Panel | Open Source Wallets

Thank you very much. Final panel before we come to the break. And this is an interesting panel and for that panel that will be around open source wallets and open source always comes with that ring of I can do it myself and I can use it something that is around there. For that panel I want to invite on the stage Dirk Backofen from T-Systems International, Loffie Jordan from the AAMVA, Rob Otto from Ping Identity and Konstantin, oh now I'm lost, Papaxanthis. K.P. much easier from Scytáles AB to the stage. Please welcome to the stage.

So we want to talk about wallets in terms of open source software. As with every panel we start with brief introductions.

Loffie, can I start with you? Certainly. I'm Loffie Jordaan. I'm here representing the American Association of Motor Vehicle Administrators. Our members issue driver licenses and ID cards across North America. So we have 69 jurisdictions responsible for that function and they're moving into the digital world and in doing that they need wallets into which to provision, which is why we're very interested in this topic. Very good.

Rob, you're from a company called Ping Identity. I am definitely from a company called Ping Identity and those who are smart will notice that Loffie and I share an accent.

Yes, I'm the EMEA field CTO at Ping Identity. A little bit of a late replacement on this panel for a far better educated colleague, Patrick Harding, who's our chief product architect. Patrick couldn't make it so I'm going to do the best job I can standing in for him but without the Australian accent. It's very nice to be here.

Yeah, actually for an earlier panel I asked the people here who was familiar with the EODI wallet or who was not familiar with the EODI wallet. There was not one hand up. So I think people are very familiar with EODI.

KP, you have a major role to play when it comes to the reference wallet. Oh, thank you Daniel. Thank you. My name is KP. If you would like to do the short, you know way, otherwise it is constant in perplexanties. I'm responsible for a group of companies.

I'm here, you know, to answer a lot of questions. I'm also the consultant contractor together with our partner company, that company Intrasoft, delivering, you know, the EODI wallet for the Commission. Thank you. Nice to meet you all.

Yeah, I think everyone here is probably familiar both with Deutsche Telekom and T-Systems but may not be familiar with the fact that you actually play a big role in wallets. Indeed we do.

Yeah, I'm Dirk. I'm from Deutsche Telekom T-Systems and I'm responsible for the entire digital identity business within Deutsche Telekom group. And this is not only the EODI wallet business. We are doing a lot of things, especially in the health care arena already and in the finance sector. And therefore we try to bring together all the, yeah, I would like to say legacy technology in digital identities with the new one on the SSI side with the EODI wallet.

And therefore I'm very happy to hear, to discuss with you how we can bring those different worlds together to generate a mass market approach. Because it's not all about the technology as we will discuss all together. It's more to convince the users to use this technology. And how does it work? This is exactly one of the questions that we would like to answer today. Let me ask with a simple or start with a simple question. Obviously digital wallets are based on open standards, right? You're very much involved in ISO MDL, for instance. Why open source?

Why not simply say, well, we have open standards. Everyone is just creating their wallets. Why do we need open source software? Why do we want a reference implementation? For our members, of which we have quite a few, as I mentioned earlier, it's about choice. So having open source, having this in the current model that Open Wallet Foundation has, having these different components from which someone can just pull together and create something, really increases options for issuing authorities. So it gives them choice, it increases competition, and we believe that's good all around for everyone.

I think it increases confidence as well. So I think where we are at the moment is at a point where we are trying to encourage as much adoption as we possibly can, and having good quality open source implementations of wallets like we have through the Open Wallet Foundation, I think just really increases the, you know, increases the surface of people that are able to put these, you know, put these things into the hands of consumers, start to build trust, start to build confidence in the whole ecosystem.

I should probably say that mentioning the Open Wallet Foundation once is the price of admission for these plans. No, that's actually not true. I can say many other things about the Open Wallet Foundation, if you like. Thank you for the name dropping.

KT, I mean, Skitalis won the reference, the tender to create the reference wallet. Why a reference wallet? Why not just every country creating their own wallet? I would say the following.

I mean, as you know, Europe is structured, you know, let's say union. We have 27 member states. If you set, you know, a rule, a legislation, then people will follow.

So for us, based on the formula question, why open source? You will have fast adoption. So plus no licensing fees.

Each, you know, issuer or country can put a layer of technology on top. You make it simply, and it is proven because, I mean, in the passport business, a lot of installations are also based on open source. And that's why, you know, the biometrics, the scientific passport bloomed up, you know, very fast. Thank you.

KT, can you say a little bit about your wallet project? And I think you are thinking about open sourcing that as well.

