SlideShare a Scribd company logo
1 of 25
Download to read offline
SSI Meetup 52 – eSSIF Lab
Tuesday, March 31st, 2020
Rieks Joosten
rieks.joosten@tno.nl
Oskar van Deventer
oskar.vandeventer@tno.nl
The NGI ESSIF-LAB project has received funding from the European Union’s
Horizon 2020 Research and Innovation Programme under Grant Agreement No 871932
CC BY-SA 4.0 SSIMeetup.org
1. Empower global SSI communities
2. Open to everyone interested in SSI
3. All content is shared with CC BY SA
Alex Preukschat @SSIMeetup @AlexPreukschat
Coordinating Node SSIMeetup.org
SSIMeetup objectives
SSIMeetup.orgssimeetup.org · CC BY-SA 4.0 International
LESS Identity & Trustless Identity
Two Major Tracks:
LESS Identity
“Legally-Enabled Self-Sovereign”
Identity*
Key characteristics:
● Minimum Disclosure
● Full Control
● Necessary Proofs
● Legally-Enabled
2
Trustless Identity
Or more properly “Trust
Minimized” Identity
Key characteristics:
● Anonymity
● Web of Trust
● Censorship Resistance
● Defend Human Rights vs. Powerful
Actors (nation states, multi-national
corps, mafias, etc.)
* Originally coined by Tim Bouma (@trbouma) https://medium.com/@trbouma/less-identity-65f65d87f56b
CC BY-SA 4.0 SSIMeetup.org
3
It has
verifiable
credentials
It has a
business
model
It has an
invitation
protocol
It has a
credential
catalogue It has an
credentials
query
protocol
It has
decentralised
identifiers
CC BY-SA 4.0 SSIMeetup.org
4
“Remember when, on the Internet, nobody knew who you were?”
CC BY-SA 4.0 SSIMeetup.org
5
CC BY-SA 4.0 SSIMeetup.org
6
Citizen fills
in form
Application
Form
A wealth of other examples exist in
other domains, e.g.:
- Finance
- Health
- Education
- Etcetera …
CC BY-SA 4.0 SSIMeetup.org
7
Citizen fills
in form
Application
Form
Civil servant
validates data
Store ‘clean’
Application forms
Make a decision:
Grant/Reject
(Already validated) data
from other IT systems may
be added to the forms
CC BY-SA 4.0 SSIMeetup.org
• User complaints
• I do not undersand the form (language).
• I do not know where to get the requested data.
• I don’t want to physically go places (municipality,
medical specialist) to get the requested data.
• I do not know if the data is good/acceptable.
• What bureaucracy!
• I don’t know any more – I give up.
• Validation challenges for the business
• How to properly instruct the people that validate forms?
• How to support them with IT (e.g. links with systems of
relevant authorities) – fully automated, or where they
have to login with username/password?
• What is the fallback in case of validator mistakes?
• How do I control the cost of validation?
• How do validation and rectification impact lead time?
8
Business Dilemma:
Pay the Price or Run the Risk
Impact: Societal Divide
Citizens that cannot complete
forms will not get the benefits
they are entitled to
CC BY-SA 4.0 SSIMeetup.org
digital
9
CC BY-SA 4.0 SSIMeetup.org
10
(Already validated)
data from other IT
systems may be
added to the forms
CC BY-SA 4.0 SSIMeetup.org
User Benefits:
• Inclusivity: you no longer need to be
well-educated in order to fill in forms.
• Speed:
• Collect data electronically 🡪 speed.
• No need to physically go places to collect data.
Organizational Benefits:
• They get quality data, i.e.
• It means what it is supposed to mean;
• Data is verified by party that the organization itself trusts.
• Validation of data is easy:
• Cryptographic check on provenance and integrity of data;
• Electronic check op actuality.
• Higher customer/citizen satisfaction
🡪
higher filling in and success rates
resulting from faster decision making and
because users do not give up any more.
• Do away with IT-links that supply data that can now be
reliably and trustworthily be supplied by the users.
• Support for GDPR e.g. digitally providing purpose and other
meta data helps enforce the right of transparent information,
access, data portability, restriction of processing, etc.).
• New business opportunities arise because many more
kinds of data can become available.
11
• Ease:
• Minimize typing data.
• No need to upload PDFs.
• Minimize frustration.
CC BY-SA 4.0 SSIMeetup.org
= Objective Interoperable Tech:
• Functionally specified components …
(Apps, Agents, Wallets, Proxies, etc.)
• … for the exchange of Credentials/Attestations …
(W3C VCs, X.509 attr. Certs, ABCs, OIDC tokens,
SAML tokens, BlockCerts, OpenCerts, etc.)
• … over secured connections …
(traditional (e.g. SSL) en new (e.g. DIDComm))
• … that have connections (APIs) for legacy …
(webservers, WordPress, …)
• … and do not require tedious logins
(but do not forbid that either)
= Subjective Information Processing:
• Every party (individual, enterprise, government),
regardless of the vertical it is in
(admin, finance, health, telecom, energy, etc.)
• … must think (self-sovereignly) about the online
transactions it wants to participate in and the
business rules/policies for committing, …
(e.g. what data is needed, who is trusted as an issuer for
