decentralized-id.github.io/_posts/identosphere-dump/public_sector/europe.md
⧉ infominer 12326119c6 public
2022-12-04 04:20:47 -05:00

52 KiB
Raw Blame History

published
false

European Identity

Oskar van Deventer, a rockstar from TNO, presents:

ways to build an SSI ecosystem and architecture together that is interoperable and technologically mature fit for society and funding opportunities for SSI projects through grants.

  • EU Data Governance Act (Meeco)

    We welcome the regulation as a needed common ground for clarifying the role of data intermediaries, building trust in these intermediaries and setting the direction for data governance, including the emergence of digital human rights.

In this context we offer the following suggestions:

  1. Explicitly include individuals as active participants in the definitions [...]
  2. Clarify the scope of the data sharing services (Art. 9 (2)) and extend it to include services that empower the data subject beyond compliance.
  3. Foster the growth of intermediaries, which offer new technologies and have the greatest likelihood of success in Europe if supported by the Data Governance Act.
  4. Open silos and implement soft infrastructure such as standards & open APIs to accelerate uptake and interoperability between data sharing services.
  5. Foster eco-systems and demonstrate the value through practical use-cases.
  6. Create a level playing field for sustainable data sharing by providing funding to pioneers at the forefront of developing data eco-systems

What are the Pros and Cons? - ISSE 2020 Webinar 3 (Tim Bouma says to watch this)

Without a clear vision on identity, society will have no agency since the capability to produce future value (data) is not under regional, nor national, nor international regulated control.

Therefore it is important to have a good overview of what is happening in different parts of the world to see if we can not combine innovative solutions.

In episode 40, Roland fills us in on how Verimi works and its privacy-by-design cornerstones, including data minimisation. Oscar and Roland also discuss the digital identity landscape in Germany

  • The EU Digital Green Certificate Program Evernym

    Although the EUs approach to COVID-19 health certificates (the Digital Green Certificate implements existing technology and supports both paper and digital credentials, offline usage, and speedy verification, it makes a number of security and privacy compromises. Our analysis found it to be inherently centralised and better suited for low assurance use cases.

  1. [Andre] Introduction and the role of Sovrin Foundation around the topic of SSI
  2. Focus of this session is around SSI in Europe (from business and related perspective)
  3. Hyperledger Indy and Aries technology stack
  4. Network of networks which has been a key concept at the Sovrin Foundation
  5. The topic is meant to be a conversation as an outline based on material information which can be shared publicly
  6. EBSI is one of the funded projects from the EU
  7. ESSIF is one of the projects in this portfolio - have issued a request for proposal for consulting (not in the network of networks topic but other areas)
  8. Findy (Finland) - yet to go live. Has public and private partners.
  9. Projects underway at Spain and other member nations in EU
  10. Substantial funding behind Indy based technology stack deployments are being seen
  11. Germany has 3 major streams active in the identity space
  12. Gov digital (for public sector)
  13. ID Union - 2 fold - a project and a L1 Utility (as per the Trust over IP definition) project and Governance Framework; has started in 2020. Will be building a lot of use cases on Indy/Aries over a period of 3 years Includes EU member states and the 3 non EU nations. ID Union activity will have contributions to open source projects
  14. Germany is running an SSI pilot based on the Aries framework. First use case — hotel check in for business travelers (two data types: ID; corporate billing address). German eID card will be used to generate a VC by issuing on behalf of the issuer of the eID card.
  15. Mixed bag of projects and technologies which underline the topic/concept around network of networks. Organizations will come up with their networks and interoperability would be something that is inbuilt.
  16. EU Commission has identified the necessity of making this happen. So no one blockchain to rule them all. A cooperative approach would be needed to get into NoN - tokenisation, IoT etc have been part of the requirements
  17. 3 Sovrin member organizations have jointly created a position paper to address the necessity of this approach of NoN. This approach is endorsed by the Sovrin Foundation.
  18. Universal resolver, multi-ledger wallet etc are key components. A side-project to make a tangible NoN experiment is on the cards.
  19. [Andreas] https://joinup.ec.europa.eu/collection/ssi-eidas-bridge/about
  20. [Alex Blom] https://vimeo.com/522501200
  21. https://gitlab.grnet.gr/essif-lab/infrastructure/validated-id/seb_project_summary
  22. https://github.com/validatedid/eidas-bridge