Yeah, before I come to this, I would like to answer the first question of you as well, because I think you can answer this question with a lot of technical arguments that you have heard already, but you have touched this already, Rob. I think the most important thing of the open source is the trust component. Because if you would like to convince the people to use something, and they have at the end some kind of fears, I would like to say, some doubts, then it doesn't work. And therefore, maybe an open standard is already good enough.

But the open source is giving you exactly this kind of openness, of freedom, of independence, on which everybody can say, okay, I can double check what will happen, what is really behind this, there's no backdoor, there's nothing which is really not under my control. And this kind of trust component is especially here in Europe, maybe it's a special problem in Europe, is something that was a long time underestimated.

And now we see after this is open for everybody, and especially the German government do it very, very perfectly with a consultation process in which everybody's invited to bring arguments from all organisations, from the economy, from public organisations, non-public organisations, and bring this into, at the end, to the code into, into the open source code into. This is, for me, the most relevant thing why open source is so needed for this kind of development. At the end, the technology is manageable.

And by the way, a lot of people thinking, oh, now we are losing all the business models as companies, forget it at all. Take all this code that you have open source and try to install it. A lot of people will see that it's more than to know the code. You have to set up environments and so on. I think a lot of people here in the audience knows this. And therefore, this is, from my point of view, so important. And especially when we come to this later on, when we speak about how we can achieve lower high, level of assurance high, then we have some restrictions on the smartphones, trust element.

I think you have discussed this, those separate topics already before and I'll do it afterwards. And then sometimes you come to an approach in which you maybe say, let's export this trust element into maybe an external infrastructure because then you can also offer this for Apple devices. We did it already. And for sure, if you use such kind of a personal encrypted cloud ID space, then this is a cloud. And we decided to have an open source cloud as well.

Because only if you have an open source wallet and an open source cloud, and this is both related to each other as ecosystem for digital identities, then it will work. This is our personal co-belief. And therefore, I think that this kind of trust component, that you have really everything open source based, for sure, all the trustworthy parties which operate those things and trustworthy environments. So therefore, that's also very important. Then you can really support the idea of self-serenity.

Because self-serenity of the customer, of the citizen is not coming from, I declare it, it has to be felt by heart. And this is exactly on which we are working. Can you tell a little bit about the EU Reference Wallet? What is it? And is there the idea to have the same code base all over Europe? Is it inspiration? If you would have a free wish, how would you wish that the Reference Wallet code is going to influence the rest of Europe? Or maybe even beyond Europe? Yes. I can tell you the following.

I've been doing projects in 2001, open source projects, you know, in form, you know, camper constellations and so on. I think it needs to be one leadership, one captain.

Now, I mean, this boat, Europe, took a decision, 27 member states, they put a lot of money. You have engagement, you have over 500 companies in the so-called large scale pilots. Following this, the trust is there, like Dirk said before, the regulation is there, the technology is simple, it is there to download. So I think follow the captain. And I think it's the best day when we will see the adoptions coming. And I think many countries will follow.

Remember, the biometric passports, going back to that, start 2003, 4, 5. And when you did a lot of cross-testing, process interoperability groups, suddenly you have 220 nations, over 140 are following this methodology. And many of the system components that are open source.

So I mean, follow the leader. Thank you.

Rob, I think Ping has Wallet as well. Are you thinking about open sourcing? Have you already open sourced? What's the Ping story?

Yeah, so I think I'll answer that in a couple of ways. And I'll give you the second mention already for the Open Wallet Foundation. Ping Identity obviously is a founding member, and we have contributed and do continue to contribute code to that project. So I think for us, obviously, we truly believe that the Wallet is not the competitive battleground, or at least the Wallet is not the competitive battleground where we as Ping Identity see ourselves. That's not a hill that we want to die on.

In terms of success of the decentralized identity revolution, we need every person in the world to have a good quality, interoperable, safe Wallet on their device with a great user experience. That enables the ecosystem that we are trying to build with our customers and partners in terms of how do we really make this decentralized identity thing work at scale? How do we use it as a way to improve experience, to improve privacy, to speed up integrations between businesses, etc., etc.? I won't go into a whole sort of pitch on that.

So we do obviously have our own Wallet implementation, which we are using as a way to really start to build the ecosystem with our customers. It's going to be a little while, I guess, before every citizen in Europe and hopefully every citizen in the US and every citizen around the world, other than Bhutan, as we heard earlier, actually has a digital identity in their Wallet and the customers that we are working with can't really wait for that to happen, which is why we're providing the Wallet infrastructure today. But we don't know how it's going to develop tomorrow.

