Digital ID/Decentralized ID

Again, I'll hand it to Ika right away. Yes. So well welcome from my side, happy to be here.

Also, as a woman in identity, Angelica and I, we start our knowledge, our working together I think in 28 at the beginning of the Women and Identity Network. I'm happy to be here to, and to talk together with my colleague from the program about centralized and decentralized identities, a short pre few on the agenda.

What have, what have we brought, brought with us? So first of all, we will talk a little bit about the trends, the news in the SSI world. So identities, what is about technologies behind then everybody know, probably knows the word, the word wallets, which is I think in, in every mouth at the moment. It's very common. How can wallet wallets help SSI to achieve SSI goals? And the third topic we want to talk about is the show program, whereas Germany, on their way, what are we doing on the, especially on the public level and what impacts will have e does to do zero on this stuff.

But first of all, I think we should introduce ourself a little bit. Lily?

Yes, thank you. My name's Lily. I'm working at the European School of Management and Technologies, specifically at the Digital Society Institute. And I'm the head of the accompanying research team for the showcase project security identities.

And I'll, I'll go dive deep, dive down into the topic of the show archives project in the, in the later stage of the presentation. But for now, all you can know about me or, or you may know about me, is like I focus on technology, politics and law in in experience level.

I go into, I've been going deep deeply into identity management in Europe and in Germany specifically. So then let me introduce myself. My name is Ika Van Froy. I'm a director at EY Cybersecurity practice more than 20 years in the security topic, working in different projects for different clients in different sectors. I'm an expert in, in, in digital identities and I'm working together with Lily in the AC company research, which is quite a stupid word, my perspective for the HANZA program, which is sponsored by the Federal Ministry of Economics. Economics. Then.

So let's talk a little bit about the news, the trends in the self-sovereign identity world. What are the use cases especially we saw Can you go one, sorry. Yes. So huge case use cases for use cases for digital identities.

Sorry, struggle a little bit with the words, use cases for digital identities. We found them in every area of our life, our day to day life. And what we currently see are many initiatives, even on the European level. There's a huge sponsored program, large scale pilot called, but we also find a lot of initiatives in small business, in public and private partnerships around the world. Use cases of course in the part of government. All this stuff around, I change my home, I need a new driving license, all this stuff.

And of course we saw also some use cases and more in the private sector around the mobility services. We all probably use shared cars, bikes, all these new services around mobility. What is very common in the moment and is lots of PE people are talking about is bank account opening.

Of course, if you ask why do we have, why do I use two colors, the blue ones, the six blue ones are part of the late large scale pilot sponsored by the European Commission. The other ones are most of them part of our shelf and support come. But I think what is really important to have all these use cases or to implement all these use cases are of course a kind of self sign identity, self-sovereign identities.

And what is also important, and you can find this in the, in the guidelines from the federal office for information security, that there is of course certain level of confidence, a certain level of assurance when we interact with staff sovereign identities. Question from my side. You all know what self-sovereign identities mean? We use this, so if not, we can talk about this later, but just keep in mind.

Okay, so what are the elements we typically use in a self-sovereign identity ecosystem? You probably know the triangle of trust rust. So we have on the left side a a kind of an issuer, a person, an institute, someone who gets, who give you a kind of a certificate, AFI credential. We have the top of the slide, the owner in the kind of a IGN identity. It's myself or it's yourself.

You probably use the kind of a wallet of a app and we have a verifier and every time you interact somehow with yourself and identity, there is probably the verifier and there's a trust situation between this issue and verifier. Just to, just to Verify the Verifies the, just to verify that all the, the certificate that the certificate is of course written.

Just one, I'm sorry. Topic. Apologies. You probably have heard DEE does 2.0. So from a European level, there is an A regulation coming up really early this year, two, three months ago. And there is also the architecture reference framework. And this two topics really help us all the people working in this context of IGN identities to build up an inter wide ID ecosystem and you will find necessary requirements, guidelines, how to, to tackle with all this stuff around secure identities. Then I'm trying to go to the next slide in the back.

Yep, please. Sorry. And person in the back.

Yes, yes. Is it?

Oh, but In The meantime, but yeah, it's Probably there are questions so far. Yes, Exactly. You Can overcome a little bit. Are there topics you would raise?

