In this panel session we will discuss about user experience challenges and opportunities presented by the new paradigm of Decentralized Identities, Digital Identity Wallets and Verifiable Credentials, and some exciting potential solutions.
KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
In this panel session we will discuss about user experience challenges and opportunities presented by the new paradigm of Decentralized Identities, Digital Identity Wallets and Verifiable Credentials, and some exciting potential solutions.
In this panel session we will discuss about user experience challenges and opportunities presented by the new paradigm of Decentralized Identities, Digital Identity Wallets and Verifiable Credentials, and some exciting potential solutions.
That worked well last time, so let's try again. But do not waste any time, maybe the usual thing, quick introduction, who you are and what is your opinion, the final message that you want everybody to take away home when it comes to user experience for wallets. Starting with Mirko.
Okay, yeah, my name is Mirko, right now a PhD student analyzing the SSI world with user security, with usability, costs, performance and so on, and spoiler, we haven't found the perfect solution yet, but we are on a very good way to narrow it down. Hi everybody, I'm Mark Haine, I'm director at OpenID Foundation and I think we don't particularly have strong opinions about usability other than there should be some, and that it should be for a very diverse range of people.
Hi, I'm Fraser, CEO of cheqd, where we build payments infrastructure for credentials, targeting kind of AI, that's 2.0 as that comes in, and we've also built a decentralized reputation platform mixed with a no-code issuance and kind of web-based wallet, all focused on community management, mostly protection and engagement for web3. Thank you very much, and Sharon is there, so that's great. Hi Sharon.
Hi, is my head very big on the screen? This is scary. My name is Sharon, and thank you for allowing me to join you virtually.
I work at an organization called Jobs for the Future, which is a US-based non-profit, and our goal is to see 75 million adults access good jobs, and a lot of times those people who currently face barriers have a lot of needs related to technology, and we're really excited about the way that digital wallets and digital credentials can help to unlock access, but we have a lot of questions and opinions about usability, so that this technology is designed to benefit the populations that we serve. Great, thank you very much.
So, when you are a lazy moderator, you have two choices. First, ask chat GPT for questions. This is embarrassing, so no.
Second is, ask the participants. So, I ask them what are questions that really help also, and that's the main reason behind that, so not that funny, to help educate the people in this room where we are right now. What does user experience really mean? Where are wallets right now? That is actually, and I love that question. It's really, for those who are not aware, what is the current state of digital identity wallets? Where are we right now?
Maybe, that's really around to all four. Maybe starting with Sharon, where are we from your perspective?
Well, in the education and workforce digital identity wallet subcategory in the US, I think that we're very early stages. We're starting to see people experiment. A lot of the experiments are with wallets that meet some of the open standards for digital ID, but a lot of them are very niche products that are, you know, designed for one purpose or one institution or one organization.
So, a lot of what we are trying to do is actually encourage a marketplace that has a lot of digital wallets because we think that people will always have preference for the kind of interface, the kind of like application layer that they want, but we're just hopeful that they all, at the end of the day, support interoperability and a variety of different credential types. Great, thank you. Looking to all of you for leadership. Yeah.
Okay, maybe Fraser? I think we're gonna go through a world of pain, which is unfortunate.
So, I don't think anyone's really thought about this particularly well yet, and the best analogy I've got is that if you look at the way the payment wallets work in mobile or like mobile devices, you barely ever open the application. Like, the Apple wallet just sits in the background, you don't really use it, and then it pops up whenever you need it, and yet we're architecting these identity wallets as if they're these huge user experiences that need to be like completely tailored, and I think realistically you should probably never need to open them.
They should just interact with the applications that do need that data and pull that data in, but at the same time, the people who have those applications where we are going to need to pull data in and out haven't gone down this thinking yet, so I think we're gonna have this weird stage where everyone builds a load of identity wallets, which are pretty clunky, and then eventually the rest of the market and the industry comes along and is like, oh, we need to get data in and out of this thing, because otherwise we're ceding our relationship to the wallet provider, and then the user experience, I think, will get fixed where the wallet provider or the wallet becomes what it always should have been, which is just a store that interacts with other things, and the actual user experience in integrations and all that kind of good stuff is in the application you want to be using, whether that's a university app or anything else.
That's a great seed from my perspective on this, which is there a huge amount of complexity in this, and the user experience of a wallet with many, many credentials in it could lead to cognitive overload for the end-user. I have a little analogy I play with, by the way, this isn't OpenID Foundation official policy by any means, this is Mark's own opinion. The analogy is fighter pilots. They are fed all sorts of information, and cockpits of fighter planes are designed to give decision support to the pilot.
I think actually we're going to have to do something similar for wallet users, otherwise we're going to overload them with decisions. If we do that, there is a risk that it's going to turn into something rather like a dating app, where you swipe right, swipe right, swipe right, until something works.
