I'm representing DC for you. That's a digital consortium, digital credential for Europe. And what is DC for you about? It's about education and social security. We are in the context of public service or public service related entities and education is about diploma credentials and social security has two use cases. One of the use cases EH and the other is PDA one. So I guess you do not know what exactly an EH is. The is the European health insurance card and that's on the backside of your European health card. That's a little bit blue. And what does it do? What does it is good for?
It's good that if you as a European citizen insured in your member state, if you travel to a different country, you can use the EH to get medical based treatment. So that would be beneficial to have that in a digital way.
And this would include that in the member state. You get the medical treatment, the doctors want to be paid and you get the reimbursement process. This is the EH and the PDA one is a document in a PD, portable document in social security that will testify the applicable legislation of your employment status.
So it'll basically say you are employed in your home country or in the country you're sent to. So this is necessary to prove that insurance status. So this is important. So these two use cases are the scope of DC for you and what is DC for your build? That's the decade of digitization. That's the idea what the European Union wants us to do in public service. And we are on the left side in that public service.
What is our starting point? The starting point of DC four U. We are based on, on EI DS regulation. I think that we had a lot of contributions already today.
What this is and what we are talking about there. So we shall approve. How can these use cases be implemented in that, under that regulation? Where do we want to do, where we, where do we want to go? We would like to go and build a robust framework. That's what you heard earlier about the trust models. How can I trust the issuer? How can I trust the verifier I meet and how can I trust that the document I receive from an issuer is indeed a valid one concerning the schema that he used. And these trust models are something that already exists in social security.
Social security is a highly regulated sector. So we have regulations and we know by law what to issue, who is issuing it and what that can be used for.
So the trust model seems to be somehow easier as we have something in place that's called institution repository that is listing all European social security institutions and their competencies. So there is a competence. I may issue e hs, I may issue PDA ones. So that the, the work would be just to transform the existing institution repository into something of that new technology. Might that be an AIDAS one or might that be a trusted issuer?
How you name it, how you do the technology. DC four U is somehow indifferent or agnostic to that use technology. We want to focus on the business requirements and the business aspects on that and that would be then the, A major result on that. What do we need? We need everything that we talked I as yesterday also to today. We need the wallets, we need the issuers, we need the verifiers and we need the trust. And the trust in the identities is the major key part because as a social security public service, we cannot issue our data, which is a hundred percent personal data.
On in in, in the lowest case, the person related data. We cannot hand that out to anyone. We must be very sure who is the person that we are handing that out to.
And the DS regulation seems to be a good way to get an identity to all the citizens. You already heard about the different member state approaches. You heard about EID schemes about different levels of assurance. But the key factor for social security is to be sure at the LI high level of assurance, which person we are talking to.
That's a key point that might be as easy for use is based on either's regulations or the call is solely for S identities. But basically social security could also think about interacting with other identities as long as they all provide the high level of assurance in a way that we can trust that. And the next things we need. We need the technical systems, we need the protocols and we need also a trust in all that.
How do we proceed In DC four U, especially here in the social security work stream, we tried this time to put the business people together.
We had a different project called the European Exchange of Social Security Information. E-E-S-S-I. This project passed on for the last maybe 15 years since the first ideas to today an interchange system where all member states are connected and all relevant competent institutions are connected. They are exchanging messages and all communication from social security to social security is mainly organized in that through that system.
So we already have the digital e hs, we have digital PDAs because we inform the member states in a posted worker environment, this worker is posted to different country. So the social security is informing the other country through that system. So what we would like to do here in the DC four U project, we would like to enhance our abilities that public service is communicating directly with the citizen. So we would identify the citizen, say, hey, it's you, then I can hand out your documents directly to you.
But that's not so easy.
Getting back to reality, the PDA use case means that the employer is asking us to send this person, this worker to different country. So the employer is requesting and the employer employer gets the answer. So we as social security, we don't even know the real, the real employed person, the real identity that that is sent. And when this person wants to fetch something from us, we need to map that. The mapping is the next problem in social security as well as in education.
Because if you enlist in a university, you get a university identifier, some membership number also, social security usually is issuing social security numbers. If you're living in the lucky member states, then the member state decided to use one number for the national social security system. In other member states like Germany, we are in a situation that each institution issues a number.
So we have an identifier for your pension insurance and we have an identifier for your health insurance. And if you change in Germany your health insurance, you get another identifier.