I think the first A in AMVA stands for America. But if I remember correctly, you also have Canadian members. Is your focus for open source solutions limited to America, to the Americas? Are you thinking that ideally digital driver's licenses should happen on a global basis? What kind of ambition should our open source projects have in terms of geography? Global. We deal with driver licenses, and we believe driver licenses is something you should be able to use across borders internationally, not only in North America, but across the world.

So we drive very hard and try to reach out and build connections throughout the world, Austroats in Australia, the Commission here, ERAJ here. We talk to Japan. Any issue of driver licenses, we want to engage with so that we can ultimately exchange driver licenses. Because as we just talked before this panel, being able to use your credential across borders internationally in the first place requires acceptance of the credential, regardless of the technology. Do I trust the other issuer?

Do I, as a DMV in North Carolina, accept a German driver's license? And then I look at the technology. And then when we look at the technology, when we look at open wallets, I think that the next thing we want to do, and I think that's sort of perhaps missing at this point, but we want to make work of it, is to say, this is what the user journey should look like for this type of credential. Given that you have the issuer and the relying party trust the issuer, this is where the relying party is, this is where the issuer is. Mr.

Wallet, please build the rails for the credential from this side of the world to be accepted over here, given that they trust each other. I don't know how many of you here are familiar with the way browsers work, but you know, when you look at browsers, of course the bedrock for every browser are the open standards.

Take HTML, you know, HTTP, JavaScript away from the Internet and you're left with nothing. But actually between the open standards and the web browsers themselves, you have open source projects. And that's really true for any web browser in the world. It's Google Chrome, the Edge browser, the Samsung Internet browser, the Opera browser, they're all sharing the same open source components. So I am just the moderator, but as a moderator, I completely agree with what you've been saying.

I think open source can be tremendously helpful, because dozens or hundreds of standards will factor into wallets, and open standards are hugely important, but they're not enough. We need open source components on top of that. We have only three minutes left. I don't know if there's a question online or...

Please, KT. Yes, thank you. I need just to do a comment, you know, based on what you said and our colleagues here in the panel. We should not forget, you know, the commitment that many, I mean, developers, I mean, one, many, you know, companies through the Linux Foundation or through the OpenID Foundation or other, you know, foundations and so on, what they are committing. Yesterday I went around, you know, here on the show. It's a fantastic show.

I could see, you know, how they were speaking about the open source tools that you can choose if you would like to be a relying partner or if you like to be an issuer, you know, and what kind of technology you're going to choose. So I see, you know, fast adoption, you know, here on, let's say, this stakeholder group, and we shall not forget them, and I would like, I mean, to thank them as well, because without them we would not have a project. Thank you. Maybe two additional remarks from my side.

First of all, I think when we speak about open source, we are looking mainly into the future for new things, new projects, and I'm so happy that you're also a founding member of Soap and Wallet Foundation, but I think we shouldn't forget all the legacy technologies that we still have, and I think we should find ways that we create, at the end, multi-protocol wallets in which we support the new technology and the old technology as well in open source approach.

This is very important from my point of view, because if you think that you can convince the entire world only with new technology, you forget the entire installed base. Don't forget it. First thing, and the second thing I would like to come back to, this is what Lofi already introduced a little bit, this is a question of technology of the open source code as such, but I believe it's needed to embed this open source code at the end into an ecosystem which has rules and policies.

We have discussed already before in a little bit, because you mentioned the trust between the relying party verifier to the issuer and so on, but it has to be declared officially that you as a user of an open source wallet know what kind of a party, what kind of a government is relying on which kind of a wallet, which kind of a relying party, which kind of issue.

And to be honest, I see on this side a lot of things that we have still to clarify, because there are some things that Europeans are doing, something isolated only for Europe, which is maybe good from a perspective of self-serenity for Europe, but at the end we shouldn't overstretch the self-serenity in a way that we are blocking ourselves on the borderline and then we are crossing over to US or Canada, then it doesn't work anymore, it doesn't help.

But to find those rules and policies is a very important thing and should be implemented at the same time when we speak about open source code, maybe we should have open policies and open governments, governance structures as well. This is very important, because otherwise we will fail as well, because then the technology doesn't help us. Thank you very much to all our panelists, thank you also to the audience, I know we are competing with lunch and that's hard competition, so thank you for having been here and we hope to see you in the afternoon for the second sessions.

Exactly, before I let you go, we have one and a half hours break now and when we return we will start with the introduction to the German EUDI wallet project and we will have Torsten Loderstedt and Paul Bastian here presenting that. I know it's just 90 minutes, I know it's lunch, but you won't don't want to miss this and it will continue at the same pace and the same quality, so I'm looking forward to seeing you back in 90 minutes here and enjoy your lunch. Thank you. Thank you very much.