Yes, lemme come to you. What is, yeah, so Repeat the question before anybody who's Tuning In. Yeah. Virtually what, yeah, what is the self-sovereign identity would you like to Yeah, So basically the principles of self-sovereign identity is the idea that the power lies in yourself to decide whether you want to use your data for which purpose. And that the, the other party that want to use your data, they need to explain what they want to use it for, for what purpose and in what way.

And the idea, there's, there's a couple principles, like a whole list of principles that you can look up. It's, it's really famous. It's a whole list that I can't repeat right now, the, the whole list. But basically it goes in the sense that you take back the power of, of your own data and basically it's, it's more transparent in the sense that Yeah, the usage of data is, needs to be explained. So also this, this trust, the triangle of trust kind of explains the process of it. And in the end they, they always need to explain, okay, why I am using this data.

And one of the principles of the, of the EUDI wallet that you might have heard in some other presentation already is that it's a new wallet that's being introduced by the EA regulation also with a A RF 1.4 at this point is that you need to, you need to comply. No, you need to say yes actively say yes, or you can also say, no, I don't want my data to be used for this purpose, but you also need to say yes if you want this data to, to be used. So that is basically, I would say the principle of self-sovereign identity.

And a very, I think a very common and easy example is if you are somehow 18 years old and go to a, to a mall and want to buy some, some alcohol at the, your are forced to show your ID card. But for the the lady or the the man at the casa, sorry ca it's not important who you are, where you live and all this stuff. It's only important if you are more than 18 years old or not. And in the case of a surf IGN identity and this digital identity, you are able just to show the relevant attribute instead of all this information.

Yeah, the term is called selective disclosure. Yeah, If you wanna look it up. Yes.

So now, so now we can move on. Yes. So I just raised the topic wallet. Wallet is something very common at the moment. And of course wallets are a way to achieve goals with self-sovereign identity.

So what, how can you describe a wallet? There are of course somehow official definitions on, so it's a kind of a software of an electronic device or kind of an online service that enables yourself an individual to, or of course we also talked about identities of, of organizations, so individuals or business to make transactions electronically. That's were really easy. I like the, in the definition more, that's nothing else than a digital and a decentralized storage place where of course you can store all the attributes typically in conjunction with your own person.

So your decree, your birthdate, your address and all this stuff. What are the strategic objectives around? So as I mentioned before, a wallet of course could be a key part of a service of right identity. So when we look on all the initiatives we had in Germany on Europe level, in the private sector, then wallets are often take often takes the role of an enabler for service for identities. And with the IIDA regulation and the update, the European, European Commission tends to, to fully realize their origin of digital identities and how this should go on.

Also, we have, i I mentioned this large scale pilot program from the Euro Eurovision European Commission. And part of these program is also to build a Euro European identity wallet.

And the, from my perspective, the advantage of such a wallet are really ambitious. So the certificates are decentral available, you have it in your own perspective, you can decide which attributes will share to whom. Of course we became a bit faster in our processing and we of course probably are able to to interact cross country, cross border and in the overall vision around the globe. Then let's talk about the she and Star. Exactly.

So we've, we've mentioned it briefly in the beginning when we introduce ourselves, but the last part of the presentation, we don't have much, much time left. So I'm trying to keep it really, really slow. Not slow at all really fast. Is that where Germany had it? And since we are part of the showcase project secure digital identities, we obviously, we know most from, from these projects. And how does EIAS 2.0 impact the use of private sector solutions that are already in, in place or are trying or built at, they're, they're building on it right now.

So just a bit of a explanation of what the showcase project is. We are a funded project, it's quite large. We have a accompanying research team that's us and for consortia, the one of those is already finalized that ended by the end of last year. But we have a many, many, many use cases that are being tested. So the idea was when it started was around 20 20, 20 21, the end of 2020, beginning of 2021 was when the ministry of economics said, okay, so we have this EID on our EID card in Germany and it's not really being used. There's no real use cases, the classic hand and egg principle.

So we don't really know what to do with it. Let's call out for a big project, let's give consortia the ability, kind of like there's not a, a product to be built, but kind of to like, to try and use electronic identities in different, in different cases. So on different levels. So in the municipalities but also private sector use cases. So it was really like a big playing field for many ways to try to make electronic identities more usable and to see where we can use. Also it was technology open, so it was neutral.