such data, what it means, liabilities, etc.)
• … establish processes for integrating SSI …
(e.g. for designing forms, annotating them with
credentials/attestation requests, etc.)
• … and create business-cases for driving adoption
and/or transformation.
We need to organize the
infrastructure collectively
… allowing it to be used
in individual use-cases
12
CC BY-SA 4.0 SSIMeetup.org
CC BY-SA 4.0
Business Oriented Topics:
• Credential catalogue
• Yellow pages service
• Webshop SSI business plugins
• Usability (for different verticals and/or
personal preferences)
• Lowering transformation barriers
• GDPR support/violation detection
• Attestation services (e.g. for application
integrity, functionality)
• Specification of credential types for
guardianship, mandates, delegation (and the
validation thereof)
Tech Infra Oriented topics
• Secure Credential Storage (wallet/hubs)
• SSI phone Apps and/or browser add-ons that
work with different kinds of credentials (e.g.
VCs, ABCs, …)
• Web server proxies that implement, or connect
with components for the various SSI roles
• Revocation service that allows verifier to
check for revocation of a credential any time
after having received it
• ‘On the fly' requesting the issuance of a
credential if it is asked for, but missing in the
wallet
• Cryptographically enforceable issuer policies
13
SSIMeetup.org
EU H2020 NGI
Infra open call Buss open call #1 Buss open call #2
SubgranteeSubgranteeSubgrantee
7 M€
3.1 M€ 1.27 M€ 1.22 M€
SubgranteeSubgranteeSubgrantee
SubgranteeSubgranteeSubgrantee
Technical & business mentoring for
subgrantees of buss open calls
Max 155 k€ per subgrantee Max 106 k€ per subgrantee Max 106 k€ per subgrantee
14
CC BY-SA 4.0 SSIMeetup.org
Infrastructure Open Call
• SSI architecture development
• Open-source SSI component development
• Agile development, integration, interoperability, testing
Business Open Call #1
• Generic SSI functionality, software & services
• Commercial, competitive
• Open source or proprietary as needed
Business Open Call #2
• Sector and application specific functionality,
software & services based on SSI
• Commercial, competitive
• Open source or proprietary as needed
Open-source
SSI components
Market
feedback
Products &
services
Customer
feedback
Round 1
Round 2
SSI vision &
architecture
Market
feedback
15
CC BY-SA 4.0 SSIMeetup.org
Business Open Call #2
Business Open Call #1
Infrastructure Open Call
*In coordination/liaison with
CEF EBSI eSSIF, EC NGI
and others
16
CC BY-SA 4.0 SSIMeetup.org
• Buss. Open Call (BOC)#1 opens: March 1, 2020
• BOC#1 closes: April 30, 2020 (13:00 CEST)
• Evaluation, establish sub-grant agreements:
beginning of August 2020.
The work starts September 2020 (=M1)
• Infra Open Call (IOC) opens: March 1, 2020
• IOC closes: June 30, 2020, or
when 25 eligible proposals are received
(but not before April 31st
).
• Evaluation, est. sub-grant agreements: 3+1 month after
closure of call. Then, the work starts.
17
CC BY-SA 4.0 SSIMeetup.org
•eSSIF-Lab home page
•Vision, purpose
•Functional architecture
•eSSIF-Lab Gitlab repo
•Infrastructure Open Call
•Business Open Call #1
18
CC BY-SA 4.0 SSIMeetup.org
Thank you for your attention
Take a look:
SSIMeetup.orgssimeetup.org · CC BY-SA 4.0 International
• Mean processingcosts:
• N-1
* cost of form design +
• Cost of validation +
• Cost of decisionmaking
• Validationcost for establishing a bank
account: > 100 €.
• Estimate of yearly validation cost in NL:
> 1.000.000.000 € / year.
• From days-months to minutes
• From days/weeks to seconds
• Average lead time =
• average time to fill in form +
• Mean time for data transport +
• average time for validation +
• average time for deciding
• # IT-Links that can be reduced. • ??? Per Link? Per organisation?
Money
Time
IT-Links
20
CC BY-SA 4.0 SSIMeetup.org
21
check for expiry and revocations
SSI-Agent
(Holder, or
Wallet)
SSI-Agent
(Verifier)
Process info
request, i.e.
collect data
(attestations)
for responding;
and construct
the response
Request form metadata
Send form structure, attestation
requirements and other meta-data
Data/attestations that
satisfy the requirements
Commit / decline
SSI-Agent
(Issuer role)
Apply the business logic
(outside scope of SSI)
and decide to commit (or decline).
Public Ledger
register revocations
obtain missing data (attestations)
Check attestations,
i.e. the proofs of
integrity, provenance
Scan QR-code
register revocations
register revocations
CC BY-SA 4.0 SSIMeetup.org
Validate attestation
i.e. check proof of
integrity and
provenance
Make credential
and create proof
of integrity and
provenance
22
Request a
prod./svc.
Provide the
prod./svc.Party
(Holder role)
Issue
Credential
Request
Credential
Request
attestations
Share
attestations
Party
(Issuer role)
Party
(verifier role)
CC BY-SA 4.0 SSIMeetup.org
23
Infrastructure
that is not used
has no use.
CC BY-SA 4.0 SSIMeetup.org
24
CC BY-SA 4.0 SSIMeetup.org

