Drs. Jacoba C. Sieders, Member Of The Board Of Advisors, EU SSIF-lab
KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Well, the title is quite long and I have to excuse myself because this is going to be overwhelming set of a lot of information and text. And that's not completely like me, but I have, yeah, I hope you can bear with me the European self sovereign identity framework lab. In other words, the SIF lab now self sovereign identity that speaks for itself. I hope European is about the European context or the member states are right. Go into that. And they have a purpose to leverage self sovereign identity as a means for interaction for the European union, citizens, businesses, and government.
That's the summary. And I'm going to explain how that came into being and what's happening there. So my agenda first, I'll explain about the European context, who is doing this since, when, in what context, what is the infrastructure and the framework we're looking at the real objectives, bit more expanded, some use cases that are really generic. And then how do we get more functionality in the framework and some specific contributions on what is actually being developed and who does that? So it's a lot of content. Okay.
The European context, first of all, the European mission is on top cuz they are initiating this. They find that this is a very important thing that we finally solve identity for the EU citizens. So to the left, you see three, let's say institutions or organizations or projects that do the funding. That's the who part and on the right, you see the technical part se connecting Europe, EP C blockchain infrastructure. And on the bottom, I did list three legislations that are important for this whole setup. If we talk about identity, we also talk about privacy.
So that would be the generic data protection regulation. That's privacy as a, a human rights. It's in the declaration, AIed us, the European national framework for national member state IDs to cooperate together. And of course the anti money laundering legislation. I put it there because in that regulation, we find the requirements for financial institutions who are big users of identity and also big providers, how to onboard a new customer before they can do business with somebody that's all given in the anti-money laundering legislation.
And that's all relevant for how to establish a passport level value, trust, trusted identity. So that's why I include also the three legislation and I'll drill a bit more deeper into what are these hosts of abbreviations and you don't need to remember them, but if you go online, you will find a lot more and you, this is actually quite huge. There are thousands of pages and you can easily get lost in the abbreviations. So the horizon 2020 program, I think it could be familiar to some of you. If you have looked at that, that's really large program in 2013, they thought about it.
The European union should be leveraging research, good quality research coupled with science, innovation, future technology health. And that's really very large. It's beyond the digital, it's also space and health and they're really large and they're handing out lots of money to initiatives. And then the, this flag, there were a lot of things happening. And one of those things is, was, was the European, the next generation internet. So that is about the digital life in Europe.
And of course they have all the European values that they want to establish with that internet inclusion, decentralized trust wellbeing. And there are thousands of in initiatives that are UN resorting on this internet of humans because not just identities is broken, but internet should be more democratic as well. So it's really parallel to the democratic moral values of the European union. They want to support. So they don't only fund stuff, but they also help people for networking. They have communities, mentoring, research, connecting each and everyone to do that together.
And that's not just government parties, but especially also NGOs universities, innovators. So it's for everybody, the internet of humans, the next generation, internet NGI. And then there's another party, the European blockchain partnership. And that's with all the EU member states plus and Norway and together with all these member states, they have to delegate in every member, state and a group of people, blah country, who are dedicated to that, to leverage the uptake of blockchain because they want Europe to be more leading in this technology.
And they want also like the next generation internet that everyone can take part. So that's a whole drill down from horizon 2020 to the next generation internet, to the real blockchain partnership. And they built the, the, the connecting Europe facility, which also has to do with the AE dust. And that's really an infrastructure way and they want a single European market. And this is more the commercial value, not just humanity and moral values, but really the digital market where a frictionless interaction cross border is coming.
So we're now coming closer to the identity problem slowly but gradually and the blockchain services infrastructure. And I will drill down deeper in that. That's actually a hands on infrastructure. Really. There are servers, there are blockchain nodes, really HandsOn, funded, and established by the European blockchain partnership. So now we know who we are, whom we are talking about. That's not just one organization and one project, but this is the, in the end. It's the horizon 2020 who's funding this whole as if lab. So I think questions, no questions. It's yeah.
It's just, it is what it is. Okay. Well Actually we do have a question from the audience.
