KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
The revision of the eIDAS regulation introduces new requirements, challenges as well as opportunities for organisations. In this talk Adrian Doerk provides a structured guidance of aspects organisations need to be aware of to be well positioned in the market. After a general introduction to the eIdAS ecosystem, the focus will be on organisations who want to issue and verify qualified electronic attestation of attributes to/from the European Digital Identity Wallet.
The revision of the eIDAS regulation introduces new requirements, challenges as well as opportunities for organisations. In this talk Adrian Doerk provides a structured guidance of aspects organisations need to be aware of to be well positioned in the market. After a general introduction to the eIdAS ecosystem, the focus will be on organisations who want to issue and verify qualified electronic attestation of attributes to/from the European Digital Identity Wallet.
My name is Adrian Dirk from Nanosphere. Today I want talk about what your organization needs to know to get ready for this upcoming change. And we heard it a lot. There's a lot of coming for us. So let's get, let's make sure that your organization is ready for that. And just one quick word about myself. I'm representing the Union consortia. We're funded by the German Eco Ministry of Economics and Climate Action in Germany out of 60, 70 organizations and work, gonna work on that trusted ecosystem. And I'm also a business development manager at lissie.
We provide software for organizations and consumers to make use cases happen. And before I go into that in detail of what we also already talked about a little bit, and I want to provide you with additional context, let's get to know each other better. So who presents here in the room and organization who is interested to implement a use case based on the European digital identity wallets? Hands up. Okay. These are the people who want to take, implement a use case who represents a solution provider who's enabling in order the software and organizations to implement a use case on hands up.
Okay. Take a look around so you're not to know who could connect later. And final question for the people who, who developed this software who's representing standards organization or representative of the Lars Gate pilots as well as the general, yeah. Regulatory and legislative process. Hands up. Yeah.
So that's, that's awesome to see that we have a lot of stakeholders here in the room who working on the technology, so I hope you can connect later in more detail. So let's jump right in. I'm just gonna mention some additional point. We heard a lot about the regulation already, so I'm just want to point out some additional points which haven't been mentioned already. And I think what is really important is that something we were talking about a lot of wallets for national people, the, the, the citizen so to speak.
And we currently haven't really focused on the topic of legal entities, wallets and organizational identities. That's something which we really should pay more attention to, I think. And that's also something which we do in one of the large scale pilots. And what we also will see is basically that the impact will be huge in terms of that we have 400 million European Union members or like citizens which will be able to use this kind of wallet.
So there's a dramatic shift in the landscape of identification, authentication and that obviously has an influence all on all business processes, but also for example, the payment sector. And that's what we need to differentiate, which I just touched on before. Torson already talked about different functions of these kind of bullets that you for example, not only have identification but also a identification, but also these kind of different attributes.
And actually that's kind of what my talk was last year here at I UP Identity cloud conference is about the UI and the UX of these kind of bullets. Because for example, you as a citizen, you want to be able to have a history of what kind of credentials you have been issued on what kind of credentials you want you shared already with a certain party, right? And that's something which these kind of wallets also need to, to offer in addition to, for example, the the qualified electronic signatures.
But from the organizational perspective, which I will focus on more in my talk is, is also very interesting in terms of this kind of European digital identity wallet. From an organizational point of view, it enables you to issue credentials to other wallets of a natural person or maybe also of organization itself. So in a B2B context, it can also be useful. And so use an organization, you want to be able to verify other organizations, for example, your suppliers.
If you have 100,000 suppliers, that's a huge challenge right now in order to be able to verify them and to get the necessary certificates, which which are required in order to onboard them to your system. And that's something which we currently take a deeper look into in order to make that possible in the future.
And you'll be, as you will be able as an organization to request these credentials and also to verify them, but also to request credentials from other party to store them, which are issued to your organization to be able to proof from your organization perspective, Hey, I'm really this organization that's my verified bank account and I can prove I have some kind of certification like an ISO certificate.
And the thing is that this kind of European digital identity wallet has more features from our expectational perspective when it comes to maybe it'll also be able to, to request and verify qualified at sign qualified electronic signatures. That's obviously in collaboration with trust service providers.
For now, it's not a hundred percent clear of what the legal, the European dish identity wallet for a legal entity will include in terms of the feature set. But this might be an opt might be a feature of it. Also the option to enable authentication. It might be bundled in this one application depending on the service provider in the market, how it develops. And for the citizens we hear that the reference wallet is currently developed.