More Related Content

More from SSIMeetup

PolygonID Zero-Knowledge Identity Web2 & Web3
PolygonID Zero-Knowledge Identity Web2 & Web3PolygonID Zero-Knowledge Identity Web2 & Web3
PolygonID Zero-Knowledge Identity Web2 & Web3SSIMeetup
 
Building SSI Products: A Guide for Product Managers
Building SSI Products: A Guide for Product ManagersBuilding SSI Products: A Guide for Product Managers
Building SSI Products: A Guide for Product ManagersSSIMeetup
 
Solving compliance for crypto businesses using Decentralized Identity – Pelle...
Solving compliance for crypto businesses using Decentralized Identity – Pelle...Solving compliance for crypto businesses using Decentralized Identity – Pelle...
Solving compliance for crypto businesses using Decentralized Identity – Pelle...SSIMeetup
 
The Pan-Canadian Trust Framework (PCTF) for SSI
The Pan-Canadian Trust Framework (PCTF) for SSIThe Pan-Canadian Trust Framework (PCTF) for SSI
The Pan-Canadian Trust Framework (PCTF) for SSISSIMeetup
 
Identity-centric interoperability with the Ceramic Protocol
Identity-centric interoperability with the Ceramic ProtocolIdentity-centric interoperability with the Ceramic Protocol
Identity-centric interoperability with the Ceramic ProtocolSSIMeetup
 
The SSI Ecosystem in South Korea
The SSI Ecosystem in South KoreaThe SSI Ecosystem in South Korea
The SSI Ecosystem in South KoreaSSIMeetup
 
Introducing the SSI eIDAS Legal Report – Ignacio Alamillo
Introducing the SSI eIDAS Legal Report – Ignacio AlamilloIntroducing the SSI eIDAS Legal Report – Ignacio Alamillo
Introducing the SSI eIDAS Legal Report – Ignacio AlamilloSSIMeetup
 
Learn about the Trust Over IP (ToIP) stack
Learn about the Trust Over IP (ToIP) stackLearn about the Trust Over IP (ToIP) stack
Learn about the Trust Over IP (ToIP) stackSSIMeetup
 
How to avoid another identity nightmare with SSI? Christopher Allen
How to avoid another identity nightmare with SSI? Christopher AllenHow to avoid another identity nightmare with SSI? Christopher Allen
How to avoid another identity nightmare with SSI? Christopher AllenSSIMeetup
 
Self-Sovereign Identity: Ideology and Architecture with Christopher Allen
Self-Sovereign Identity: Ideology and Architecture with Christopher AllenSelf-Sovereign Identity: Ideology and Architecture with Christopher Allen
Self-Sovereign Identity: Ideology and Architecture with Christopher AllenSSIMeetup
 
eIDAS regulation: anchoring trust in Self-Sovereign Identity systems
eIDAS regulation: anchoring trust in Self-Sovereign Identity systemseIDAS regulation: anchoring trust in Self-Sovereign Identity systems
eIDAS regulation: anchoring trust in Self-Sovereign Identity systemsSSIMeetup
 
Explaining SSI to C-suite executives, and anyone else for that matter
Explaining SSI to C-suite executives, and anyone else for that matterExplaining SSI to C-suite executives, and anyone else for that matter
Explaining SSI to C-suite executives, and anyone else for that matterSSIMeetup
 
