Digital Wallet Holder Binding

Great, thank you. Yes, Friday.

Well, it's still morning, so thanks for, thanks for coming. We're gonna talk about digital wallet holder binding, and you know, ultimately I think the, the takeaway is gonna be that the, the binding a wallet to a natural person is, is a challenge one that it, it seems that the Europeans and their European digital identity wallet aren't really pursuing. But we'll get to that and, oh, I just have to do it here, I guess.

So I use, I'm gonna use the e passport and the EU digital identity wallet as crutches, as examples. So what, you know, when we talk about global interoperability, digital identity, verifiable credentials, the best example I think around the globe today is what IKOA UN agency with 193 member states in cooperation and Iso s SC 17, working group three, providing the technical details have come up with, you know, but it's for a special specialized use case. Use working group three is all about travel documents. ISOs C 17 working Group 10, for example, is mobile driver's license.

They're very specific use cases, but very good for that use case. The, the governance framework that it's under is IKO trip, the Traveler Identification program.

Again, 193 member states all colluding to, to come up with a standard for the data format, the, the protocols for exchange and for the signatures. The trust ecosystem is IK o's Public key directory.

They have, for every verifi there's one and only one verifiable credential. Wait, I should say two verifiable credentials. 'cause there's, you'll see on the next slide, there's data group one, which is all the data within the document and data group two, which is the photo. So you could selectively disclose either all of the data and or the photo. And that's why I say no selected disclosure. 'cause you can't just provide first name, last name. You have to provide the entire data group and, and one issuer.

So with, you know, within this context, it's the member state that issues Oh, that's right. The, the verifiable credential. So what's in the green box? So this is the logical data structure with all, within all IKO passports. The green box is what's mandatory. So you could see all the texts, the document type like passport versus card versus visa, you know, the holder's name, birthdate, date of issuance, all that is required. And then data group two, the bit that's in circled is the required photo.

And from the IKO document, that photo should, you know, should comply with a, a different ISO standard for basically biometric interchange, which has quality specifications. It it, I use this as an example for holder binding because in 1995, IKO said, you know, the single best way to link the document and its rightful owner is through biometrics is, and they, that's when they were required in 1995, the phase so that if I present wing J'S passport, there's, there's gonna be a problem. Right?

And yeah, the identity claims and physical characteristics of the authorized holder are cryptographically bound to the identity instrument. And so when I ask the commission last year or when they were writing the legislation, will the pit include a biometric, you know, the personal identity data within, within the EU digital identity wallet. So when the pit is issued by a member state, will it include that as IKO has adopted many years ago, and the commission said that's gonna be up to the member states.

So I started asking member states, and they're not touching biometrics yet, but I think we're gonna see if, if this wallet takes off and people are using it to access online resources and we, we, there's no non-repudiation. You can't link it to a natural person. I think we're gonna see some gaps down the road.

Yeah, okay. And, and yeah, so I I I jumped the gun a little. So in the eu there's identity wallet.

Why, why have, why has the commission done this? Your wallet will allow you to securely identify yourself online. Well kind of, you know, how do we know it's really the, the authorized holder, right? All you need to know is, you know, you could have my phone and get my pin and that's, it seems that all the members states I've spoken with for the you digital identity wallet, it's something you have and something, you know, the phone or the wallet and the pin. Yeah. So how does one securely identify themselves online?

So, yeah, so here's the regulation. You know, they want assurance level high and you know, the assurance level high shall refer to the electronic identification means in the context of an electronic identification scheme, blah, blah, blah. And so the, the original EIA legislation talks about LOA high and says, you know, you must use two of three factors if you choose inheritance or biometrics where the person has been verified to be in possession of a photo or biometric.

So if they have a photo or biometric that can be used, then they define inheritance as the comparison of one or more physical characteristics against an authoritative source. So then I asked the commission what, what's an authoritative source? So in yet another piece of legislation, an authoritative source means any source irrespective of this form that could be relied upon to provide accurate data, accurate data. And for me, biometric and accurate data means good quality and or evidence that can be used to prove identity.

And, and so like we talked in the previous session, there's a lot of talk through this Fido. Well what does Fido do? It it it allows you to register a selfie. Is that an authority?

Well, I jumped the gun in gun again. Sorry. Let's see. This is whoops.

Yeah, so we need to start with an authoritative source. Oh, okay. So I'll get to the FI one next. So in authoritative source in, you know, where there's national id, that's, this is considered a foundational identity, un defines foundational identity as legal identity. It doesn't have to be this example i I did for World Bank ages ago.