Doc Searls, Co-founder and board member of Customer Commons, and Director of ProjectVRM, is to deliver a keynote entitled Where Stands the Sovereign Self? at the European Identity and Cloud Conference 2021. [...] we asked Doc some questions about his planned presentation.

Talaos team is excited to announce the development of the first Decentralized Self-Sovereign Identity (SSI) solution built on the Tezos blockchain for the Human Resources industry. The digital wallet created by Talao will enable companies to issue verifiable professional credentials and for employees to store work history and other personal data.

Discover Evas journey using the blockchain solution developed by the European Commission and the European Blockchain Partnership members: the European Blockchain Services Infrastructure (EBSI) - http://ec.europa.eu/cefdigital/ebsi

With the Digital Services Act (DSA), the European Union is to adopt landmark legislation that will create a framework to regulate online platforms around the world. The DSA will have an impact on the free expression of opinions online, our choices as consumers, the right to privacy and the basic mechanisms of the global Internet.

Gov.UK

● secure the UK's status as a global hub for the free and responsible flow of personal data - complementing our ambitious agenda for new trade deals and data partnerships with some of the worlds fastest growing economies

● reinforce the responsibility of businesses to keep personal information safe, while empowering them to grow and innovate

● ensure that the ICO remains a world-leading regulator, enabling people to use data responsibly to achieve economic and social goals

The following article discusses the technical requirements needed to protect our personal data and to ensure a safer digital world. It presents solutions for creating an open and secure IT infrastructure where data privacy can always be guaranteed. The article has been written by esatus, founding member and lead of the “Secure Platform” working group, a thematic group within the IT Security Association Germany (TeleTrusT).

  • Commission proposes a trusted and secure Digital Identity for all Europeans

    However, there is no requirement for Member States to develop a national digital ID and to make it interoperable with the ones of other Member States, which leads to high discrepancies between countries. The current proposal will address these shortcomings by improving the effectiveness of the framework and extending its benefits to the private sector and to mobile use.

  • Digital Identity for all Europeans

    • Available to any EU citizen, resident, or business in the EU who wants to use it
    • Widely useable as a way of identification or to confirm certain personal attributes for the purpose of access to public and private digital services across the EU
    • Giving full control to users to choose which aspects of their identity, data and certificates they share with third parties, and keep track of such sharing
  • TechCrunch Europe wants to go its own way on digital identity

    Alongside todays regulatory proposal theyve put out a recommendation, inviting member states to “establish a common toolbox by September 2022 and to start the necessary preparatory work immediately” — with a goal of publishing the agreed toolbox in October 2022 and starting pilot projects (based on the agreed technical framework) sometime thereafter.

    “This toolbox should include the technical architecture, standards and guidelines for best practices,” the commission adds, eliding the large cans of worms being firmly cracked open.

  • A trusted and secure European e-ID - Regulation

The legal instrument aims to provide, for cross-border use:

access to highly secure and trustworthy electronic identity solutions,

that public and private services can rely on trusted and secure digital identity solutions,

that natural and legal persons are empowered to use digital identity solutions,

that these solutions are linked to a variety of attributes and allow for the targeted sharing of identity data limited to the needs of the specific service requested,

acceptance of qualified trust services in the EU and equal conditions for their provision.

eIDAS

  • SSI eIDAS Legal Report Ignacio Alamillo Webinar 55

    The European Commission developed the SSI (Self-Sovereign Identity) eIDAS bridge, an ISA2 funded initiative, to promote eIDAS as a trust framework for the SSI ecosystem. It assists a VC (Verifiable Credential) issuer in the signing process, and helps the verifier to automate the identification of the organization behind the issuers DID (Decentralized Identifier). Simply by “crossing” the eIDAS Bridge, a Verifiable Credential can be proven trustworthy in the EU.