So these, all these identifiers need to be mapped to some to some backend systems where we know these identifiers have the data, but now all of a sudden there is a wallet from an ADAS regulation, then in this wallet there will be some identity but we need to map it to the identifier. We know and according to all the ideas, some member states said we want to put that identifier in the pit. That is a decision in the in, in Greece for example, we, we saw that that would make the world very easy for a system, a national system that has a social security unique number.
It wouldn't solve anything for Germany where we have multiple numbers.
The other approach is that we build national services to make that mapping. Some countries did that like Austria for example, but that is has pros and cons in in terms of IT security and data protection and and so on. So the current approach in identity here is that we do attribute based mapping. Another option is that social security would issue a second credential, then you would have a pit in your wallet and a, so a second credential containing this identifier.
But then you would need an identifier for your university, for your maybe a university authors system where you have, you publish your papers, you need a in in Germany you would need multiple identifiers for different institutions. So that's not solved to the end. And we are working together with the business people in social security to guarantee that we have finally a cross border work solution that is really functioning. That's our work idea.
And what is our approach?
The approaches that C four U is gathering from hopefully all member states so far we are now up to nearly 20 in social security that we gather the business people we see see that we talk together in business meetings every three months. So we gather and we discuss what is needed, what is expected, what should be done. And then the business people, not the technical people drive the process formulating the needs. And we have a technical group that is taking care that these needs can be fulfilled. I see that the time is a little bit running up.
So let's have a look at the participants in social security. We are now 34 organizations and coming in for social security coming out of a hundred, slightly more than a hundred overall. And these people work together and we have to coordinate in social security with a long list of other initiatives. We have sspa projects, we have vector projects doing the same.
We have ad hoc groups for various purposes and we have different other fundings of the European Union and we have to coordinate all that because there are other people who are working slightly on the same thing and due to the time, let's jump a little bit to the picture of our ecosystem. We are publishing, that's the ecosystem picture that you all know, but we are making proposals for the registries. The most important registry is the trust registry. Where does the trust come from?
What our schemas and all that we have issuers in place and due to regulations, verifies will become a new registry. And the most important add on for the existing use cases will be the revocation registry, which we would like to have somewhere in between the verifies and the issuers to prohibit that. We have to ask the verifier systems, but we would like to have it in between. In a system that is replicated across solar can be replicated across member states because we believe that each member state can then make its own decisions on how to provide that availability in case of emergencies.
And we analyze the business processes and we all know that there is a a verification process that you meet a verifier. The verifier is challenging you with a QR code and then you look in your wallet, what do you have? You hand it out via some transmission like showing a QR code. There are different ways in the EE wallet system how to do that. And then we scan and lastly the verifier does it. So that's a standardized verification process. And for the issuance, there's another picture I would like to show you. I jump over that.
We did all that as a in the pilot and we already implemented all that months ago, showed that to the business people and then we came up with a generic architecture. That's the sentence to lock into the, into the panel discussion we had today. There was a question do, is there someone who is doing a generic architecture for issuing and verifying that's what DC four is doing.
We are providing that for all participants and we are also inviting all social security institutions, whether DC four U or not to participate to base a large scale pilots on that.
The green one is the existing one, that's the authentic source and the blue parts are then what we provide. We need here in the first line, a notification to the CI citizen, Hey, there's something for you that's a push towards the citizen sometimes possible. The second is a a pull. So I go to a portal and ask what's there for me and I can use either one of that. The third is then the actual issuance process.
My wallet, now the wallet comes into place. I use the wallet to get it. And the future thing, that's my last word that we would like to see from the Edith frameworks is that we can do everything from the wallet.
That would mean that the wallet must be able to ask the issuer what is available for me. The answer will be a list of things to do. A list of these instances in the latest op, my DVCI, we saw the type parameter. Now we need instances of that type, the different e, the different PDA ones.
Then we can select, we can download it and that would be one of the major ideas that we can contribute in a proposal to enhance the data system. Everything else, I think time is up so we have to skip the rest. There are a lot of selected topics that we should or could discuss, but I think time is up. So I'll hand over to our host.
Well thank you so much Tema.
I, these are really large consortia. There's a lot of work to do on any aspect. So I think you couldn't make five slides and, and be clear and and complete. So I understand maybe it's better to study the slides afterwards if you are better interested. There are some questions, but you'll be back on stage just after the last and next speaker before we have the break. So thank you and see you in a minute.