Bringing SSI to Flemish citizens

Use cases •
Apr 08, 2019 • logged_by: Sean

In December 2018, Jolocom announced its involvement in a bold project to enable an ecosystem for self-sovereign identity (SSI) with full support from the public sector. Called Blockchain on the Move, the project’s aim was to make citizens the managers and owners of their own data and identity, so individuals could share validated data more quickly and more easily, and always check who had used which data at what time.

Public and private organizations would also benefit from the trust and authenticity of the information delivered by this user-centric network.Blockchain on the Move was supported by the Flemish Government within the Programme for Innovation Procurement (PIP). It was a consortium with the City of Antwerp, Digipolis, the Flemish Government and Informatie Vlaanderen. Additionally, V-ICT-OR (the Flemish ICT organisation) was project partner and Jolocom the technical partner for the duration of the first phase of the project, which ran until the end of February 2019.

The project’s overall objective was to assess how blockchain technology at the time could be implemented in real situations, such as when a citizen registers a change of address with local authorities.

What does SSI bring to citizens and the state?

The act of credential and certificate issuance that has been a longstanding area of state sovereignty in the analog world is being disrupted in a digital environment by the SSI model. This identity model reduces the dependency of the state and its citizens on intermediaries, by enabling more direct interactions. In this way, the self-sovereign approach has great potential to enhance citizen or constituent engagement and even renew democratic institutions. Essentially, SSI makes it possible for the state to engage with citizens and organizations directly, without depending on a third party.

© Jolocom 2019 | Inspiration: The Path to Self-Sovereign Identity (Christopher Allen, 2016)

Unlike existing identity management solutions that are structured from the perspective of organizations to provide an identifier for users, self-sovereign identities are structurally designed to prioritize the perspective of the individual – or of the entity that’s the subject of a given identifier.

In the self-sovereign identity paradigm, individuals and entities are enabled to create and manage their identifiers in a decentralized fashion. i.e. without relying on a third-party identity provider.

This means citizens possess greater control over their data, while also enabling better security for that data. What we want is an enabling environment for user consent. A user-centric schema for identity management gets us closer to realizing data protection regulations, such as the GDPR, in practice. This structural innovation of identity finds great visionary alignment with the eIDAS regulation and objectives, such as the once-only principle.

User-centric identity is now understood to be a priority for government services and SSI provides a new approach to delivering it, with maximum adaptability to every example. SSI enables citizens to use the same secure, trusted data across different situations and interactions — whether requesting an ID card or accessing a public swimming pool.

Our work as technical partner

Jolocom’s team worked hard to deliver the building blocks of a self-managed identity that would enable citizens to establish control over their identity data. From the outset, we were especially drawn to the motivation behind Blockchain on the Move, namely, to apply all the research and knowledge about distributed ledger technology we have and test real blockchain implementations in different demo environments and interaction lifecycles.

An ecosystem of services integrating self-sovereign identity

The project offered a real opportunity to show how our self-sovereign approach and technical solution to digital identity management could deliver significant benefit during interactions with one another, to individual citizens and public and private sector institutions.

A look at the building blocks of SSI

One of the core building blocks we delivered focused on enabling SSI users to manage their SSI credentials. Since our users would not all speak the same language, we took the alpha version of our mobile application for identity management – the Jolocom SmartWallet – and extended its language capabilities to include Dutch, English and German.

Using the SmartWallet to create an identity

This also served as an example of how easy it could be for users from different countries to use the same digital wallet application to generate, manage, and store self-issued credentials. Citizens would be able to simply download a personal copy of the SmartWallet at no cost and begin creating (i.e. self-issuing) and sharing claims about their name, contact data or address.

Using the SmartWallet to interact with third-party services

The SmartWallet in action: Building interactive demo services

As a further component of our SSI solution, we put together various demo environments and platforms to demonstrate how the SmartWallet could be used by citizens and real employees from Dutch and Belgian municipalities during typical service interactions.

To start, an employee at a municipal office uses a self-issued credential (stored in the employee’s SmartWallet) to authenticate against the demo service platform we built. The credential in question is essentially a claim about the individual’s identity that is verifiable.

In this scenario, a municipal employee is essentially going through the standard login procedure and authentication process required to access the municipality’s employee-side service environment. The SmartWallet makes for an easy, straightforward operation.

Once logged in, the employee can issue signed Belgian or Dutch ID card credentials to the citizen’s SmartWallet.

From the citizen’s perspective, using the SmartWallet with our demo issuance service would make getting an ID card credential from the municipal office a breeze. What’s more, citizens are able to efficiently, and with minimal exposure of identity data, obtain a digital proof of state-issued identity – in the form of a verifiable claim that can be used in any number of interaction environments, proving one’s status as a citizen.

Overview of municipal demo service lifecycle

As part of the same employee-citizen interaction, the citizen can choose to receive an additional (signed and trusted) credential, a digital form of their A-kaart. An A-kaart is a card the City of Antwerp gives to residents so they can earn points that can later be exchanged for discounts or benefits.