  • eIDAS and Self-Sovereign Identity (Video Dingle Group

    Why then is eIDAS v1 not seen as a success? There are many reasons; from parts of the regulation that focused or constrained its use into the public sphere only, to the lack of total coverage across all of the EU. Likely the key missing piece was that the cultural climate was not yet ripe and the state of digital identity was really not ready. Too many technical problems were yet to be solved. Without these elements the realized state of eIDAS should not be unexpected. All this said, eIDAS v1 laid very important groundwork and created an environment to gather important learnings to allow eIDAS v2 to realize the hoped for levels of success and adoption.

  • Legal compliance and the involvement of governments SSI Ambassador

    Its currently possible to be eIDAS compliant with SSI, leveraging one out of five scenarios described in the SSI eIDAS legal report by Dr. Ignacio Alamillo Domingo. Especially interesting is the SSI eIDAS bridge, which adds legal value to verified credentials with the use of electronic certificates and electronic seals. However, its also possible to derive national eIDs notified in eIDAS, which are eIDAS linked by issuing a verifiable credential with a qualified certificate according to the technical specification.

eSSIF Lab

Blockchain Certified Data        Academic Verifiable Credentials (Academic VCs) https://www.bcdiploma.com/ Upstream Dream AB        Patient-controlled information flows for learning health systems (The LHS project) https://www.genia.se

Mopso Srl        Amlet (A.W.) https://www.mopso.eu/

Credenco B.V.        Digital Certificate of Good Conduct (CoCG) https://www.credenco.com

Stichting CherrytwistDecentralized Open Innovation Platform (DOIP) https://alkem.io

Truu LtdHealthcare Professionals Digital Staff Passport (Health DSP) https://www.truu.id

Fair BnB Network Società Cooperativa        Stay Fair, Play Fair a co-operative habitat for music  – https://fairbnb.coop/

ZENLIFE SARL-S        Zenlife eConsent https://zenlife.lu/ – under construction

LearningProof UG        HonorBox-SSI  https://learningproof.xyz

WorkPi B.V.        Work Performance Intelligence (WorkPi) https://workpi.com/

yes.com AG        European Bank Identity Credentials (Eubic) https://www.yes.com

Meet Alex Norta, associate professor at TalTech who talks about his project “Self-sovereign multi-factor identity authentication using smart-contract blockchain technology”, that will be carried out in collaboration with the University of Central Florida

The project SSIComms adds SSI to internet communications by adding SSI wallets to the renowned SYLK Suite, an award winning ensemble of communications solutions with the SIP protocol at its core.

The SSI mandate service is a generic and holistic approach to provide and request mandates. Mandates are SSI credentials signed by the dependent that can be requested by either the dependent or authorized representative. These credentials can be used to prove to a verifier that the authorized representative is authorized to act for specific actions on behalf of the dependent.

The objective of the topic is to develop, implement and scale up the European Digital Identity framework, based on the revised eIDAS regulatory framework as well as the exchange of evidence as set out in article 14 the Single Digital Gateway Regulation. The broader objective of European Digital Identity is to improve citizens access to highly trusted and secure electronic identity means and trust services such as digital signatures, improve citizens possibilities to use them and improve their ability to control over sharing their personal identity data.

The concept of SSI was designed with the citizen and privacy in mind. However, existing implementations lack user-friendliness (e.g. showing hash codes to users), creating potential barriers in users adoption. OnboardSSI focuses on providing a secure and user-friendly wallet solution creating an easier way for citizens to manage their identity.