Just building on that as well, it reminded me that there was always an SSI and decentralized ID, that idea of AI agents or smart agents operating on your behalf with the data in your wallet, and I think that's something we're going to need, because to your point, otherwise you're just going to get cognitive overload. But if you can at least offload a lot of that, where you almost set policies as a user, and then those policies are enforced by something on your behalf of deciding what you accept, and particularly what you share, hopefully that gets easier.
The analogy I always use is, everyone has a set of details that they enter when they go on airport Wi-Fi, and they are not truthful, for obvious reasons. Whereas when you go to your bank, you do use truthful details, and I think that kind of policy is hopefully what's going to be used in the future to avoid exactly what you're describing, because otherwise it's going to be awful. So at the Open Wallet Foundation, Micah started to make an overview of first TNO, and FindyNet did it, and then that was transferred to the Open Wallet Foundation, and the number of wallets is growing and growing.
Right now we own about 66 entries, and we tried to make a comparison, like easy steps, like is it open source, where's the link in the App Store, and so on. But when we were looking at the supported technologies, like which did methods are supported, is a blockchain-based, which transport protocol we see. We see that not all the wallets are interoperable, so it's very difficult right now to think about, well, there isn't not one wallet supporting everything, which would be great.
So it's like, okay, I'm using this wallet, but maybe then I'm not compatible with another agent, maybe I'm only using W3C credentials, but this does not work with the agent, it only knows Anoncrats, and so on. And we still have this algorithm or format war. So in every category, we also have another comparison sick, the credential profile sick, and there are so many possibilities, and everything has its advantages and disadvantages for the use case, and the same with wallets.
Some people say, I want a very easy wallet, like Fraser said, it should be a back-end, it should not have a UI, it should automatically work like my credit card. I just need a little sound that tells me, okay, you have shared everything, everything is right. Some people say, no, I want this overview, I want to see which credentials do I have in my wallet, which credentials have I used in the past to maybe report some abusement. And then other people say, well, I want a cloud approach, because I have multi devices.
Others say, well, I want it on my device, because I'm not trusting any cloud providers. And we don't have the statistics, everyone has his own opinion, which wallet he wants to use, but for the providers, they're all asking, hmm, what will my potential customers want to use? Because at one point, you have to decide, you cannot make a wallet that also works in the cloud and also adjusts on your smartphone, and we hoped when eIDAS kicked in, maybe it will narrow it down, but eIDAS is technology neutral, so nobody really knows what to do right now.
Okay, that's a good point, that actually destroyed my next question, sorry for that. So, I'm easy to satisfy sometimes. I just went on vacation to Sweden, and I never changed money to Swedish kronan, I just used my iPhone, and I paid everywhere, went home, and I was happy, because I did not care. This was a user experience that I liked. So this was a baseline fun for Matthias, which was good. The question is, that was good. Define good. That was the question. I'll try it again. If I give every one of you 30 seconds, what defines good in terms of a wallet app?
Again, maybe starting with Sharon. You're going to put me on the spot.
Okay, 30 seconds, what's good? So we have four characteristics that we look for. We wrote a market scan for education and learning wallets, right? The first and most important is that it has to hold multiple credentials of multiple credential types from multiple issuers. And I'm not going to commit to a particular tech stack or a point of view on standards, but that's really important. The second related to that is agency over how to store and share.
So a person needs to be able to decide who they want to share with, receive requests, bundle, but then also make decisions about whether they want to use a different wallet and export their data. And that obviously is related to the interoperability of the credentials across wallets. The third is that it has to be accessible to a variety of users, including those that have limited device or digital access. So we favor solutions where there's a web plus a mobile option.
And then finally, just thinking about the security of the information in the data that people store and whether they can be tracked and traced. So it's nothing very unusual, but most fundamentally, a solution that is sensitive to the needs of the populations that we want to be using them. Right. Okay.
So again, skip the 30 seconds. What's your opinion? What is good? So I think a good wallet is a wallet when a German citizens finds nothing to complain. Then you know you have found the perfect wallet. And being myself a German citizen, I know by myself, we put a lot of effort to find at least one thing we can criticize. So when we say nothing, it's perfect for you. So I'm going to take a slightly different spin on basically the same answer, which is it makes my life easier. And it doesn't give me any surprises. Yeah.
Okay, then my good is good. I think I was gonna agree with you, Mark of like just lack of friction up until the point where it's necessary for security, regardless of I think you made this point, like when we're discussing earlier of like, regardless of your abilities, if you are partially sighted, or you like, it's still frictionless as far as possible that way. And I think a little bit for me is, I don't know which company it is, but time to delight, like how short can you make it where it delights you in that experience?
For a digital ID wallet at that point, if we can manage that, then maybe we might satisfy the Germans, maybe. Delight's a big ask. It is in security. The best I've ever achieved is ambivalence when things go well, right? Okay.
Okay, that's that's a low bar. But if you are implementing this stuff, you are working on that. So you are actually solving issues, you're solving challenges. So I would assume from the work that you do, and this was all very negative, but at least a bit.