So if some started with a blockchain, then maybe you might've heard of the Chancellory Pro wallet project. It was the way it was built on a blockchain that was killed right away. And that wallets therefore led to a lot of projects having to re organize themselves to not use blockchain, the blockchain technology anymore. But to focus on other PKIs.

We have, I'm now I'm going to explain a little bit the four consortium, where they came from. So we have the ID union that started off in, in also building a decentralized identity. So they also started with trying to get a really good basis on different use case areas. They had the SSI principle and they also wanted to build on blockchain as well. They now have, they, their wallet that they're trying to implement is also compatible interoperable with A UDI wallets. And they have some use cases that are focused on the authentication of doctors.

The C back when it was still extremely relevant and cross organizational company identity and master management or organizational IDs. That's something that, for example, the large scape pilots that are newly led now, one of them is also focusing on organization id. So their project is really focusing on that. Then we have s dcas. DCA is really part of one big municipality. So that's a whole different use case area.

They focused on user experience, they focused on the, so-called SDI, so secure digital identity adapter that is trying to implement more seamless process on different use cases in on the municipal level and trying to emphasis on exactly sovereignty, interoperability and other principles. The fourth consortium is the I-D-E-D-I. They built their own wallets actually on a blockchain, still focusing on blockchain. But they have obviously since the political focus on blockchain went away, they also had to look into other, other technologies as well.

But they're still, they're developing a lot of different, different use cases and a lot of different ideas on how to use the electronic identities on different levels. They also have different cities that are involved, for example. So they have Leipzig andreen that are involved and are thinking of a big more broader level as well in the sense of the, so-called trust net, in which they want to think of, okay, so we have our, the, so-called our internet, we have the dark net, but where is the trust anchor or where is the trust in that network at all?

So they're trying to develop an approach, approach to an open interoperable trust framework. Then we have once, once it's already, they already finalized their project by the end of last year.

They have, for example, they really worked on the standards for the mobile driver's license that is now implemented by the large-cap pilot, I believe is one of the large scape, I can't remember which one exactly now, right now. And they also try to implement self-sovereign identity principles. So coming back to the question, how did the EIAS two impact projects in Germany? So they started in a time when EIAS two and the principle of the EUDI wallet didn't exist yet.

So when the, in 2021, the European permission was presenting their idea to implement a new European identity, it was extremely difficult for a lot of players in those four consortia to reorganize themselves. A lot were un a lot was unclear until today there's still a lot of uncertainty, which technology exactly is going to be used, which harmonization efforts are going to be accepted at all, and how the national regulation is going to adapt to the E IIDA 2.0.

So, but in the end, they still, a lot of them, they have been able to implement a wallet that is according to the EUDI wallet. So they really are getting into a successful transformation process. And now we've entered the last year already. So this year is really all about new processes and everything that we can do that is going to help these projects to stick around and yeah, find success in what they want to do. So in the end, things to consider is our, our recommendation is to focus on identity wallets for managing digital identities and secure data exchange.

The impact on industries with mandatory EUDI wallet adoption is something that we really need to look into because there's, since EIS 2.0, many more industries that are affected by it, just as, for example, NS two is going to impact much, many, many more companies than before. We need to look into also some kind of communication on the parties that are going to be affected. There's needs to be also, there is the vision of a digital identity by 2030 that I, I believe 80% are supposed to use digital identities by 2030.

So we should really focus on communicating that and yes, building good, good solutions that are helping our life. There is supposed to be the integration of digital identities in our daily life. And then cross-border transaction. And I'm giving the last point back to you. Yeah.

From, from our experience we had over the last three years or about four years, is that partnerships between public and private sectors are really helpful to bring use cases up to life and to involve innovative solutions. I think that's quite a good operating, working together model and we, we should more enforce these kind of action. And that's, with that we come to an end, just a quick overview.

So yeah, Or We will share, of course the, the presentation is shared, so you will find a Showen star on, on social media. You can follow us on Twitter or LinkedIn.

Of course, we have our own websites or every time you are interested in further information around these projects, do not hesitate even to contact us. So now we probably have some time for questions if there are one. Yeah.

Well, Well it's, it's the wrong situation. We've got great questions coming in from the audience and unfortunately not a lot of time, but, but there's a solution because there's a meetup happening at 1:00 PM Yes. That would be a great chance to come up, talk to both of these, yes, these two and get some answers. So thank you so much.