These, this reference wallet will be tested within the large scale pilots and the wallets for organization. We're currently developing that in the, the large scale pilot, European Wallet consortium, charge e wc. And that's where we talk about this and have it as a focused use case. And if you hear about a lot about these different large scale pilots and their regulation, let's take a short and simple look of how these relate to each other. So basically to mentioned already this, they, they'll go in parallel.
I think it's here, this is important to understand, we have the leg legislative process, which also includes the trial log and the, the general approach and the architecture reference framework. But we have also this reference implementation which orientates about itself around the regulation and enables the testing for the large scale pilots. The NAU scale pilots then are used to get this, this experience, this firsthand experience with this kind of technology and then give it back into the legislative process in order to adjust things which are maybe not working or working very well.
And these kind of large scale pilots. Here's an overview of these four. So therefore big projects which are funded by the European Commission, the potential is one of mentioned already. And you also see the different kind of use cases they're focusing on potentially, for example is headed by Germany and France and the e WC consortia, we hear about it already a bit. They focused on these kind of trailer credentials, payment use cases and so on. And these kind of projects, they're just getting started. They organize everything.
They set up the, the legal framework in order to collaborate with the different organizations. And we have hundreds of organizations within these large scale pilots. So it's quite complicated, but they're having the kickoff either this month or next month. So they're getting started right now. And you will also be able as an organization to participate depending on the large scale pilots.
Some, some, some are more open, some are more closed. But in general, if you want to participate, some of them are also open to, to get involved. And then let's take a short look into the ecosystem. This is a bit more comprehensive ecosystem overview of what Toson showed, but basically it's very similar that you have the issuers of an identity and information that might be a member state when it comes to the pit, the, the A I D simplified the trust service providers, differentiating between qualified and non-qualified, which we hit already.
And then the wallet which had different states and the relying party which consumes this information in order to provide access. And that's, that's the, the really and from the crucial point here, as in an organization, I either want to issue some kind of credential, but more importantly and more likely I want to request some credential out of European digital identity wallet because that's the most, most, yeah, frequent use case in order to do business with somebody in order to provide somebody with some services, I want to have information, I want to onboard the client.
Most of the time I either know that nor them already, but most like more likely I don't maybe know them. It's if a new, if it's a new client, there's some some new information I need.
And that's exactly where the, the up digital identity wallet and its features will shine the future and enable this onboarding easily automatedly and to facilitate processes and verification and basically what you need in order to enable these kind of use cases and to communicate with European digital identity wallet, regardless of what ca use case you have, be it a B2C or B2B use case, you need some kind of software which connects your IT internal IT eco IT system and enables you to communicate with the European digital identity wallet.
And basically you have some kind of middle layer software, some kind of agent which represents your company and enables you dysfunctionality, discommunication and interaction with the wallet. And you basically talk, communicate with this agent via APIs and the agent will take care of the all the all technical details, which we heard about the talk before. I don't wanna touch on that to be honest.
That's, that's the agent's part. They need to really figure out you as an organization if you want to implement a use case, it doesn't really matter for you if it's an MDL verified credential, doesn't really matter at all. What matters is that, that you have the processes in place in order to make sure that you can communicate with the wallet. And that's the crucial point, what kind of wallet you wanna communicate with because, because depending on your target audience, this might be a different wallet, right? It might be a European digital identity wallet.
If you have some kind of KYC requirements, if you're bank or insurance or car rental provider that you need to request a mobile tribal license, then this official European digital identity wallet comes in very handy because they will have it in a, a verified state and you can request it and you can continue to onboard the client as a current rental company, right? But if you are e-commerce shop, you might not need a verified digital identity for identification.
You might only need some kind of information to contact a person and to request delivery, delivery information and payment information, right? We can do that today. We don't need a European digital identity wallet for that, but still a wallet might be very handy in order to facilitate this process and to increase convenience and most importantly, conv conversion rate, right? When it comes to e-commerce conversion is king.
So they might have a totally different requirement and a totally different target audience depending, and they use a different wallet and big supplier, big companies like Bosch, Siemens, DBAN, who are currently developing these organizational wallets, they, their target audience are their suppliers, right? They want to onboard suppliers. They have hundred thousands of them, right? They're talking to organizations, the European digital identity wallet for national persons, they don't really care about it.
It is important, but most important are the, the wallets of the legal entities they communicate with. And so depending on your target audience, you wanna make sure to understand what kind of wallet they will use. And you also wanna make sure that the agent, which you maybe use an open source framework for maybe which you develop yourself, maybe which you buy, that this agent fits your requirements. And let's talk about requirements then, right? First of all, you need to know, are you required as an organization to to, to support this kind of European digital identity wallet, right?
