Panel | The Wallets we Want

Good morning, welcome to day 3 of the European Identity and Cloud Conference 2024. My name is Matthias Reinwardt, I'm half of the moderators for today's track. And you are in for a treat, I can promise that. You are in the room C01 and you are here for the track Decentralized Identity and Global Wallet. And without much further ado I would like to introduce my second half of the moderator crew, Daniel Goldscheider, and he will take over from here for the next panel. Please welcome Daniel Goldscheider. Thank you very much. You should never applaud before the session.

Let's see if we can live up to that. One of the amazing things about EIC is that I feel like I almost don't need to introduce myself because I recognize so many people in the audience. But for those of you whom I don't know, Daniel Goldscheider, I am the founder and executive director of the Open Wallet Foundation. We are trying to bring as many people as possible together to talk about how we can achieve secure digital wallets that are interoperable on a global basis. We've just announced last week a cooperation with the United Nations.

So now we have two homes, one is going to be the Linux Foundation, one is going to be the ITU and UNICC as part of the UN. And it's really all in the spirit of trying to bring as many governments, as many people from the private sector together. As you have heard, we are really proud of the setup that we have for you today. And we start with a really big panel. It grew quite a bit. We're starting with a few people here on the chairs and then you will get a couple of surprise guests.

I'd like to call our panelists, I don't know in which particular order, maybe Christina Yasuda, whom a lot of you are going to know, formerly with Microsoft and now with Sprint. And then our host, Martin Kupinger. And Pramod Varma, Anil John and Paolo De Rosa. Thank you so much for being here. Thank you. We got instructions that we should flank everyone. We will have only 25 minutes rather than 30 because of some of our surprise guests. Let's cut right to who are you and why are you here?

Christina, if we can ask with you. You have just moved, you've been in Seattle, now you're in Berlin. What brings you to Berlin?

Hi, I work for German Federal Agency of Disruptive Innovation. In case people have been wondering what Sprint stands for.

Our goal, we are tasked to make sure German digital identity ecosystem as a whole is successful. And we're focusing on the areas where government can play a role and help private sector to accelerate that. That's who we are. Good morning, my name is Anil John. I'm a technical director with the US Department of Homeland Security.

The reason for being here, obviously, is that I am, my partners in the US government, US Citizenship and Immigration Services and US Customs and Border Protection are the agencies that deal extensively with cross-border trade, cross-border travel, Citizenship and Immigration Services. And they are also the agencies that are leaning into and implementing the three-party identity model using verifiable credentials and the associated standards. So speaking to how to do that in a manner that is globally interoperable is something that I'm looking forward to. Can I ask a quick question?

Who here is not familiar with the EUDI wallet project? Can you raise your hand if you don't know what the EUDI...

Paolo, I don't think you need much of an introduction. Yeah, I will be very brief.

I'm Paolo, I work for the European Commission. The G-Connects, we are supporting and leading the activity of the development of the wallet, thanks together with the Member State, the experts. And now we are opening up to all the whole sectors and also the civil society. Just say this, that should be enough. And thanks for having me here. It's really a pleasure and honor to be on this panel with this very great guest. And Pramod... It's wonderful to be here. It's the first time. Thank you for having me here.

So I've been the Chief Architect of India's Digital Identity System, which has issued 1.4 billion identities, digital identities and credentials. It's used about 70 million times a day. We also collapsed the KYC cost from $20 to 20 cents through complete digital KYC, and that allowed a billion bank accounts to be opened for everyone. And we also collapsed the cost of real-time payments in the last 10 years to about 1,700th of a dollar for us to real-time pay among 500 banks.

So we did a bunch of things, and digital ID and credentialing was the essence of much of the things we did, plus digital payments, which is also coming to Wallet. So great place to be here today talking about that. Thank you.

Yeah, I'm Martin Kupinger. I'm here, I think, in that case, I ask for being part of the panel. I think I have some opinions on, when we look at the title of the wallets we want, about the user perspective, the user experience, but also maybe the verifier perspective on how would the ideal wallets, plural, look like.