The context of the eSSIF-Lab vision can be found in articles 8-10 of the European Convention on Human Rights (ECHR), that state the rights of individuals regarding their privacy, and their freedoms to collect, process, store, and express information in a self-sovereign fashion, i.e. in a way that they can decide for themselves.

2nd tranche winners are the following:

  1. Verifier Universal Interface by Gataca España S.L. – Building Standard APIs for Verifier components to enable SSI interoperability
  2. Automated data agreements to simplify SSI work flows by LCubed AB (operated under the brand iGrant.io)  Adopt SSI and make it consumable for both organisations and end-users
  3. Presentation Exchange - Credential Query Infra by Sphereon B.V. – Presentation Exchange Interop and Integration
  4. Letstrust.org by SSI Fabric GmbH  Self-Sovereign Identity for everyone: Enterprise & Consumer Cloud Wallet (OIDC-based), Credentials & SDKs as a basis for applications - free
  5. SSI Java Libraries by Danube Tech GmbH  Improving and completing a set of generic, open-source Java libraries for working with DIDs and VCs
  6. WordPreSSI Login by Associazione Blockchain Italia  SSI Login for every WordPress site
  7. NFC DID VC Bridge by Gimly  Enabling the use of NFC secure elements as DID and VC transport for off-line and online identity, authorizations and access management
  • The eSSIF-Lab (European Self Sovereign Identity Framework) has announced the winners of two of its different calls for funding

Creating EBSI's Verifiable Credentials Profile containing all the EBSI specifications.

In this document, you can learn how to onboard and accredit the following legal entities

  • EBSI Onboarding Service (EOS)
  • Trusted Accreditation Organisation (TAO)
  • Trusted Issuer (TI)

if you wonder how many of us, users, can really take advantage of PKI for identifying ourselves on the internet, the answer is quite deceiving. This mature technology has been available for decades but has never become mainstream among the society for identifying end users.

In the graphic below we reorganised and regrouped the stakeholders to map the requirements for the eIDAS toolbox architecture onto a SSI framework (Self-Sovereign Identity framework).

Broadly, we at Evernym/Avast are impressed with the content and the underlying principles in the Framework. Theres a lot that we like, but there are also some areas of significant concern that need careful attention.

The uptake of eIDAS (facilitating cross-border acceptance of eIDs) is low relative to the technical capacity of states; only 15 of the 27 Member States able to fulfil the regulations requirements of accepting the eIDs of other Member States for public services.

The EU Commission did reflect on the effectiveness of the regulation in its Impact Assessment, and is developing a revision of it. There are multiple revision options being discussed, but thus far, the preferred option would establish a framework that provides citizens with optional use of a personal digital wallet

Governmental entities act as important intermediaries for many transactions occurring in today´s society.

In the era of misinformation, digital fraud has become a challenge that is essential to address.

Governments and the societies they serve need technology capable of verifying the authenticity of the information they handle.

As we build the European regulatory framework, in the transfer from paper to digital, a key question arises: how to share official documents, called evidences or credentials in a way that can be trusted?

we have done extensive research & development into a use-case to let employees regain control over their career-related data. Therefore receiving the maximum development grant of €106.000 (funded by the European Commission) to bring our MVP into production.

  • PCDS-DP - Product Circularity Data Sheets Digital Passport
  • ESSIF 4 Logistics - SSI based authorization for cross- border government and business representatives in logistics
  • Symfoni AS - Infrastructure to facilitate payments for verifiable credentials
  • Datarella GmbH - Go Aries Enabling CL-Support on Aries Framework Go

for the user interface, data storage, cryptographic protocols, sensitive cryptographic material and eID mean modules. "Requirements and Solution CNECT/LUX/2022/OP/0011"

We are glad to be among the first few along with @ValidatedID @danube @GATACA_ID @walt_id @DXCTechnology @CIMEA_Naric @identyum @ThalesDigiSec @posteitaliane

The new proposal will pivot on some of the more key issues that held back the original framework. For example, instead of enforcing a single, rigid ID that openly reveals everything about an individual indefinitely, the eIDAS 2.0 structure can now potentially employ a flexible, self-sovereign identity (SSI) that puts control of all identifying information entirely into the hands of the end-users they pertain to, in both public and private partnership frameworks.