Currently, if we take a look into the versions which are currently discussed in the reloc, there are some kind of companies which will be required to enable or to enable the communication with a up digital identity wallet regardless of it's a legal entity or natural person. So if you, for example, a payment provider and you use secure, secure customer authentication or if you have some KYC processes or if you are a very large platform provider, Twitter, Facebook, and so on, these companies and organizations will be mandated to support it. So they don't have a choice, right?
And so, so they will directly need to go to, to implement a use case. And, but maybe you have the choice because you don't, you don't mandated, but you think it, it might be good. So let's take a look. Basically you want to assess the potential for the use case. So you want to understand first who's your target audience, what are the needs, what is your use case? But also what is the pain point, obviously yourself for them. And what are, what are the tops to be done in order to get the service running up and running and satisfy the needs of the customers?
What are the current solutions which your use or which are offered to the market? And what are the pros and cons of using an identity wallet solution? And based on that also, what are the outcomes to avoid? And based on the answers of these questions, you will be able to access, does it make sense for your organization to use a digital identity wallet or doesn't?
And so if, if it does make sense, you want to continue to the right and make sure that you identify the stakeholders. So who's issuing the kind of credential you want to consume or are you issuing it? Who's the holder?
Is it the, the national person and so on? And who's the verifier? Maybe you're the verifier, maybe the multiple ones. And also if you want to implement a use case, you want to ensure demand by the verifier. There is no point of issuing a credential if there's no demand for it to be verified in the first place. You also want to then spark interest of the issuer if you're dependent on it.
And you want to also define the, the use case specifications being that the processes involve be the semantic meaning of the attributes of the, the credential, the pricing and the business models behind it, as well as the legal, legal topics. And then you want to define your key requirements, your KPIs, be it, what kind of, what kind of hosting you need, be the SA solution or on-premise solution, what kind of security requirements and level of assurance requirements do you have and so on. And based on that, you want to choose the software. I mentioned before, there are multiple ones.
We at lisi, were just one of the providers, but they're a lot. So then you want to choose one of the providers and then execute your, your pilot gain experience, work on the details and then implement it into production. And that's it. We can at this point have three to five minutes for questions. And if you want to have either the graphic, the ecosystem illustration or test agent for free test purposes or 30 minutes of my personal time for your advice, you can scan the core code and let me know what you want and I'm happy to provide it. Thanks.
I think it's, it is really interesting that we we're getting from the kind of theory into reality, right? So I've been saying for a few years now, every organization is gonna need a platform to issue and verify digital credentials and the mandated bit. You say that's, that's heaven, isn't it? For anyone providing a a a service, these organizations will have to have it and they're gonna go out looking. So fantastic questions for Adrian. You've noticed by the way, we're not using the online q and a thing cuz we can't make it work.
Well, there haven't been any online q and a I've, I've been watching it all. Yeah, that's everyone's sticking their hands up. Any any questions for Adrian on this one?
Yes, hold on for the mic. So I have a question about this. So if an organization is mandated to do this, but different as in gdpr, there's no way what, what happens if someone ignores it? Like you mandate someone but never say what is the penality, what is the, what happens if you just wait? That's a good question. I think for now there's no answer to that. That remains to be seen and also remains to be seen what kind of companies exactly will be mandated for.
Now we have an idea what's written into, into the different general approaches and the different versions, but in the end we have to see what a trial log, what comes out. And maybe that's also something which will be specified to our later stage. We still have some time for the, after the log is finished, there's a so-called implementation phase which might go on for 12, 18 or even more months and then it's gonna be mandated.
So I think we still have some time to see what are the penalties and in such a case, A, a question regarding the APIs or or for this software that you are building, what APIs do you envision that wallets will be talking over? That you are connecting in your solution? So basically you, you as an organization, you cannot talk via APIs directly to the wallet. That's the reason you have want to have some kind of, of so-called agent or middle layer software, which facilitates the communication to the wallet.
Because as we hear the, we've talked before, we've talked and basically these kind of communication protocols, they're very specific. They have, there are different kind of communication protocols and and credential types and so on. And that's obviously obviously not something you want to worry about and want to figure out yourself as an organization, you want to have just an api you can call, hey, give me this kind of credential from this and this wallet and this kind of agent does it for you. It translates your API call into this request to the wallet.
And most of the time these are some kind of rest APIs or something which are pretty common and standard on a market. Okay, well thank you very much indeed, Adrian, thank you for this. Welcome. I'm sorry we've run outta time for questions. Thank.