Crucially, the ID card and A-kaart credentials operating in this interaction lifecycle are each treated – i.e. defined and issued – as verifiable credentials. That means the exact same credential can be used during interactions with other services provided by the municipality, or even third parties.

Putting verifiable credentials to use

After a seamless exchange of verifiable credentials at the municipal office, the citizen’s SmartWallet should contain two new credentials. To show how those credentials might be used in further situations and interactions, we built two demo service environments for SmartWallet users to experience credential exchange in practice.

With the ID card credential, a citizen could interact with our demo university admissions service to quickly and easily initiate the registration/enrollment process. And with the A-kaart credential, the citizen could prove eligibility to receive a free swim at the demo swimming pool service we built.

Demo swimming pool service — welcome screen

The interaction modeled in the swimming pool service is based on a credential exchange flow. A visitor can use our web service to gain access to the pool, and also to get a discount on the entry fee. By using the SmartWallet to share an A-kaart credential (issued and signed by a valid municipal service, as in the employee-citizen credential issuance interaction), citizens could easily make use of their loyalty points, claiming, for example, a free swim.

An exchange of credentials forms the core interaction of our university demo service tool. Visitors to our university admissions demo page are asked to present the digital ID card credential they received during their municipal service interaction. Depending on the issuer – either Belgian or Dutch municipality – of the identity card credential shared by the prospective student (user) via their SmartWallet, a customized user interface is rendered.

The interaction with the university service ends with a message telling the user about the next steps in the enrollment process. The language used to display the message tallies with the user’s nationality, confirmed via their state-issued ID card credential. This delivers a demo web service that allows citizens of both participating municipalities that hold a digital identity card credential to use the same service.

The swimming pool service shows how a third party (i.e. the pool) might implement our solution to validate a user’s A-kaart credential and then give them a benefit as a result. The university service demonstrates how a citizen in possession of a digital ID card credential in their SmartWallet — whether issued by the Dutch or the Belgian municipality — can use that credential to begin the admissions process.

Kai presenting Jolocom’s SSI solution at Trefdag Digitaal Vlaanderen (29.11.2018)

Touching base with stakeholders

Over the course of the project’s initial phase, we made sure we got feedback directly from stakeholders and future user groups. We particularly wanted to know about the SSI Building Blocks and how we had used them in demos, to adapt and extend existing digital identity systems, integrations and implementations for e-Government.

At the end of 2018, we went to Gent, presenting Blockchain on the Move to an audience of ICT specialists from the Flemish public sector at Trefdag Digitaal Vlaanderen. In February the following year, we traveled to Antwerp to join the consortium in leading a workshop for stakeholders from the public and private sectors to gain an improved understanding of the project.

This workshop also gave the project partners invaluable feedback from public and private sector representatives, whose input and insight as stakeholders helped refine our understanding of their combined and separate needs.

For the close of the first phase of the project, we returned to Antwerp to present the results of the project, along with representatives from the consortium, during a final meetup. Guests there also had the opportunity to experience the different interactions.

What did we learn from the public sector?

Representatives of the public sector at our various events were mostly inexperienced in topics such as blockchain and the concept of self-sovereign identity – within the context of identity management.
While new to these topics, they were definitely curious if not welcoming to the potential of blockchain and SSI for their public administration applications.
There was genuine excitement around citizens being able to control their own data.
Thanks to their professional experience of interaction with citizens, representatives from the public sector offered unique perspectives and insights into developing stakeholder-relevant SSI applications for e-Government.
Via integration with the SmartWallet, the A-kaart loyalty scheme could be extended for use in more places and during more interactions.

What did we learn from the private sector?

Private sector representatives showed a reasonable grasp of blockchain and familiarity with related topics, even the more technical ones. From the outset, there was a clear enthusiasm for SSI and it was encouraging to see such familiarity with blockchain, decentralization and related topics among them.
Private sector stakeholders are thinking about SSI. The participants in our workshop were able to come up with clear ideas for SSI use cases. In fact, given the appropriate access to trusted credentials including those we discussed, the participants reported they would be able to put those credentials to work in a variety of different use case environments and interactions, and relatively expediently. In other words, the private sector didn’t take much time to begin articulating interesting implementation scenarios for verifiable credentials and SSI.
There was a real appreciation of the onboarding challenges, of getting trusted credentials into an SSI wallet and ecosystem. Having identified the audience’s familiarity with the challenges specific to credential onboarding early on during the stakeholder workshop, we explored what kinds of use cases to expect the public sector to support and even embrace in the context of SSI. Some areas of credential issuance that came up during the discussions included issuance of an ID card (credential), a registered address (credential), a KYC certificate (credential), a “18+” credential, and a driving license (credential).
A lack of better management mechanisms and recovery methods than those currently available is inhibiting the full-blown adoption and embrace of SSI, at least in the private sector. Account backup, key recovery, and functionalities in general that create management tasks for users were each identified as areas of concern among private sector representatives.