Decentralized Identifier (DIDs) fundamentals deep dive
Decentralized Identifier (DIDs) fundamentals deep diveDecentralized Identifier (DIDs) fundamentals deep dive
Decentralized Identifier (DIDs) fundamentals deep diveSSIMeetup
 
The 2nd Official W3C DID Working Group Meeting (The Netherlands)
The 2nd Official W3C DID Working Group Meeting (The Netherlands)The 2nd Official W3C DID Working Group Meeting (The Netherlands)
The 2nd Official W3C DID Working Group Meeting (The Netherlands)SSIMeetup
 
The Hyperledger Indy Public Blockchain Node
The Hyperledger Indy Public Blockchain NodeThe Hyperledger Indy Public Blockchain Node
The Hyperledger Indy Public Blockchain NodeSSIMeetup
 
Peer DIDs: a secure and scalable method for DIDs that’s entirely off-ledger –...
Peer DIDs: a secure and scalable method for DIDs that’s entirely off-ledger –...Peer DIDs: a secure and scalable method for DIDs that’s entirely off-ledger –...
Peer DIDs: a secure and scalable method for DIDs that’s entirely off-ledger –...SSIMeetup
 
Streetcred: Improving the Developer Experience in SSI – Michael Boyd
Streetcred: Improving the Developer Experience in SSI – Michael BoydStreetcred: Improving the Developer Experience in SSI – Michael Boyd
Streetcred: Improving the Developer Experience in SSI – Michael BoydSSIMeetup
 
Blockcerts: The Open Standard for Blockchain Credentials
Blockcerts: The Open Standard for Blockchain CredentialsBlockcerts: The Open Standard for Blockchain Credentials
Blockcerts: The Open Standard for Blockchain CredentialsSSIMeetup
 
Internet Identity Workshop #29 highlights with Drummond Reed
Internet Identity Workshop #29 highlights with Drummond ReedInternet Identity Workshop #29 highlights with Drummond Reed
Internet Identity Workshop #29 highlights with Drummond ReedSSIMeetup
 
Kiva protocol: building the credit bureau of the future using SSI
Kiva protocol: building the credit bureau of the future using SSIKiva protocol: building the credit bureau of the future using SSI
Kiva protocol: building the credit bureau of the future using SSISSIMeetup
 

More from SSIMeetup (20)

PolygonID Zero-Knowledge Identity Web2 & Web3
PolygonID Zero-Knowledge Identity Web2 & Web3PolygonID Zero-Knowledge Identity Web2 & Web3
PolygonID Zero-Knowledge Identity Web2 & Web3
 
Building SSI Products: A Guide for Product Managers
Building SSI Products: A Guide for Product ManagersBuilding SSI Products: A Guide for Product Managers
Building SSI Products: A Guide for Product Managers
 
Solving compliance for crypto businesses using Decentralized Identity – Pelle...
Solving compliance for crypto businesses using Decentralized Identity – Pelle...Solving compliance for crypto businesses using Decentralized Identity – Pelle...
Solving compliance for crypto businesses using Decentralized Identity – Pelle...
 
The Pan-Canadian Trust Framework (PCTF) for SSI
The Pan-Canadian Trust Framework (PCTF) for SSIThe Pan-Canadian Trust Framework (PCTF) for SSI
The Pan-Canadian Trust Framework (PCTF) for SSI
 
Identity-centric interoperability with the Ceramic Protocol
Identity-centric interoperability with the Ceramic ProtocolIdentity-centric interoperability with the Ceramic Protocol
Identity-centric interoperability with the Ceramic Protocol
 
The SSI Ecosystem in South Korea
The SSI Ecosystem in South KoreaThe SSI Ecosystem in South Korea
The SSI Ecosystem in South Korea
 
Introducing the SSI eIDAS Legal Report – Ignacio Alamillo
Introducing the SSI eIDAS Legal Report – Ignacio AlamilloIntroducing the SSI eIDAS Legal Report – Ignacio Alamillo
Introducing the SSI eIDAS Legal Report – Ignacio Alamillo
 
Learn about the Trust Over IP (ToIP) stack
Learn about the Trust Over IP (ToIP) stackLearn about the Trust Over IP (ToIP) stack
Learn about the Trust Over IP (ToIP) stack
 
How to avoid another identity nightmare with SSI? Christopher Allen
How to avoid another identity nightmare with SSI? Christopher AllenHow to avoid another identity nightmare with SSI? Christopher Allen
How to avoid another identity nightmare with SSI? Christopher Allen
 