The information on Horizon Europe, EU Health, Digital Europe, Creative Europe, Digital Single Market, Citizens, Equality, Rights, and Values Programme were shared by the experts and also the representatives of the organizations that have project experience within the scope of these EU programs shared the achievements, outputs, challenges, lessons learned and cooperation processes with EU member states in the projects they implemented.

  • [...]

Watch all the presentations from the event: 11 May 2022, 12 May 2022

EBSI

#1 EBSI combines W3C standards, Verifiable Credentials and DIDs, with blockchain technology for the purpose of information sharing between Citizens and Governments (C2G) or Businesses (C2B)

#2 Self-Sovereign Information Sharing should help verification, not control

#3 EBSI uses blockchain where it makes sense: to support the verification of Verifiable Crede

#4 EBSI contributes to an open market of SSI digital technologies and services

#5 EBSI successfully piloted Self-Sovereign Information Sharing in the education domain

EBSI is a blockchain network of distributed nodes across Europe to support important applications. [...] Below you will find a series of publications that will walk you through the technologies that make it possible for Public Administrations and Businesses to easily verify and trust information received directly from Citizens (or Businesses). There are PDFs of each one:

  • Verifiable Credentials Explained
  • Verifiable Credentials in Action
  • Decentralized Identifiers (DID) Methods
  • Digital Identity
  • Issuers Trust Model
  • OpenID Connect for VCs
  • Digital Wallet

EBSI: Innovation that respects our privacy is a joint effort

ONeills Weapons of Math destruction, Zuboffs Surveillance Capitalism, and Véliz recent Privacy is Power: these may have made it onto your summer reading list. And for good reason: wherever there is new technology, there is also concern for the respect of our European values.

Explainer: eIDAS 2.0 - Introduction to The European Digital Identity Wallet & The Evolution of Self-Sovereign Identity

Until now, the eIDAS regulation has only focused on online identification. However, the new proposal eIDAS 2.0 aims to extend identity to the world of physical services which can be accessed from anywhere around the globe.

After a tough competition among overall excellent proposals, eSSIF-LAB selected the 4 most promising proposals out of 42 submitted applications. 161 applications were started altogether, from 22 different countries. This booklet gives an overview of the 4 Open Calls subgrantee projects started within the infrastructure-oriented and the business-oriented track of eSSIF-Lab.

The web is increasingly more distributed, and with it, a new pattern of information sharing is emerging: Self Sovereign Information sharing, where citizens stay in control of their information by choosing what and when to disclose it, and to whom EBSI enables self-sovereign Citizen-to-Government (C2G) and C2B (Citizen-to-Business) privacy-preserving information sharing.

Right now, many enterprises and organisations are building their own SSI solutions by implementing the existing standards and protocols. Since all these parties do similar work and have to face similar problems, it is critical for the community to share these learnings and experiences openly.

Is the EU discussion about data portability missing a key point?

In its discussion of data portability the EU rightly recognises the economic importance of this issue, stressing that “market imbalances arising from the concentration of data restricts competition, increases market entry barriers and diminishes wider data access and use.”

it is likely that many dApp developers now need an identity solution that preserves privacy but ensures compliance which is exactly the solution that we are building at SelfKey. EU DATA GOVERNANCE ACT MEETS TOIP FRAMEWORK TOIP

The DGA defines an “intermediary” that facilitates processing and sharing of data for individuals and organizations to “…increase trust in data intermediation services and foster data altruism across the EU”. In the MyData framework for user-controlled data sharing, intermediaries are called MyData Operators and there is a certification program in place.