Yeah, realistic, at least to put it. But but you are solving challenges. What do you think? What are challenges that you actually solve that led to better results in what you did? Maybe it does starting with Frasier. Using that friction example, so we built this wallet for community management and we had a load of assumptions on what people would use to log in, the way they would interact, and the best experience we had was just putting it, being physically with people and watching them figure out how to use it.
And the quickest thing that we found was, it's going into like Web3, into the kind of crypto side, and they are typically Discord and Telegram users. And as a result, we thought that would be the default login because that's already what they use.
But they, because they never interacted with the service, they default, they were like, we just want to use email and actually we like Gmail, like Google login would be, or SSO would be ideal, which was completely the antithesis that we thought when these are typically like very, very privacy focused individuals. But what it came down to is they view an email as like almost throwaway. They don't care about logging into something and then potentially having a follow-up by email. So it was like the lowest common denominator.
So for us, it was just watching people play around with it, get it wrong, or well, not get it wrong, they got it right, we screwed it up, and then adjusting the product to go and make it easier for them. So that was the biggest thing for us, just watching people use it and then tailor it to fit.
Okay, solve challenges from your side. I'm gonna pass the baton on that one because I've not done implementation.
Well, I think you have to know your users. You could say, well, my target are the crypto nerds and so on. They are familiar with backuping seats and so on. They will deal with it. Some people, for example, in my daily life, I want fully automation. I don't want to click, yes, is it really this company?
Yes, I really want to share this and this data. I just want to make it happen. But in some situations, I'm more like, well, okay, this relying party wants to receive critical information, critical information from my point of view. Maybe my age is more important than for Fraser.
He says, maybe, okay, to other parties that are authorized in a trust list, I want to share this. And then it's a question, okay, how can we implement it? We have a setting menu with 1,000 checkboxes. Like I say, okay, I do this and this and this. And this will be very challenging because some people want it this way. Other people want it very minimalistic. And to find the balance to say, okay, I'm allowing the user different possibilities, but also explaining what does it mean. What does it mean like automation when the issuer or verifier is in a trusted list?
My mother doesn't know what a trusted list is. She thinks, oh, is it the paper written down or where can I find this paper? So we have to educate people and be very careful because when people are just frustrated, they will go back to the old fashioned way because it's too complicated for them. Absolutely.
Sharon, from your point of view, what are challenges that you overcome and how? I don't know that I've overcome any of these challenges, but I feel like one of the observations that we have is that a lot of times there is a very strong tie between credential issuers and the wallets themselves, where credential issuers sometimes express preference for certain kinds of like wallets or interfaces, or they would even use the word wallet when we would probably suggest that it's not a wallet, where the credential issuers have some kind of incentive to keep the users trapped within their ecosystem.
And so the interoperability challenge is really there, but it's also the relationship of the kinds of credentials, the kind of use cases, and then really trying to encourage a more open exchange. OK. So if anyone has a solution, let me know. OK.
On that, it's actually becoming a pattern, I think, of like the wallet providers typically right now operating some kind of software as a service, certainly on the issuance, because it's the only way so far anyone has found to create a commercial model to subsidize the wallet.
So I think one of the things we're going to find over the coming, it was touched upon by Joran from Deloitte yesterday, finding a commercial model that also incentivizes the wallet providers or provides like revenue for them where they don't have to go doing other things, because otherwise you're going to be locked into that kind of SaaS issuance because you've got no other way to monetize. I'm going to jump in and take over with my one of my pet things, which is the link between usability and accessibility.
I think it's really critical that we remember there are people out there who are not as able as the majority. And a lot of projects deliver for the majority, not the minority. There was a case in the UK financial services pretty recently where the banking apps, because of PSD2 and good cybersecurity practices, were inadvertently locking out people with disabilities. There was a case raised against several banks, and I'm sorry to say that the individual died before that came to court. But I think it should have been a much wider discussion and learnings should be taken from it.
OK, we are out of time, but I want to ask you, I'll try it again. I want to limit your answer to one sentence. If you talk to the next upcoming wallet developer, what would be your recommendation? A do or don't sentence? Do this or do not do that? Starting with Mirko. Look for the demand. As a technician, I want to implement everything. But when there's nobody wanting this, they will not use it. And as a producer, I want that my work will be used. Right. Sharon? Something very similar. Why would I want to download your wallet versus any of the other wallet options that I have?
OK, Fraser. Sorry, I just put random. Find your use of population and put something physically in front of them as soon as possible and watch them use it and then go from there just to understand how they do it. Final words, Mark? Do remember the broad range of communities that you need to serve. Thank you. Thank you very much to this audience, to the audience, to you as the speakers. This was really good insight. I have really 15 more questions, which I threw all away. I would love to see the answers. We don't have the time. Thank you very much for this panel. Thank you. Thank you.