Self-Sovereign Identity: Ideology and Architecture with Christopher Allen
Self-Sovereign Identity: Ideology and Architecture with Christopher AllenSelf-Sovereign Identity: Ideology and Architecture with Christopher Allen
Self-Sovereign Identity: Ideology and Architecture with Christopher Allen
 
eIDAS regulation: anchoring trust in Self-Sovereign Identity systems
eIDAS regulation: anchoring trust in Self-Sovereign Identity systemseIDAS regulation: anchoring trust in Self-Sovereign Identity systems
eIDAS regulation: anchoring trust in Self-Sovereign Identity systems
 
Explaining SSI to C-suite executives, and anyone else for that matter
Explaining SSI to C-suite executives, and anyone else for that matterExplaining SSI to C-suite executives, and anyone else for that matter
Explaining SSI to C-suite executives, and anyone else for that matter
 
Decentralized Identifier (DIDs) fundamentals deep dive
Decentralized Identifier (DIDs) fundamentals deep diveDecentralized Identifier (DIDs) fundamentals deep dive
Decentralized Identifier (DIDs) fundamentals deep dive
 
The 2nd Official W3C DID Working Group Meeting (The Netherlands)
The 2nd Official W3C DID Working Group Meeting (The Netherlands)The 2nd Official W3C DID Working Group Meeting (The Netherlands)
The 2nd Official W3C DID Working Group Meeting (The Netherlands)
 
The Hyperledger Indy Public Blockchain Node
The Hyperledger Indy Public Blockchain NodeThe Hyperledger Indy Public Blockchain Node
The Hyperledger Indy Public Blockchain Node
 
Peer DIDs: a secure and scalable method for DIDs that’s entirely off-ledger –...
Peer DIDs: a secure and scalable method for DIDs that’s entirely off-ledger –...Peer DIDs: a secure and scalable method for DIDs that’s entirely off-ledger –...
Peer DIDs: a secure and scalable method for DIDs that’s entirely off-ledger –...
 
Streetcred: Improving the Developer Experience in SSI – Michael Boyd
Streetcred: Improving the Developer Experience in SSI – Michael BoydStreetcred: Improving the Developer Experience in SSI – Michael Boyd
Streetcred: Improving the Developer Experience in SSI – Michael Boyd
 
Blockcerts: The Open Standard for Blockchain Credentials
Blockcerts: The Open Standard for Blockchain CredentialsBlockcerts: The Open Standard for Blockchain Credentials
Blockcerts: The Open Standard for Blockchain Credentials
 
Internet Identity Workshop #29 highlights with Drummond Reed
Internet Identity Workshop #29 highlights with Drummond ReedInternet Identity Workshop #29 highlights with Drummond Reed
Internet Identity Workshop #29 highlights with Drummond Reed
 
Kiva protocol: building the credit bureau of the future using SSI
Kiva protocol: building the credit bureau of the future using SSIKiva protocol: building the credit bureau of the future using SSI
Kiva protocol: building the credit bureau of the future using SSI
 

Recently uploaded

Cybersecurity Threats and Cybersecurity Best Practices
Cybersecurity Threats and Cybersecurity Best PracticesCybersecurity Threats and Cybersecurity Best Practices
Cybersecurity Threats and Cybersecurity Best PracticesLumiverse Solutions Pvt Ltd
 
Summary IGF 2013 Bali - English (tata kelola internet / internet governance)
Summary  IGF 2013 Bali - English (tata kelola internet / internet governance)Summary  IGF 2013 Bali - English (tata kelola internet / internet governance)
Summary IGF 2013 Bali - English (tata kelola internet / internet governance)ICT Watch - Indonesia
 
办理澳洲USYD文凭证书学历认证【Q微/1954292140】办理悉尼大学毕业证书真实成绩单GPA修改/办理澳洲大学文凭证书Offer录取通知书/在读证明...
办理澳洲USYD文凭证书学历认证【Q微/1954292140】办理悉尼大学毕业证书真实成绩单GPA修改/办理澳洲大学文凭证书Offer录取通知书/在读证明...办理澳洲USYD文凭证书学历认证【Q微/1954292140】办理悉尼大学毕业证书真实成绩单GPA修改/办理澳洲大学文凭证书Offer录取通知书/在读证明...
办理澳洲USYD文凭证书学历认证【Q微/1954292140】办理悉尼大学毕业证书真实成绩单GPA修改/办理澳洲大学文凭证书Offer录取通知书/在读证明...vmzoxnx5
 
Summary ID-IGF 2016 National Dialogue - English (tata kelola internet / int...
Summary  ID-IGF 2016 National Dialogue  - English (tata kelola internet / int...Summary  ID-IGF 2016 National Dialogue  - English (tata kelola internet / int...
Summary ID-IGF 2016 National Dialogue - English (tata kelola internet / int...ICT Watch - Indonesia
 