But in countries where you have a national identification system like India, they enroll face, finger and iris, they deduplicate 1.4 billion people within India, residents, not necessarily citizens and create a not hard number, 12 digit unique number that's uniquely identifying even if we don't have a national ID like in the US or many other countries, you know, a foundational identity. If you look at what identity proofing the outcomes of identity proofing is, it's to resolve an identity to a unique individual.

And that's even N 863 A talks about that the, the outcome they want from identity proofing. The main outcome is establishing uniqueness within a contest. Same thing with iso Pan-Canadian trust framework. I already mentioned AHA and Australia UK have very similar. So foundational identity is a, a ultimately a government operation resolving an identity claim to a unique individual. So now I go back to Fido, is that an authoritative source? Does Fido do anything about resolving uniqueness or in quality?

We talk about in NIST and other specs when they talk about identity proofing, they're not talking about resolving identity. Say, oh, take a a driver's license, take a picture of it, and then take a live face and match that live face against this what? 10 centimeter photo, which is not a foundational identity instrument. A US passport, I argue with my friends at Department of State is not an authoritative source. Why? Because we take our own photos, maybe we manipulate it so you get oh bomb bush, you know, and, and then both of those folks could use the eGate.

So, so because we, Canada, uk other countries can take our own photos, typically print them out in a two by two piece of paper so that when we send 'em to Department of State, they could scan them. And in the meantime we've manipulated them is it's a real circus you catch?

Yeah, yeah, yeah. Yep. So EES has, European Union has other legislation that they've, that's passed legislation years ago and implementation was supposed to be happening already. Now the latest I heard this October, all third country nationals crossing the sheen border will have to go get registered in EES. And what does the ES legislation say? Don't use the passport photo. And when I ask the commission why, because of what I said, you, it's easily morphed poor quality. So they say the border authority shall create a file.

The facial image must have sufficient quality for automated recognition and it must be taken live, not by, you know, Dan in, you know, in his, you know, kitchen to make a passport photo. So yeah, so the, they expect, and and this is just article 15, I was focused on face 'cause that's what's in passport. Article 16 talks about the fingerprints.

So the ES legislation says starting October four figure prints from the right hand face will be enrolled in EES to, for deduplication to establish uniqueness and every subsequent entry and exit within a three year, they have a three year retention policy will be done using that face. That's in the EES gallery, not in your passport. Yeah. So holder binding, you know, we use, so basically what, what I'm talking about in this slide is Fido, you register again a selfie on a device to do matching on device. It's great in that your biometric never leaves a device.

But what level of assurance is it giving you? They claim IL two identity assurance level two or authentication assurance level two for the authentication. I don't know, it really depends on the quality. Fido does now have some quality standards and matching error rate standards associated with it. But it could also be more like a digital travel credential. If I have a foundational quality photo in as a verifiable credential, like in my pit, in my wallet, I could share it with a relying party.

They could capture a live image and compare it in the backend using their matching technology, using their thresholds. Not depending on Apple or whoever on device, you know, and, you know, and I say, what about pins? 'cause that seems to be the, the way that holder binding is going here. There's no non-repudiation, as I said, it's guessable, it's charitable, you really don't know who's out there.

So yeah, the, the safe wallet guide, I mentioned that here from the Open Wallet Foundation. We, Julian and I did a, a talk about that yesterday. But the safe wallet guide is in draft form. It's open to the public. We're gonna on social media, ask folks to review it, comment on it.

And yeah, there's links in this document. I'll, and I'll make this one available as well. But I think we have, yeah, we have just over five minutes. Yeah. For you Have some time for questions for Daniel. Anyone? Yes sir. You mentioned that PIN is not unacceptable hollow binding. One reason I think that say Pasky falls back to PIN is to support people who may have lost their hands. How do you propose we deal with establishing foundational identity for refugees that may have lost limbs in bombings or whatever. Right.

So it's, it's the multi biometric is the answer. So we do support U-N-H-C-R, bims, the biometric identity management system and yeah, I get to work on adhar as well. And Adhar is 10 fingerprints, two irises. Yes. There's people with missing fingers or missing eyes and, but you have multiple biometrics. So even if you lost the hand, you still have the other, there's yeah, there's multiple amputees. That would be the exception case.

And then, yeah, you have to do some other processing. Right.

You know, demographic based filtering. Another question.

Okay, Daniel, great. Well, as he said, he's around still and they had his contact details and all the slides will be available after the show. So thanks very much.