Yeah, but this is a clarification question. Why does self sovereign identity get its name? And this may be a good time to clarify that Why I get its name. So I have to drill deeper into self sovereign identity, which I will do. I have a slide about that, but that's later on in the presentation, when I really got to the real topic, I'm now explaining European context, then I will go on with a self-sovereign context. If You then fantastic audience hold tight. It's coming.
Yeah, Watch out. Okay. Now this infrastructure that we are doing using for the self-sovereign part, which I'm coming to, it's a layered infrastructure. Like most architectures in any company, you have the hardware and the infrastructure. Then you have the, really the, let's say the, the, the software, the operating system, or in this case, the change and the storage, then you have the real core services. That's the yellow layer and these real core services. That's consisting of APIs, programming, interfaces, different types of plugs.
We can say that services can plug into and you can derive data from that. And that's a lot of European data registries that are now connected to going to, or going to be connected, like for instance, a data, whatever. So that's the real data data layer. And on top, anyone can build digital applications like identity wallets, or on other wallets. So this full layered approach is quite generic in blockchain as well.
Now, the European blockchain services infrastructure. So they try to make this the real day fucked standard. If you do anything with the European union, for the European union, a European wide blockchain solution that governments and private parties could use, then look at the FC standards. That's all online. There are huge lists of all these API specifications and standards, and they want to push this as the day, fuck those standards that everyone looks at. So we don't get hundreds of different claims.
This is the national European blockchain standard for the, for the Netherlands and one for Belgium and one here and there. They want to be that a unified approach. So we don't get fragmentation. And if they do it on a European level, it means we can have also built in compliance with all these legislations, which we have like GDPR, AML or whatever, and a lot more for different services. Cause for instance, there's a lot of regulation on financing on trade, on whatever, and that's all relevant when you are doing services.
And if you have a sort of built in structure and standards, then that could be easier for companies to be sure that they are connecting to the right sources with the compliant data and for standards. Now the software libraries are also there. So there are some, some brief app are made. They are making real libraries that you can already use. You can just take them they're there. And they're also having a tender.
They had a tender to the bottom layer for the infrastructure and the chain and storage layer for providers to deliver that because the European union does not have their policy makers and so on. So I'm not so sure how many developers are working there, but so they, they have, and they have strict selection process for that. And last week they found that Iotta, which is also a coin, a digital coin, but also company that could deliver this technology for this FC infrastructure that was highly in the news. And they are pretty green because they have their own way of proof of work.
And so they don't have this big, big energy footprint because that's also important. So now this is the infrastructure that we come when we talk about lab and on top of that, there is a number of use cases. Yeah. Anything that you need passport great. E I D four could be relevant, but also archiving. Now what's an ID without signing. If you can't sign anything, you can't have signed documents. Then what do you want to do with a high, highly trusted passport level identity? You also want to undersign stuff with that identity invoices, of course, big data archiving.
Well, there's a lot of initiatives and you see at the right E I D and E I D. Now we're getting to the, if stuff, but also AI is part of that. And also here on the generic layer, we have grants that can be allowed for contributors.
And yeah, this is a architecture picture. Again, you see four layers and at the right, you can see business open calls. And that's what SIF lab is doing.
Actually, the, if lab framework, they invite the audience from the market and from the universities. And even self-employed people, technology labs to do two things, business, open calls and infrastructure, open calls, business, open calls are developing stuff on the top, layers in the wallet atmosphere, the, and the infrastructure open calls are more in the lower levels for the real infrastructure. I'll come to that later.
Now, now we are here with SIF and after this, I will talk about that. Self-sovereign identity.
As I said, we have a lot of citizens in the EU, 13 and a half million, a half million students, companies and professionals, and they all need to go through the European union and study in a different country, buy a house in France or in Spain, coming from another company, doing notary jobs, opening a bank bank account in a foreign country, every daily business that you do in your own country, you would want to do that frictionless in a different country of the EU.
And we had AI at us, the national E I D framework to support that that's not self sovereign, but it does have some standards, levels of assurance. But why not try this with the self sovereign identity context, because that's thought to be the next generation, isn't it. And this would again, support the frictionless European markets. Okay. A lot of the same yeah. Game again for SF. And here we come to the self-sovereign identity. And the question was, why do we call it self sovereign?