Yeah, and that's the topic. Everyone here on stage has thought a lot about digital public infrastructure. We said earlier this week, when some of us were in Amsterdam on a panel, that we have a perspective here from Bangalore, from Brussels, from Berlin.

Anil, unfortunately, nothing with B. You can just cook up. Exactly. Baden-Württemberg. When we talk about wallets we want, in your opinion, what are the things we need to get right about digital wallets? What can go wrong? And what do we hope that we are going to get right? Who wants to be first?

Yeah, thank you. I think it's important. Globalization has a global touchpoint. So it is really, really important that the technologies that we implement are actually based on open standards, implemented in a manner that allows for global interoperability. That's easier to say than it is to actually do. At a minimum, we are interested in a future where... I'm speaking to a European audience. I'm obviously somebody in the future who has an EUDI wallet from one of the member states and is interested in coming to visit or work in the U.S. You are going to touch my Customs and Border Protection.

You are going to touch U.S. Citizenship and Immigration Services, which means that I want to be in the position and my organizations want to be in a position where there are documents that are going to be in your wallet that should be able to be presented to our infrastructure and we should be able to verify that information. And at the end of that process, we should be able to issue a credential and attestation, for example, an employment authorization document that allows you to work in the U.S. into that wallet without going and getting something else.

In order to make that vision possible, we need to have an agreement on what makes a good wallet. And I'm using that phrase deliberately because I don't think that we've done the work in order to sort of define the requirements of security, privacy, and interoperability at the foundational level so that we all agree what that is. And that is a vision, and I think... And that is our intent, and that is a vision, and that is a future that I hope for here.

Christina, Anil mentioned digital standards. You know a thing or two about digital standards. Are we on the right track? Are you hopeful for the future of digital wallets? Will we get the wallets you want?

Yeah, I think so. I think the first task we have in front of us is to take them to the finish line.

So, no more breaking changes at stable, take it to the finish line, so, you know, that's clear. And then my recent realization is when we talk about standards, probably we should talk about different timelines, standards that we need to cross the chasm, build scalable solutions right now versus innovations, technologies that we need more in a 10-year time frame to keep challenging how privacy-preserving, how secure we can get.

But to answer your first question, I didn't want to go first because I wonder if we focus too much on the wallets in a sense that, look, there's so many requirements for the wallets. There's so few entities, you know, who'd be able to build it. And in the end, happy to be corrected, but I suspect a lot of people in the room are potentially relying parties, right? And when you think about what data you actually need, that should come first.

Like, what data you need in this verifiable format to realize that one use case that can help your business to make money or drive down costs. If you can answer that question, then you can start asking who is the issuer who can give you that data, right? And once you identify that issuer, maybe the issuer is willing to issue only into one or two or three wallets, and issuer has already made the choice for you which wallets you have to use because they're very far to get the data from.

Just, you know, another perspective that maybe the wallets actually come first. But I think Pramod has an interesting idea on issuing into user versus the wallet.

Yeah, I think we do too much focus on the tools and the wallet. I agree with you. We must unbundle the issuance completely from where I choose to store those credentials and acceptance. We sometimes conflate these three together. It'd be fantastic if every certificate and every credential and every proof of work, proof of association, proof of earning, and proof of who I am, which is identity, and all those proofs to be converted to verifiable credentials of some standards, we should not be sitting around the room and trying to standardize it. I think the standards will evolve.

It's okay to have multiple standards. Then issue to the user. And we were having this discussion earlier, a couple of days back. I think we make a mistake by saying issuer will issue to a wallet.

Rather, we should say issuer will issue to the holder. And then holder choose to add that even to Google Drive. I don't care. I want to be able to store in a way I want to be able to store. You cannot take away the choice of the user.

Now, of course, you want it to be secure. You want it to be privacy-friendly. So you want some sort of certification, levels of assurance to be created because at the end of the day, then user will choose the right wallet for them to choose. It can be an open-source wallet. It can be a commercial wallet. It can be anything else, a state, one of the member state issued wallet. But it's a choice of the user. So issue to the holder. Holder chooses to store the way, in a secure way, the way I want it to be stored.