On March 24th, 2022, the European Parliament and Council reached an agreement on the final version of the Digital Markets Act (DMA). According to the European Commission, the DMA regulation is expected to be reviewed and enacted by October 2022.

  • MiCA (Markets in Crypto-Assets Regulation) whose scope covers cryptocurrencies, utility tokens and stablecoins ;
  • the Pilot Regime Regulation for DLT Market Infrastructures (PRR) project. With these two texts, the Commissions goal is to regulate crypto-asset players and not the assets as such.

One of MyDex CICs founders, Alan Mitchell shares a feeling of Vindication in a post celebrating the companies early articulation of key principles and how the EUs proposed new Data Governance Act aligns with that.

These providers will have to comply with a number of requirements, in particular the requirement to remain neutral as regards the data exchanged. They cannot use such data for other purposes. In the case of providers of data sharing services offering services for natural persons, the additional criterion of assuming fiduciary duties towards the individuals using them will also have to be met.

Would we rather have a high level of security or self-sovereignty? Unfortunately, the two aspects are at different ends of the spectrum. If we only allow pre-verified and approved parties to retrieve identity data, as currently envisaged by the eIDAS regulation, this severely restricts usage

  1. Invest in a public/private partnership to co-develop a self-sovereign identity solution for Europe.

The intention of the European Commission is to allow or even force acceptance in a wide range of sectors in the public and private domain and thereby ensure that identities are as wisely usable as possible (interoperability). The principle of consent will also be met, as it is already fulfilled with current eID solutions notified under eIDAS and other EU regulations, such as GDPR and PSD2. One of the explicit requirements of the proposal is selective disclosure, in line with GDPRs rules on data minimalisation.

Updates to the framework include new guidance on creating a consistent approach on user experience, rules on how to manage digital identity accounts, clearer definitions for the frameworks role and details on how organisations will be certified.

Lets examine how SSI meets each of the articles from #13 to #22.

“The results of the survey certainly underline the need for this pioneering European initiative aiming at offering the most convenient user experience (UX) at the highest level of security,” the company adds

The main goal of this new program was to provide an implementation of eIDAS bridge and to proof the interoperability between different provider implementations. Validated ID was selected to participate in part of the Call 1 of infrastructure. The results of this project are available as open source. If you are interested in digging into the code, you can find it all in the following repositories: our open source version implementation and the SSI eIDAS Bridge interoperability performed with SICPA.

With the transition to the web 3.0 ecosystem, the development of distributed registries (blockchain technology) and the regulatory environment that is forcing digital players to favour privacy by design, the ISS approach will become the new standard, whether for entering into customer relations, managing digital identities or ensuring compliance of administrative processes in companies and institutions.

The document in particular outlines the EUDI Wallet:

The EU Commission published the long-awaited Data Act on February 23, 2022. This is a progressive legislative proposal to increase access to data for the users of connected products suchs as Iot devices and related services. It is a significant move towards realising the MyData principle of portability, access, and re-use as well as the principle of interoperability. It will potentially also move the needle towards the shift from formal to actionable rights in terms of the right of data portability. With such a progressive agenda, the proposal will certainly also face significant opposition and counter-lobbying from those who stand to benefit from the status quo.

Problem 1: Unique wallet IDs

Problem 2: Remote Wallet Kill Switches

Problem 3: Wallet Content Restrictions

Problem 4: Private Sector Restrictions

Exciting New Opportunities for eIDAS 2.0

Opportunity 1: Basic or Enhanced Wallets

Opportunity 2: Turning Regulations Into Revenue

Opportunity 3: Person-to-Person Verification

Opportunity 4: Secure messaging.

  • New Coalition Launches Campaign for Data Sovereignty Now

    a campaign that will press European policy makers at all levels to ensure that control of data remains in the hands of the people and organizations that generate it. The issue becomes ever more urgent as policies around Europes digital economy and data architecture start to solidify.