Well, if you look at this picture, this is just a reminder. You can see the user in the middle. We call him the holder. He holds claims about himself information about yourself as a user. And that information is stored in a wallet that you hold, for instance, on your mobile phone. It's not information that in the old way, we had a silo that you have a lot of information, which is all the time copied everywhere, but you hold it, you are in the middle.
And the, the information comes from the original golden sources that creates that information. So if we talk about your passport, your identity, your national E I D identity, it's created by the government. You don't create your own identity. It's the passport is owned by our national government. They issue that they say, yes, this is really your name. This is your passport number, your social services number that comes from the government in any regular country.
And so if now someone else on the right side, the very fire needs to see that you are, you, you want to, you need to show your passport, your digital passport in this way. We are not going to give you the whole passport and copy it and store it and send it across the line.
No, we are you with your wallet. You open up the gate and the fire can look at the passport that is linked with the original source. So you decide here, this is my wallet, here's my passport. But actually it resides in the source that collect that created it. If your passport is no longer there or no longer valued, you can't show it anymore because they clear it there. Now there is a lot of technology behind it, and I have written here, the decentralized ledger. But the good thing about this is that in the user is in the middle.
And anyone who wants to see these very fireable claims and a fire wants to verify who you are. But the claim about you is issued by the original golden source. If that's your diploma for education, there would be the claims issuer would be a university. If that's your driving license, the claims issuer would be the national driving license authority. And these are a lot of claims about you. So actually you can say you have a wallet and in that wallet is not money, but claims that have a value for you, that you are you, that you are over 18, that you have a salary more than this and this.
So you can buy a house that you are really residing here, that you have this diploma. Anything that you may need to prove to a fire is in your wallet. There is a link with it, and that's a misunderstanding. We don't store the things in the ledger, but the ledger holds information where to find the data. So because if we store things in the ledger in a blockchain, you can't delete stuff you can update. And that's not clear good with the GDPR because there is a right to be forgotten. Private data should not be an ledger. Of course. So I think this is a bit about the SSI concept as a reminder.
And why do we call it self sovereign? Well, it's clearly the holder, the data subject, the user of that wallet about whom this claims are, he's in the middle and he's in charge to make sure that who can see it. And who can't, is this an answer to the question that I got? I see someone nodding. All right. Okay. Now this is a reminder about self-sovereign identity. It's a very simple explanation. Cause in fact, it's a bit more complex than this.
There's a lot below the surface and there are different ways of doing this, but this is what you have to remember that a holder with a wallet who makes sure that anyone can, he can pay with his claims whenever he wants to, but he's in the middle and decides what's in the wallet. Okay. Now then when they established S if L in 2020 was the first yeah. Actual open call, there were a number of things they wanted to prioritize. So S if L could show and prove that it works on the FC infrastructure, that self-sovereign identity implementation.
First of all, a good model that's could be reused or used for anyone doing self-sovereign identity for Europe, with the European governments. So we have a good model that this is how we intend to do it. And then the use cases, the generic use cases that the EU decided to think they were important was as I said, diplomas and educational credentials. So Stu there's half a million of students can go anywhere and they don't have to have a tedious process for studying abroad, but they have the diploma in their wallets.
They go to a different country and they can test this whole setup, how that works for the educational credentials and traceability of documents. The provenance of a document is also quite important. And especially in, in trade, there are often cases where the goods are coming from a to B to Z, but the paperwork takes twice as long, and it has to go through many parties. And then if you can make sure that all the paperwork is right and is ready and is easily shared across a number of parties who are by default, not trusting each other. And by default, not connected by any other infrastructure.
This could be a good way of doing it, trusted data sharing. That's more or less the same, not documents, but data and some cases they want to do in the future, but it's not done yet. Now is the management of the asylum processes, because there's a lot of paperwork as well. It's all about identities, UN unidentified people, people with no identities, making sure they're not applying in three countries in the same time with three identities and so on. There's a lot of fraud detection also there, and the European social security back.