Unidad 4 – Redes de ordenadores (en inglés).pptx
Unidad 4 – Redes de ordenadores (en inglés).pptxUnidad 4 – Redes de ordenadores (en inglés).pptx
Unidad 4 – Redes de ordenadores (en inglés).pptxmibuzondetrabajo
 
Company Snapshot Theme for Business by Slidesgo.pptx
Company Snapshot Theme for Business by Slidesgo.pptxCompany Snapshot Theme for Business by Slidesgo.pptx
Company Snapshot Theme for Business by Slidesgo.pptxMario
 
IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119APNIC
 
TRENDS Enabling and inhibiting dimensions.pptx
TRENDS Enabling and inhibiting dimensions.pptxTRENDS Enabling and inhibiting dimensions.pptx
TRENDS Enabling and inhibiting dimensions.pptxAndrieCagasanAkio
 
How to login to Router net ORBI LOGIN...
How to login to Router net ORBI LOGIN...How to login to Router net ORBI LOGIN...
How to login to Router net ORBI LOGIN...rrouter90
 

Recently uploaded (9)

Cybersecurity Threats and Cybersecurity Best Practices
Cybersecurity Threats and Cybersecurity Best PracticesCybersecurity Threats and Cybersecurity Best Practices
Cybersecurity Threats and Cybersecurity Best Practices
 
Summary IGF 2013 Bali - English (tata kelola internet / internet governance)
Summary  IGF 2013 Bali - English (tata kelola internet / internet governance)Summary  IGF 2013 Bali - English (tata kelola internet / internet governance)
Summary IGF 2013 Bali - English (tata kelola internet / internet governance)
 
办理澳洲USYD文凭证书学历认证【Q微/1954292140】办理悉尼大学毕业证书真实成绩单GPA修改/办理澳洲大学文凭证书Offer录取通知书/在读证明...
办理澳洲USYD文凭证书学历认证【Q微/1954292140】办理悉尼大学毕业证书真实成绩单GPA修改/办理澳洲大学文凭证书Offer录取通知书/在读证明...办理澳洲USYD文凭证书学历认证【Q微/1954292140】办理悉尼大学毕业证书真实成绩单GPA修改/办理澳洲大学文凭证书Offer录取通知书/在读证明...
办理澳洲USYD文凭证书学历认证【Q微/1954292140】办理悉尼大学毕业证书真实成绩单GPA修改/办理澳洲大学文凭证书Offer录取通知书/在读证明...
 
Summary ID-IGF 2016 National Dialogue - English (tata kelola internet / int...
Summary  ID-IGF 2016 National Dialogue  - English (tata kelola internet / int...Summary  ID-IGF 2016 National Dialogue  - English (tata kelola internet / int...
Summary ID-IGF 2016 National Dialogue - English (tata kelola internet / int...
 
Unidad 4 – Redes de ordenadores (en inglés).pptx
Unidad 4 – Redes de ordenadores (en inglés).pptxUnidad 4 – Redes de ordenadores (en inglés).pptx
Unidad 4 – Redes de ordenadores (en inglés).pptx
 
Company Snapshot Theme for Business by Slidesgo.pptx
Company Snapshot Theme for Business by Slidesgo.pptxCompany Snapshot Theme for Business by Slidesgo.pptx
Company Snapshot Theme for Business by Slidesgo.pptx
 
IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119
 
TRENDS Enabling and inhibiting dimensions.pptx
TRENDS Enabling and inhibiting dimensions.pptxTRENDS Enabling and inhibiting dimensions.pptx
TRENDS Enabling and inhibiting dimensions.pptx
 
How to login to Router net ORBI LOGIN...
How to login to Router net ORBI LOGIN...How to login to Router net ORBI LOGIN...
How to login to Router net ORBI LOGIN...
 