And it should be acceptable in a borderless, Anil's point, borderless and permissionless manner. If you don't do that, we will continue to create silos, member state-driven silos, political silos, geographical silos, where human beings want to move around, study work in various geographies, and we want to be able to open that. And it's very key for Global South. I'm speaking because the biggest use case for us is the cost of identification and cost of verification. And that cost is so enormous in Global South.

Unless you collapse the cost to digital verification, none of the services like banking, you were talking about behind the stage, the banking services, insurance services, or any of the services will not be opened up. So we are very, very, very supportive of what you all are doing, but keep it user-centric, permissionless, and borderless.

Paolo, do you care where PIDs will end up? Yeah, I cannot agree more with what Pramod and Christina said, because from technology's work in this institution, what we, at least I believe, is that we are here to shape technology to reach a goal and not vice versa. And we always get lost sometimes in talking about technology, how it should work. And maybe it's not the right conference to say that. I'm saying something naive.

But, I mean, what's the good wallet? It's the good wallet that will work at scale and will be delivered looking to the needs of the user, as was said already. So I think we need to shape technology around, well, obviously our principle, that privacy and security, but all these things need to find the right trade-off in order to reach that goal, to be simple, usable, and be around the needs of the user, not just the single user, but also the whole community.

And we know that people are not constrained to necessary borders and silos that we are creating in that technology, or why I should have decentralized or centralized. People don't care at all about these things. And that's why we are here, to try to find these balances in the technology, because we need to shape the technology looking to this, not vice versa.

This, I think, is also the message I tried to explain yesterday. So let's not get stuck into fragmentation because of many reasons that do not care the user, the people that, again, are going to use this system. Amen.

Martin, you are our host. It's only fair that you have the last word on this question.

No, a lot of plus one first. So I think there were a lot of astute things being said already. Just a few thoughts from my end. The first thing is, is wallet the right term? So when I look at what I want to have in this thing, probably it's not a wallet that fits into the pocket of my suit anymore. So it's probably much bigger in the sense of thousands, maybe tens of thousands of verifiable credentials I have. Then I look at it from two perspectives.

I look at it less from an issuer perspective, like some of others, but more from a holder perspective, and from a verifier perspective, from a holder perspective. When I take my own situation, so I have a couple of personal, a couple of business devices, and I want to avoid that we end up, I talked about in my opening keynote, about the risk of the wallet becoming the next decentralized silo. We must avoid this situation.

For instance, if I take the loan sample, so I apply for a loan, this is a business case where we're talking about incredible amounts of money for banks when you look at the KYC and AML processes. But this is something I definitely will not do from my smartphone. I will do it from my desktop computer or from my notebook. So I want to have more than one wallet, but few of my choice. I want to have the verifiable credentials in, and there will be credentials I have in multiple wallets. And I want to do that very simply.

I want to decide not only put it in that wallet, I would even say put it in that and that and that wallet and keep it synced. That is what I would like to have from a user perspective, which is not simple from a protocol perspective, but we need to fix it, I believe. The other thing is, when I look at it from a verifier perspective, when I talk with enterprises, there are two things which are popping out immediately. The one is a very well-working revocation. So Martin is not a copy and call analyst anymore.

He is, and I will be there around for a while. But that must be there immediately. We will have also situations probably where we even go into sort of a real-time issuance. Think about liveness detection in a verified, viable credential context. That is something where we probably go away from a pure three-legged approach with issuer, holder, verifier. That would be my last thing here for now. I would propose that we rethink the term level of assurance in the context of what we are doing here. My recommendation or my proposal is, let's call it provenance.

Provenance is different because provenance also shifts the play. Because for LOA, you say the verifier has some guarantee and some liability. Provenance is much more a bi-sided thing, which enables us as the verifiers to decide about the trust level we give. I think provenance might be the better term in what we are doing here. So let's think about it. Because LOA is also a bit overloaded already, and it implies a lot of liability, guarantee, legal aspects, etc. If we know where does it come from, this specific verifiable credential, then we can make an informed decision.

