parties. But that's something that we already do today. If you consider GDPR and other legislation related to privacy, then you can do that. And so that means that the attestation can be easily be provided to the relying party who can verify it and who can use it to take up the data in its own systems Implications. The are a lot of advantages of using electronic attestations in business. It allows for full automation of decisions on eligibility.
If someone can enter a certain area or if someone can can log into a certain system, there are a lot of these kind of decisions that have to be taken every day.
It'll get rid of falsifications. Typically in the paper world for instance, diplomas can be simply bought online. And for the verifier, it is very difficult or impossible to verify whether that stamp on that document is, is is real or not. That will not be possible anymore with electronic attestations attributes.
But there will be no big, big broader kind of thing because there will be no central system which can also monopolize certain business case. It has trustworthiness in its score, it has been designed like that and it will deliver a strong evidence in compliance processes. If you will need, after a number of years, have to prove that you have verified whether a certain person had the right characteristics and you have kept the electronic at station of attributes, then you will be able to show the auditor we did it the right way. There is an impact.
The whole ecosystem that I've shown needs to participate. It's if one of those parties is not participating, then it doesn't work and the relying party needs to be able to do the validation. There are also a number of risks. ADAS two is very new. The technologies that are being cited are still, a number of them are still being standardized. So they're not, they're they're, they don't exist even yet. They're all are based on all existing technologies, but those will be adapted. And that means that there is a risk that something does not work as foreseen.
And there is also a, a risk for multiple speeds of adoption. Not every company in the business context has the possibility to quickly adapt their informatic systems to make sure that they can work with electronic at the stations of attributes. There are even a lot of businesses still working a lot on paper who do not have a lot of informatic systems.
And asking those to be able to work with electronic decision of attributes will be an issue. And as I mentioned, if the whole ecosystem does not participate, then there is an issue, then it'll not work.
And so that's why at the trust agency we worked on a format for electronic attestations, which we call the hybrids electronic attestation of attributes, which is the normal type of electronic attestation of attributes, which is simply attached within A PDF that contains the same data in unstructured formats where the PDF is sealed by the issuer and the link between the attached electronic attestation of attributes and the PDF is included in that seal.
So that means that you get a human readable PDF, which can be used by any company and an automatable electronic attestation of attributes in attach within the same file. So the user who just looks at the PDF doesn't care about the attestation in attachment.
He will probably not even see it because normally the attachment pane is not open. You have to manually open it to in order to see that there's something attached.
And, but if the attestation of elec electronic attributes is provided to a company who has systems that can deal with an electronic attestation of attributes, then it can be posed from the PDF and all of the benefits of the electronic attestations of, of attributes is, is is there including the fact that it's structured data which can be immediately injected in the back office systems of the company.
This is something that I proposed to Etsy for standardization trust agency as a member of Etsy, EESI, where the standards of electronic signatures and at station stations, et, et cetera, are being created. And so in end of the month, there is a meeting in Amsterdam where I will defend this ID with the intent that Etsy will standardize this as and Etsy standard comparing with the current solutions, the same table as before, but now with the electronic attestations of attributes and the hybrid electronic gestations of attributes.
So you see that the electronic attestation of attributes scores very well. The only thing which it's scores bad on is the ease of adoption because you need to adapt all of your IT systems to the, to be able to deal with it, you need to be able to validate electronic station of attributes and you would need to be able to deal with the, the format of the electronic station of attributes, which is not the case with thehy hybrid electronic decision of attributes.
The only dis benefit of EL hybrid electronic decision of attributes is that the selective disclosure is not possible as long as you need to keep the PDF part. But keeping the PDF part is only required if you do not have electronic detestation of attributes capable software. Because once you have that, then you can of course just extract the electronic detestation of attributes, apply the selective disclosure and, and deliver only the attributes required to the relying party. But if you have that software, then you can also use electronic attestations of attributes to start with.
So where can you use hybrid electronic attestation of attributes in all cases where you have an ecosystem where not all parties are ready yet for electronic ation, for attributes, there is that lack of dis disclosure that might be a deal breaker in some cases, but normally not because if you need to use PDF, then you already don't have selective disclosure and the, it's certainly advised where as well human readable and automation are both requirements.
So electronic ions in business will increase the trust and security in the dealings between businesses.
It'll also improve privacy thanks to the, what you have into the electronic station of attributes. Think of your GDPR requirements. It might ease some of those and it will make a lot of use cases less expensive because treating paper and PDF unstructured documents is quite expensive because it takes time from people to deal with it. But there is the big, but it requires adoption by all part parties involved in the use case, which is not always easy.
And that's why the hybrid electronic attestation attributes will help in the transition towards electronic attestations and reduce the risk of a digital divide in the business world. So that's concludes my presentation.
Thank you, VIM, and thanks for stepping in at the last moment. Thank chance for a question before you, or do you want coffee? More?
Okay, great. Well, thanks again.
