Welcome to the KuppingerCole Analyst Chat. I'm your host. My name is Matthias Reinwarth. I'm an Analyst and Advisor with KuppingerCole Analysts. My guest today again is Annie Bailey. She is a Senior Analyst with KuppingerCole. Hi, Annie. Good to have you back.
Hi, Matthias. Thanks for having me back.
Great to have you back and this is for a very good reason. Just a few weeks ago, we had an episode and we talked about the basics of digital identity and then we quickly moved over to decentralized identity. And we had quite some great feedback and questions from the audience. And the main question that they asked for was, yeah, now I know what decentralized identity is, but I want to use it and I want to learn more about how others are using it. So we wanted to focus this episode on real life decentralized identity. Where can we find decentralized identity right now in the wild apart from people talking about it at conferences?
Yeah, so there's, you can look for a decentralized identity in lots of different places. And there's two categories that you could think about this in. There's the really decentralized use cases where you're stepping outside of the normal status quo and using decentralized technologies to radically change the relationships that typically individuals have with organizations. And so it's very focused on the individual. For example, the use case of the individual being in control of their own data. And this implies having some sort of means of holding and sharing credentials about yourself. And this is, in a sense, the core of decentralized identity, putting the user back into control. When we think about this use case in general, it still can be a bit misleading because where does this control come from and what does it mean? When you have an individual sharing information about themselves that needs to be trusted at some level, and so it's all about relationship. Do you trust that individual? Has that information been self attested or it has it been issued by a trustworthy party and how is that trust communicated and so in order for this use case to work you really need an entire ecosystem. Places for individuals to then hold and share information about themselves needs to be interoperable. There needs to be valid ways to use this. So this is an overarching umbrella use case but still needs a bit of repinement. You also have in this category of really decentralized use cases, things like decentralized finance where you're looking at an alternative way of banking without traditional banks. You're using decentralized identity for your know your customer, anti-money laundering purposes. You're using decentralized technologies to support alternative currencies, things like Bitcoin. And it's quite a speculative market. It's very exciting, very dynamic, but from an analyst perspective, we can call this speculative at best. So that's one category of ways you find decentralized identity out in the wild. And this other category are use cases that are really compelling to solve a problem, and they can use decentralized identity, but they don't have to. It's not prescriptive that we need a blockchain-based architecture to run this, but decentralized technology really brings an added value here to solve a problem. Here you can think of things like citizen identity, a decentralized citizen identity or a mobile driver's license. This is really being spearheaded in Europe with the eIDAS 2.0. So this is an amendment to an earlier regulation which is aiming to enable the use of digital identity for public services and private business in a harmonized EU digital market. Part of that is equipping EU member states and residents of those member states to have a digital wallet, which is user-centred, user-controlled, user-held. And in that sense, it's very decentralized. You can have aspects of a decentralized architecture in there to support the wallet or the credentials, but it's focusing on a user-held identity in that sense of the decentralized aspect.
Right, and from what I've learned and what I've seen and also what I see when we look at the agenda for the upcoming EIC, this eIDAS 2.0, this is something that is really just evolving. There are some countries which have already these digital identities, be they decentralized or not, is to be discussed, but they have this. Other countries like Germany are still a bit lagging behind. So this unification, this common standard, and then getting to a single wallet storing these credentials. Is this really the driver that decentralized identity might need to gain more popularity and more widespread adoption?
This is a driver. And it's a really compelling one because it's creating the ecosystem for a lot of different use cases. So both going in the direction of making public services available in a digital manner across borders within the EU and for private business to be able to consume those digital identities that are user held for lots of different use cases. We have some large scale pilots, which are being done, started in April of last year, that are exploring a lot of these potential use cases. Things like opening a bank account, registering a SIM card, being able to sign contracts digitally, claiming prescriptions, lots of travel use cases, being able to present these documents in the airport for different various checks and border crossings, payments issuing and presenting educational credentials, things of this nature. So the efforts that are going into eIDAS 2.0 are setting up a lot of potential use cases. And we say potential use cases in this sense because eIDAS 2.0 is not yet in full force, but there are plenty of organizations that are already meeting these needs and have products on the market for trap credentials, for educational credentials, for employee credentials using decentralized architectures. And there are a lot of them participating in the large scale pilots as well. So they're getting some, bringing their experience with their customers into the solutions being designed for the EU.
Right, so these pilots are the most important thing to look at, if I understand you correctly. But the use cases that you mentioned, they are very different and they demand for different types of credentials. So I would not try to claim a prescription with a state issued ID and I would not like to register a SIM with an ID that is issued by my, I don't know, by health insurance. So there will be many credentials. And this is currently using all the same standard, which is eIDAS, as I understand correctly, and this will all be stored in this user controlled wallet, but this is still in development, in flux and into operability testing. Do I get that right?
Yes, interoperability testing will be a major success factor here. So the large scale pilots, these are a testing ground, making sure that the architecture is set up well, that the interoperability questions have been answered across border, working with different types of wallets in different scenarios and in completely digital transactions or a mix of digital and physical interactions if you present a phone with your credential to a live person who needs to be checking this. So we have hybrid models as well.