And that would be provenance. Thank you.

We want, with the entire track today, to enable you in the audience really to be part of this. Because ultimately, we want to answer the questions that you have. This is a very condensed panel. But if you have a question, now is the time to ask. In a minute, Matthias walks. Someone else might bring in some thoughts. Please show up again. Thank you so much for this very interesting discussion. My name is Thomas Lohninger. I come from data protection NGO and have been quite involved in this space, particularly in the EU legislation. And thanks for the U.S.

colleagues to bring up the example of border crossings. I think several others are likely, like hotel check-ins late at night. Many situations where consent is not really meaningful because it's very hard for a user to say no. So how would you respond to the risk of over-identification or over-sharing of personal information to situations where we might lose anonymity, even in an analog world, anonymity that we have today where particularly marginalized communities might also rely upon. How would you account for that in the ecosystem on a microscopic way? Thank you. Okay.

So I think, Daniel, you said something, a concept that can be useful to answer to this question, that is DPI, right? DPI is digital public infrastructure. It's a concept that was emerged in G20 in India last year. And I think I like it because it's a kind of pattern that describes how the society now is thinking to build this infrastructure, like physical infrastructure, right? Like the bridges, like the roads, and so on and so forth. And where the word public stands for public interest, doesn't stay for public sector.

And why I'm saying this, because in DPI, in the digital public infrastructure, there are three main components that are the key, I mean, that needs to be built in the digital public infrastructure. Let's keep it out for the physical one, like the connection. But in these three, these three are fundamentally the data exchange mechanism, and that's just what the wallet is providing. The fast payment system, this is also a very important component that will allow a lot of use cases. And the third one is the legal identification. It's the legal identification.

So, why I'm saying this? So, with these three things, you can build upon a lot of use cases that are then taught to give inclusion to people, right?

So, welfare. So, as the society is transforming digitally completely, we are in a second stage of the digital transformation where the whole society is there. When we talk about asking for identification, I think this is something we need to work together on and explain that where the legal identification is needed, then that's the right tool to use. On the other side, we don't have the needs to use a legal identification.

So, I think this is the key factor. The DPI is built to provide a public interest where there is a government or a private entity that needs to provide a service for a good reason.

So, I'm thinking about what India did. It's incredible.

Or what, for example, in South America, they are doing providing identity to people that have no nationality because they are migrants across all the stuff. So, we need to think about technology. How can technology improve this?

So, this is the way we need to think about it. And I do agree what it should prevent is to be abused in a sense where it's not needed. I don't need to use a legal identification to open my email account, right?

So, this is already a reality. So, we don't want to change that. We want to include people to have access to more things that they don't have today.

So, I think this is the way we need to look at it. So, when I heard that question, what I heard were two things. Power imbalance that exists when an entity that is asking for information in order to provide a service. And the current ecosystem where people just simply click the defaults that in order to share more than what is needed.

So, I do think that in particularly in the context that we are operating, both of those things come into play. And I definitely agree with aspects of what Apollo mentioned.

Obviously, we come from different jurisdictions. So, we also have different underpinnings. I will simply note that I think this is also work I think that needs to be done in this space. Magic is not over. And the couple of pieces here are, for me, it's also you need to recognize that imbalances exist.

So, how do we actually bring in accountability into the mix so that people who ask for more than what they need are actually held accountable? That is a policy and a legal question that I will leave to people way above my pay grade. But at the technical level, I do think that we also need to have a discussion about perhaps coming up with default attribute bundles for specific purposes. So that when a person is given the choice of selective disclosure, within a particular context, there are a specific set of attributes that might satisfy that needs.

They are checked by default or they're not checked by default. Is that something that might be worthwhile to work on so that it makes the user journey and what needs to be shared easier?

So, that's where I came from. Christina, we just heard about digital public infrastructure. Paolo mentioned it. Pramod co-invented it. I think there is an interesting digital public infrastructure project in Germany. The German word is Funke. Spark in English. And I think you have some announcements about those sparks.