eSSIF-Lab: creating & funding an interoperable SSI infrastructure in Europe

  • 1. SSI Meetup 52 – eSSIF Lab Tuesday, March 31st, 2020 Rieks Joosten rieks.joosten@tno.nl Oskar van Deventer oskar.vandeventer@tno.nl The NGI ESSIF-LAB project has received funding from the European Union’s Horizon 2020 Research and Innovation Programme under Grant Agreement No 871932 CC BY-SA 4.0 SSIMeetup.org
  • 2. 1. Empower global SSI communities 2. Open to everyone interested in SSI 3. All content is shared with CC BY SA Alex Preukschat @SSIMeetup @AlexPreukschat Coordinating Node SSIMeetup.org SSIMeetup objectives SSIMeetup.orgssimeetup.org · CC BY-SA 4.0 International
  • 3. LESS Identity & Trustless Identity Two Major Tracks: LESS Identity “Legally-Enabled Self-Sovereign” Identity* Key characteristics: ● Minimum Disclosure ● Full Control ● Necessary Proofs ● Legally-Enabled 2 Trustless Identity Or more properly “Trust Minimized” Identity Key characteristics: ● Anonymity ● Web of Trust ● Censorship Resistance ● Defend Human Rights vs. Powerful Actors (nation states, multi-national corps, mafias, etc.) * Originally coined by Tim Bouma (@trbouma) https://medium.com/@trbouma/less-identity-65f65d87f56b CC BY-SA 4.0 SSIMeetup.org
  • 4. 3 It has verifiable credentials It has a business model It has an invitation protocol It has a credential catalogue It has an credentials query protocol It has decentralised identifiers CC BY-SA 4.0 SSIMeetup.org
  • 5. 4 “Remember when, on the Internet, nobody knew who you were?” CC BY-SA 4.0 SSIMeetup.org
  • 6. 5 CC BY-SA 4.0 SSIMeetup.org
  • 7. 6 Citizen fills in form Application Form A wealth of other examples exist in other domains, e.g.: - Finance - Health - Education - Etcetera … CC BY-SA 4.0 SSIMeetup.org
  • 8. 7 Citizen fills in form Application Form Civil servant validates data Store ‘clean’ Application forms Make a decision: Grant/Reject (Already validated) data from other IT systems may be added to the forms CC BY-SA 4.0 SSIMeetup.org
  • 9. • User complaints • I do not undersand the form (language). • I do not know where to get the requested data. • I don’t want to physically go places (municipality, medical specialist) to get the requested data. • I do not know if the data is good/acceptable. • What bureaucracy! • I don’t know any more – I give up. • Validation challenges for the business • How to properly instruct the people that validate forms? • How to support them with IT (e.g. links with systems of relevant authorities) – fully automated, or where they have to login with username/password? • What is the fallback in case of validator mistakes? • How do I control the cost of validation? • How do validation and rectification impact lead time? 8 Business Dilemma: Pay the Price or Run the Risk Impact: Societal Divide Citizens that cannot complete forms will not get the benefits they are entitled to CC BY-SA 4.0 SSIMeetup.org
  • 10. digital 9 CC BY-SA 4.0 SSIMeetup.org
  • 11. 10 (Already validated) data from other IT systems may be added to the forms CC BY-SA 4.0 SSIMeetup.org
  • 12. User Benefits: • Inclusivity: you no longer need to be well-educated in order to fill in forms. • Speed: • Collect data electronically 🡪 speed. • No need to physically go places to collect data. Organizational Benefits: • They get quality data, i.e. • It means what it is supposed to mean; • Data is verified by party that the organization itself trusts. • Validation of data is easy: • Cryptographic check on provenance and integrity of data; • Electronic check op actuality. • Higher customer/citizen satisfaction 🡪 higher filling in and success rates resulting from faster decision making and because users do not give up any more. • Do away with IT-links that supply data that can now be reliably and trustworthily be supplied by the users. • Support for GDPR e.g. digitally providing purpose and other meta data helps enforce the right of transparent information, access, data portability, restriction of processing, etc.). • New business opportunities arise because many more kinds of data can become available. 11 • Ease: • Minimize typing data. • No need to upload PDFs. • Minimize frustration. CC BY-SA 4.0 SSIMeetup.org
  • 13. = Objective Interoperable Tech: • Functionally specified components … (Apps, Agents, Wallets, Proxies, etc.) • … for the exchange of Credentials/Attestations … (W3C VCs, X.509 attr. Certs, ABCs, OIDC tokens, SAML tokens, BlockCerts, OpenCerts, etc.) • … over secured connections … (traditional (e.g. SSL) en new (e.g. DIDComm)) • … that have connections (APIs) for legacy … (webservers, WordPress, …) • … and do not require tedious logins (but do not forbid that either) = Subjective Information Processing: • Every party (individual, enterprise, government), regardless of the vertical it is in (admin, finance, health, telecom, energy, etc.) • … must think (self-sovereignly) about the online transactions it wants to participate in and the business rules/policies for committing, … (e.g. what data is needed, who is trusted as an issuer for such data, what it means, liabilities, etc.) • … establish processes for integrating SSI … (e.g. for designing forms, annotating them with credentials/attestation requests, etc.) • … and create business-cases for driving adoption and/or transformation. We need to organize the infrastructure collectively … allowing it to be used in individual use-cases 12 CC BY-SA 4.0 SSIMeetup.org