This was the high level thoughts that they had when they established asset lab and then came the open calls. And the first one was last year, I think in June. And now I have given some of the logos of the parties who took part and some of them got selected, or I think most of these got selected and I had 69 applicants that were entering their 20 page paperwork.
Very, very bureaucratic that I have a proposal. I want to develop this and this, and this is what I need. And this is my work program. And these are the benefits, and I need this and this, some can you fund this? So there were 69 parties who were requiring money to develop on this self-sovereign identity topic within the EP C layered the underlying structure. So we have some conditions before they get the money. And sometimes it was really difficult to select because most business cases were quite good.
And there were also cases for really the business, but also for the infrastructure to improve that. And so there was a strict selection process, and we have done three open calls now, and mostly the business case should be valid. It should be really a useful thing to develop. It should not already exist multiple times. We're not going to develop the same functionality that's already there. It should enhance the usability of the European single European markets. It should leverage that. And even they look at is the team who are building this, are they gender balanced?
They get extra points for that. So there's a whole rating schedule with, I think, 20 or 30 criteria and every company and every proposal is rating. According to that, looking at the time to that list. And then there would be a number of them who would have enough score points, scored to be eligible first eligibility check, and then scoring the points and then really select those parties that were really good enough. And sometimes that was a problem because we had, we could only fund 10 of them. And then there were more or 20 or 15 who were having high score. And then it became very difficult.
So then we would have to see is this team able to do, as they promise. And there, lot of them are really innovative start of, so they are in the, the, really the newest of the newest, and they only have a P or they haven't started even, but they have written their architecture, but they still are not running in business. And some of them are really mature companies.
And one of them was, for instance, a ever was also, they are already a well known since years blockchain infrastructure provider, but they had handed in a question for money to make all their intellectual property and developed libraries, open source in order to contribute them to this infrastructure. And that's another criteria, anything that is funded through this, anyone who wants to contribute should undersign that yes, anything I develop is open source and will be used by anyone. So no vendor lock in no proprietary stuff.
Really, if you contribute, it's open source and everyone can use it. And I think that's a very good thing. And the EU has their own GitHub. You GitHub, where you can see them online for all these companies, what they were delivering and what they were proposing for. And one another thing is that they really want to improve the standards. A lot is new. So we don't have standards.
And instead of inventing everything in you let's do it jointly use existing standards where we can and build on existing examples and share instead of build so reuse before buy we for built, we say, when we have companies in this case, it would be reuse and share before develop. Now we had had the third open call and all the beneficial are now known and they're online. And of course, we also look at external standards like the w three C and the existing internet stand internet standards and blockchain standards. And it should be as compatible with old world as well.
Otherwise you get dichotomy between blockchain and the existing worlds. So a lot of these examples are building bridges with aid, building bridges, with PDF contracts, building bridges with, yeah, you name it. Any problem you find in the antique world, you have in blockchain as well, for instance, delegation of authority across different identities, or, you know, anything I've seen in identity management and M would be there and anything could be developed as an improvement. And now I already mentioned it. This is the origination, the provenance of documents.
In this case, trade documents, this company is already existing and they have this sort of collaboration platform where you can just have this traceability on the self-sovereign way in the blockchain manner. I have written the GitLab stuff below the links, and I think the time is up, but yeah, a lot of different connectors to the old world. One of them is a trust layer in the whole if framework. So you can have a trust per organization, give them a trust mark, for instance, and that could be shared, but you need standardization for that.
You need to define how you D define that the semantics you name it. It's a lot of work.
So this, we have now 30 nodes across the countries and it's in a test phase and it's also meant to be for the policy makers of the EU. So they can also play with it and really see what happens with the legislation, which is always far behind, but explicitly also for policy makers of the EU. So that can go in sync. I think this is my last slide. Some other more examples, the Fido bridge also importance. I would say, if you really want to know more, I have a lot, a lot of links. Most of it is just online. You can easily get lost there.
There's all the information and new information, but you can read all these initiatives and yeah, you could take part if you have your company and you want to deliver open source, you can come and help. And that's the request. Thank you.