Natascha Wittenberg presents Jolocom’s SSI solution during our final meetup in Antwerp (21.02.2019)

Our key takeaways for the SSI space

1. There is enthusiasm for SSI in both public and private sectors.

They are willing to get SSI to work. There is a clear desire for real-world implementations of SSI.

2. Onboarding of trusted credentials is the biggest challenge.

Onboarding credentials would appear to have to happen in close collaboration with the public sector. What’s more, they would need to be provided by the public sector to its citizens and its companies as a service. This would form a basis of trust for empowering future users of SSI with a solid foundation of trusted credentials for their digital identity interactions.

3. Usability and convenience will be the major drivers of adoption.

To achieve real-world adoption, we have to give even greater focus into the UI and UX aspects of our products. Concerns for usability and convenience will require both public and private sector actors to prioritize the user experience in all their applications of SSI.

The road ahead for Blockchain on the Move

Originally, the consortium intended to use the results from phase one as a foundation to build a production use case for self-sovereign identity. By progressively building out use cases, the project aimed to arrive at a real world implementation.

Thanks to their engagement with Jolocom during the first phase of the project, “the partners of the Blockchain on the Move project have learned a lot about the concept and technology of self-sovereign identity,” said Daniël Du Seuil, Programmamanager Blockchain for Informatie Vlaanderen of the Vlaamse Overheid and Blockchain on the Move project coordinator.

According to Du Seuil, one major takeaway for the public administrations involved thus far was the observation, “that implementing self-sovereign identity in their interaction with citizens will require more than merely adjusting the existing processes.” To gain the full potential of SSI we need to rethink our ways of interacting and how different processes engage different stakeholders.

Today the partners mobilizing Blockchain on the Move consist of public organizations only. To make SSI a sustainable success, cooperation and support from other sectors of society is needed. As we learned during our stakeholder workshops, private partners such as banks and retailers are also interested in self-sovereign identity implementations and their possibilities. From the perspective of citizens, notes Du Seuil, “SSI will be more interesting and appealing if they can use it for several cross-sector interactions in public and private contexts.”

Another important aspect to consider in terms of rethinking how we interact and work together is the scope of those interactions. In the course of the first phase, the partners developed a greater appreciation for the technical nuance relevant to cross-border interactions involving citizens with multiple identities. The SSI project, we learned, requires a truly international framework, both conceptually and in technical realization.

Seeing the project partners actively involved in the European Blockchain Partnership and in particular its efforts on SSI, together with other member states of the European Union, shows the important pull factor that is already represented by the public sector to cooperate beyond borders. On the other side, Jolocom actively contributes to the push factors in this emerging identity space, with our work at the German Blockchain Association (Bundesblock) and more recently as a founding member of INATBA, an international industry-driven body set up to develop a global governance for applications in the area of blockchain and DLT.

The original focus and scope of Blockchain on the Move was limited to the context of Belgium/Flanders/Antwerp. We’ve learned since that the SSI project has a very important international dimension which was eclipsed by the initial scope. This insight has motivated the partners to reassess the project from a more global perspective.

While enthusiastic about enabling citizens to manage their own identity data, the partners identified that, at its current stage, self-sovereign identity requires further research and elaboration before implementation in a use case such as the moving process of a citizen is possible. Based on these findings and learnings, the partners of the project decided to formulate a new planning and vision based on the following principles, as articulated by Du Seuil:

Search for collaboration with private partners, such as banks and retailers, to implement an SSI ecosystem/consortium in Belgium and build or adjust the necessary tools for citizens and organizations to interact with this new identity concept.
Look for added value/benefits for citizens in cross-sector interaction and approaches.
Focus on the social and legal constraints of using SSI.
Rethink and redesign current processes to obtain to the fullest extent the benefits of self-sovereign identity for citizens, and public and private organizations; and strive for considerable gains in efficiency and trust.
Align and interact with international projects and initiatives including the European Self Sovereign Identity Framework (eSSIF), at the time of writing in the concept-and-design phase in the European Blockchain Services Infrastructure (EBSI).

These steps will mark the next phase of the Blockchain on the Move project.

Credits and thanks

Blockchain on the Move would not have been possible without the continuous support and feedback from the consortium partners, namely the City of Antwerp, Digipolis, the Flemish Government, Informatie Vlaanderen, and V-ICT-OR. Jolocom has been working alongside the consortium since November 2018 to realize the first phase of the project. It’s thanks to initiatives including Blockchain on the Move that we are able to join in taking the lead in Europe to enable a SSI ecosystem for citizens with full support from the public sector.

More thanks go out to our stakeholder workshop participants and final meetup audience, whose comments, thoughts, questions, and feedback helped inform invaluable takeaways that continue to shape our work and approach to building SSI solutions.

‧ ‧ ‧

To learn more about Blockchain on the Move visit the project website.