  • 14. CC BY-SA 4.0 Business Oriented Topics: • Credential catalogue • Yellow pages service • Webshop SSI business plugins • Usability (for different verticals and/or personal preferences) • Lowering transformation barriers • GDPR support/violation detection • Attestation services (e.g. for application integrity, functionality) • Specification of credential types for guardianship, mandates, delegation (and the validation thereof) Tech Infra Oriented topics • Secure Credential Storage (wallet/hubs) • SSI phone Apps and/or browser add-ons that work with different kinds of credentials (e.g. VCs, ABCs, …) • Web server proxies that implement, or connect with components for the various SSI roles • Revocation service that allows verifier to check for revocation of a credential any time after having received it • ‘On the fly' requesting the issuance of a credential if it is asked for, but missing in the wallet • Cryptographically enforceable issuer policies 13 SSIMeetup.org
  • 15. EU H2020 NGI Infra open call Buss open call #1 Buss open call #2 SubgranteeSubgranteeSubgrantee 7 M€ 3.1 M€ 1.27 M€ 1.22 M€ SubgranteeSubgranteeSubgrantee SubgranteeSubgranteeSubgrantee Technical & business mentoring for subgrantees of buss open calls Max 155 k€ per subgrantee Max 106 k€ per subgrantee Max 106 k€ per subgrantee 14 CC BY-SA 4.0 SSIMeetup.org
  • 16. Infrastructure Open Call • SSI architecture development • Open-source SSI component development • Agile development, integration, interoperability, testing Business Open Call #1 • Generic SSI functionality, software & services • Commercial, competitive • Open source or proprietary as needed Business Open Call #2 • Sector and application specific functionality, software & services based on SSI • Commercial, competitive • Open source or proprietary as needed Open-source SSI components Market feedback Products & services Customer feedback Round 1 Round 2 SSI vision & architecture Market feedback 15 CC BY-SA 4.0 SSIMeetup.org
  • 17. Business Open Call #2 Business Open Call #1 Infrastructure Open Call *In coordination/liaison with CEF EBSI eSSIF, EC NGI and others 16 CC BY-SA 4.0 SSIMeetup.org
  • 18. • Buss. Open Call (BOC)#1 opens: March 1, 2020 • BOC#1 closes: April 30, 2020 (13:00 CEST) • Evaluation, establish sub-grant agreements: beginning of August 2020. The work starts September 2020 (=M1) • Infra Open Call (IOC) opens: March 1, 2020 • IOC closes: June 30, 2020, or when 25 eligible proposals are received (but not before April 31st ). • Evaluation, est. sub-grant agreements: 3+1 month after closure of call. Then, the work starts. 17 CC BY-SA 4.0 SSIMeetup.org
  • 19. •eSSIF-Lab home page •Vision, purpose •Functional architecture •eSSIF-Lab Gitlab repo •Infrastructure Open Call •Business Open Call #1 18 CC BY-SA 4.0 SSIMeetup.org
  • 20. Thank you for your attention Take a look: SSIMeetup.orgssimeetup.org · CC BY-SA 4.0 International
  • 21. • Mean processingcosts: • N-1 * cost of form design + • Cost of validation + • Cost of decisionmaking • Validationcost for establishing a bank account: > 100 €. • Estimate of yearly validation cost in NL: > 1.000.000.000 € / year. • From days-months to minutes • From days/weeks to seconds • Average lead time = • average time to fill in form + • Mean time for data transport + • average time for validation + • average time for deciding • # IT-Links that can be reduced. • ??? Per Link? Per organisation? Money Time IT-Links 20 CC BY-SA 4.0 SSIMeetup.org
  • 22. 21 check for expiry and revocations SSI-Agent (Holder, or Wallet) SSI-Agent (Verifier) Process info request, i.e. collect data (attestations) for responding; and construct the response Request form metadata Send form structure, attestation requirements and other meta-data Data/attestations that satisfy the requirements Commit / decline SSI-Agent (Issuer role) Apply the business logic (outside scope of SSI) and decide to commit (or decline). Public Ledger register revocations obtain missing data (attestations) Check attestations, i.e. the proofs of integrity, provenance Scan QR-code register revocations register revocations CC BY-SA 4.0 SSIMeetup.org
  • 23. Validate attestation i.e. check proof of integrity and provenance Make credential and create proof of integrity and provenance 22 Request a prod./svc. Provide the prod./svc.Party (Holder role) Issue Credential Request Credential Request attestations Share attestations Party (Issuer role) Party (verifier role) CC BY-SA 4.0 SSIMeetup.org
  • 24. 23 Infrastructure that is not used has no use. CC BY-SA 4.0 SSIMeetup.org
  • 25. 24 CC BY-SA 4.0 SSIMeetup.org