Decentralized digital identities give their users many benefits in data privacy, comfort and efficiency. Returning control of identity information to the people it pertains to, and enabling them to reuse this information, often gives faster service interactions, with reduced verification time and associated costs too.
What’s more, services enjoy the same trusted information with reduced identity management backend costs. And greater security.
In recognition of this, and to test the level of maturity of these solutions, the Ministry of Economic Affairs, Innovation, Digitalization and Energy of the State North Rhine-Westphalia (MWIDE) conducted the Online-Sicherheitsprüfung (OSiP) Self-Sovereign Identity (SSI) project in mid 2019. It was supported by cosinex and Accenture, with Spherity and Jolocom acting as the self-sovereign identity (SSI) wallet providers.
SSI wallets enable people to control the information that defines them, without having to rely on a centralized third party. In this model, coopetition – the practice of cooperation between competing companies – creates greater choice for users and a more robust enabling environment for all SSI wallets. In this way, the technology stands a better chance of taking off on a large scale and more effectively competing with today’s centralized options.
Jolocom developer Eugeniu Rusu has written the complete Integration Report, where you can dig into the meat of the technology. Alternatively, here are the highlights…
The use case
Concluding in September 2019, the main focus of the OSiP project was a test scenario for journalists’ access management into the premises of a security-critical event. In this use case, a system based on SSI was built on top of existing security check infrastructure by Accenture to support seamless information exchange between SSI wallets from multiple providers.
Step 1. Journalist begins the application process
They then visit the OSiP online verification website, entering first name, last name, and eID number in a form rendered on the OSiP WebApp. To start the OSiP process, the journalist shares their eID. A QR code is scanned to do this.
The wallet then prompts the journalist, asking if they’d like to share their eID with the OSiP server. The OSiP server then gives the journalist authentication.
Step 2. Journalist receives OSiP credentials
If the security check is passed by the journalist, an OSiP employee can issue them with an access credential. After scanning the QR code that offers this credential, the journalist can store the credential (specific to their identity) in their secure wallet.
There are now two credentials in the wallet: the general-purpose eID credential and the OSiP credential. The latter permits the journalist to gain entry into the specified OSiP events.
Step 3. Journalist shares credentials to gain access
Now the journalist scans the QR code at the entrance of the event using their Spherity or Jolocom wallet.
The wallet then asks the journalist to share the OSiP credential with the verifier.
If the OSiP credential is valid (i.e. if the credential has not expired or been revoked), access is granted. If the credential is invalid, entry is denied.
The use case was designed with several goals in mind:
- to create an open platform,
- to create a user-friendly solution to identity and access management challenges, and
- to identify technical and legal aspects needed to create a productive, real world solution capable of functioning across any self-sovereign identity wallet. In other words, capable of functioning interoperably.
Interoperability is seen by industry leaders as one of 10 core principles of SSI, and a precondition for the development of a healthy self-sovereign data ecosystem. Another core principle is avoiding vendor lock-in, where platforms seek rent on exclusive and proprietary data formats or software architectures.
Government IT projects often struggle to protect themselves from such private-sector dependences, given their longer timelines and life cycles. Delivering on these theoretical principles across competitors is rarely a high priority in these early days of the industry. At the same time, however, government stakeholders often demand proof of exactly this before committing public funds.
Today, a select number of providers and interest groups are looking to create interoperable solutions for SSI wallets. Much in the same way social media services and personal data harvesters have monopolized access management for online services, we envision a world where anyone can use any SSI wallet to access any service. Only this time, true control will lie not with the software company that made the wallet, but in the hands that hold it. Which is where it should be.