Thinking of the drivers behind these use cases, so there needs to be ideally a business use case because this is something that either helps the citizen, the people, the person holding the credential, or it can fulfill a business need. And usually the industries I can think of that are spearheading these efforts are on the one hand the telcos because they want to provide identities for their customers. And I always think of the gaming industry, the large-scale gaming industry or gambling industry. Are there some efforts already in these areas that you can see where they say, okay, I issue my identity and therefore I bring people into my ecosystem and use the standards and the technologies and the wallets that are around for such purposes and for really making money?
Yeah, absolutely. So the major industries that are active here are, as you mentioned, gaming, government services here, healthcare, travel, e-commerce, and financial sectors as well. They all have some fairly high trust levels that need to be fulfilled. They really need to know who are they working with on the other side of the transaction or with their partners going through some level of, know your customer, for example, or age verification for purchases on restricted goods or just being restricted industries and of themselves. And because of those restrictions, they've been in some way limited in offering completely digital transactions. So there's a lot of internal process improvements that can be allowed through here when you have a user held wallet that with shareable credentials that a user could share with an organization that they would like to interact with or between partners, for example, where that credential can be really trusted. They know where and who has issued it and can verify it to a high level of assurance in order to have that interaction, whereas previously that just hasn't been possible at a digital level.
We talked about that in the earlier episode that identities not necessarily need to be connected to a carbon-based life form like you and me, but it could also be identities that are related to goods, to material. So identities in supply chain management, for example, for tracking goods during transport, et cetera. Are there already real-life use cases in that area as well? Is this something that is because it can scale indefinitely more or less. So that does not need to be people. It could be a part of a machine, the machine itself, a parcel, anything like that. Is this a thing already?
It is, there can be a lot more work in this area. We're seeing quite a bit more focus on the human identities and verifying individuals or their in connection with them and organizations, organizational identities are present with solutions on the market. There's definitely a use case for supply chain, tracking and decentralized identities attached to products or components moving through, but room for more development here.
Right, right. When we talk about more development, this will be covered at EIC. We talked about that earlier, but I think that's really of importance. We are holding our annual conference in Berlin in the beginning of June. decentralized identity will be a key technology, a key set of technologies we want to cover there. And there will be also examples of real life use cases and their representatives being vendors, being state organizations, being anything around that. So I think there will be lots to learn and this is still an evolving market. And I think that there will be more to see and it's really growing by the month right now, right?
Yes, it's a very dynamic space. We see particularly around identity verification where decentralized identity can really help and support and bring this into a reusable function. Again, getting to that user-held, user-controlled version of decentralized as well. Really a lot of action happening here. Will be a great discussion that will continue at the EIC. So we're looking forward to the talks and panels that will be held there.
Me looking forward to that as well. Also covering a large track together with Daniel Goldscheider, who is a proponent in that area as well. So that will be an interesting track as well. I think it will take some more time until organizations, employers will issue decentralized credentials to their employees for interoperability with their partners. But this is not too far away. I think this is something that we can see in the near future for interoperability, for sharing credentials without having to go through the hassle of doing proper federation, federation trust and trust agreements between IDPs, but just trusting identities which are stored within your wallet and you can use that for business purposes. But this is still a bit down the line, I think. Maybe I will get proven wrong at EIC that this is already a thing. But for the time being, thank you Annie for talking about more real life use cases of this promising technology, of this mature technology because the standards are there, the technology is there. Now we need to make it work in real life. Any final thoughts you want to add before we close down?
Yeah, as you say, it's a, in a sense, a mature technology. And we're going to go through some phases of change in the next few years anyway, as these use cases settle in, interoperability questions get ironed out, business model questions get ironed out. So there will still be change that we'll be monitoring and discussing over the next few years, especially as we're moving into a multi-wallet, multi-credential reality where we expect, especially with the eIDAS 2.0 rollout and European digital identity wallets. There'll be several wallets that individuals will choose to use or be obliged to use to fulfill different use cases that they have. And this will go through a period of fluxes, people collect wallets, understand that they're able to move credentials between wallets, even if they were issued in a different format, if things are done successfully. And then that will pare down again and be consolidated down to fewer successful wallets with really great usability, really great interoperability that are functioning in open ways. And that'll be a big question that comes up in the future is how to keep the ecosystem open and interoperable instead of condensing too far into proprietary wallets and use cases and solutions and holding onto very important credentials and not allowing them to stay interoperable. So this is an interesting ride there's a lot of good work being done to, as you say, lay the standards now for a successful open and interoperable ecosystem.
Right, that really sounds promising and it's an interesting topic to cover. No one should say that identity management is not an area where there is growth, where there is innovation and where there are no new technologies. We are right there and we will cover that at EIC. So thank you, Annie, for being my guest again today, following up on the last episode with this episode. And I hope that we could answer some of the questions regarding real-life use cases for decentralized identity, and happy to continue that discussion. So if you have any questions, this is my call to the audience, please leave a message in the comment section of this video on YouTube or drop us a mail wherever you listen to this podcast. There will be always a link to where you can reach us, reach out to Annie, reach out to me. Reply to us at LinkedIn, we will post that there. So really start the conversation with us. We are looking forward to your feedback, to answer your questions and looking forward to talking to you at EIC. Thanks, Annie, for being my guest today.
Thanks Matthias.
Bye bye.
Bye bye.
