Decentralized digital identities provide many advantages with regards to data privacy, comfort and efficiency. Returning control of identity information to the people that information pertains to and enabling them to reuse this information often makes for faster service interactions with reduced verification time and associated costs.
On the other side of the coin, services enjoy the same trusted information with reduced identity management backend costs and greater security.
In recognition of this, and in order to test the level of maturity of these solutions, the Ministry for Economic Affairs, Innovation, Digitalization and Energy of the State North Rhein-Westphalia (MWIDE) conducted the Online-Sicherheitsprüfung (OSiP) Self-Sovereign Identity (SSI) project over the course of mid-2019 with support from cosinex and Accenture, with Spherity and Jolocom acting as the SSI wallet providers.
SSI wallets enable people to control the information that defines them without having to rely on a centralized third party. In this model, coopetition, rather than competition, between providers creates greater choice to users while creating a more robust enabling environment for all SSI wallets. In this way, the technology stands a better chance of taking off on a larger scale and more effectively competing with the traditionally centralized options of today.
Read the complete Integration Report, by Eugeniu Rusu to dig into the meat of the technology. Or keep reading for the highlights…
The use case
Concluded in September 2019, the main focus of the OSiP project was a test scenario for access management of journalists into the premises of a security-critical event. In this use case, a system based on SSI was built on top of existing security check infrastructure by Accenture in order to support seamless information exchange between SSI wallets from multiple providers. Keep reading to explore the full interaction! And for more detailed information intended for developers and technical audience, you’re invited to read and share the complete Integration Report drafted by Eugeniu Rusu of Jolocom.
Step 1. Journalist begins the application process
The journalist then visits the OSiP online verification website and enters their first name, last name, and eID number in a form rendered on the OSiP WebApp. To start the OSiP process, the user shares their eID. The QR code is scanned to do this.
The wallet then prompts the journalist, asking if they would like to share their eID with the OSiP server. The OSiP server authenticates the user.
Step 2. Journalist receives their OSiP credentials
If the security check is passed by the journalist, the OSiP employee can issue an access credential to the journalist, and after scanning the QR code that “offers” this credential, the journalist can store the credential (specific to their identity) in their secure wallet.
There are now two credentials in the wallet: the general-purpose eID credential and the OSiP credential. The latter enables the journalist to be able to gain entry into the specified select OSiP events.
Step 3. Journalist shares their credentials to access event(s)
Now the Journalist scans the QR code at the entrance of the event using their Spherity or Jolocom wallet.
After scanning the QR code, the wallet asks the journalist to share the OSiP credentiali with the verifier.
If the OSiP credential is valid (e.g. if the credential expiry has not lapsed), access to the event is granted to the journalist. If the credential is invalid (e.g. revoked by the issuer for a certain reason), automated entry is denied.
The use case was designed with several goals in mind: (1) to create an open platform, (2) to create a user-friendly solution to identity and access management challenges, and (3) to identify technical and legal aspects needed to create a productive, real world solution capable of functioning across any self-sovereign identity wallet. In other words — capable of functioning interoperably.
Interoperability is seen by industry leaders as one of 10 core principles of SSI, and a precondition for the development of a healthy self-sovereign data ecosystem. Another core principle is avoiding “vendor lock-in,” whereby platforms seek rent on exclusive and proprietary data formats or software architectures.
Government IT projects often struggle to protect themselves from such private-sector dependences, given their longer timelines and life cycles. Delivering on these theoretical principles across competitors is rarely a high priority in these early days of the industry — at the same time however, government stakeholders often demand proof of exactly this before committing public funds.
Today, a select number of providers and interest groups are looking towards creating interoperable solutions for SSI wallets. Much in the same way social media services and personal data harvesters have monopolized access management for online services, we envision a world in which anyone can use any SSI wallet to access any service. Only this time, true control will lie not with the software company that made the wallet, but in the hands that hold it.
Where it should be.