Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

eSSIF-Lab: creating & funding an interoperable SSI infrastructure in Europe


Published on
Attend this webinar to learn about the eSSIF-Lab (EU H2020) project with Oskar van Deventer and Rieks Joosten from TNO in the Netherlands.

WHY: the eSSIF-Lab vision, objectives, and intended benefits;
WHAT: its (initial) functional architecture/components;
HOW: ways in which you may contribute (and possibly get funded for that).

eSSIF-Lab is an EU H2020 project whose purpose is to fundamentally improve real-life transactions via the Internet, by focusing on next-generation mental models for such next generation transactions, and using SSI technologies and implementations to realize them.

Today, conducting an online business transaction consist of an individual that fills in an online form, which is subsequently processed (data is validated, and a commitment decision is made). Filling in and validating forms can be quite tedious, frustrating, time consuming and costly. Digitally inexperienced people are known to give up on requesting (social) benefits they are entitled to, enlarging the digital divide. But even people with an academic background and years of IT experience find this difficult.

In the SSI-enabled world as eSSIF-Lab sees it, an SSI IT infrastructure can help to find, provide and validate the needed data electronically. This makes filling and processing forms much easier (people no longer have to understand forms, upload pdfs, etc.), much faster (people no longer have to go places to get paperwork) much cheaper (saving tens of billions of euro’s – or even more – on verification/validation costs and IT-links).

The current wealth of SSI-related products, technologies and standards is insufficient for realizing this vision, because it generally lacks interoperability and scalability, and does not address the process- and business levels.

eSSIF-Lab calls for a scalable and interoperable technological infrastructure that is very easy to use by and integrate with (the IT, the processes and the business/policies of) arbitrary organizations and individuals to request, obtain, store and issue data objects whose meaning (semantics), origin (provenance) and integrity can be proved (verified) – which is basically what SSI is all about.

The main task of the eSSIF-Lab consortium is to coordinate between and fund projects of SME’s/startups (from EU/EEA countries) that contribute to the realization of this vision, in terms of technology and/or associated business propositions, and that will work together so as to benefit from each other’s contributions.

Published in: Internet
  • Login to see the comments

  • Be the first to like this

eSSIF-Lab: creating & funding an interoperable SSI infrastructure in Europe

  1. 1. SSI Meetup 52 – eSSIF Lab Tuesday, March 31st, 2020 Rieks Joosten Oskar van Deventer The NGI ESSIF-LAB project has received funding from the European Union’s Horizon 2020 Research and Innovation Programme under Grant Agreement No 871932 CC BY-SA 4.0
  2. 2. 1. Empower global SSI communities 2. Open to everyone interested in SSI 3. All content is shared with CC BY SA Alex Preukschat @SSIMeetup @AlexPreukschat Coordinating Node SSIMeetup objectives · CC BY-SA 4.0 International
  3. 3. LESS Identity & Trustless Identity Two Major Tracks: LESS Identity “Legally-Enabled Self-Sovereign” Identity* Key characteristics: ● Minimum Disclosure ● Full Control ● Necessary Proofs ● Legally-Enabled 2 Trustless Identity Or more properly “Trust Minimized” Identity Key characteristics: ● Anonymity ● Web of Trust ● Censorship Resistance ● Defend Human Rights vs. Powerful Actors (nation states, multi-national corps, mafias, etc.) * Originally coined by Tim Bouma (@trbouma) CC BY-SA 4.0
  4. 4. 3 It has verifiable credentials It has a business model It has an invitation protocol It has a credential catalogue It has an credentials query protocol It has decentralised identifiers CC BY-SA 4.0
  5. 5. 4 “Remember when, on the Internet, nobody knew who you were?” CC BY-SA 4.0
  6. 6. 5 CC BY-SA 4.0
  7. 7. 6 Citizen fills in form Application Form A wealth of other examples exist in other domains, e.g.: - Finance - Health - Education - Etcetera … CC BY-SA 4.0
  8. 8. 7 Citizen fills in form Application Form Civil servant validates data Store ‘clean’ Application forms Make a decision: Grant/Reject (Already validated) data from other IT systems may be added to the forms CC BY-SA 4.0
  9. 9. • User complaints • I do not undersand the form (language). • I do not know where to get the requested data. • I don’t want to physically go places (municipality, medical specialist) to get the requested data. • I do not know if the data is good/acceptable. • What bureaucracy! • I don’t know any more – I give up. • Validation challenges for the business • How to properly instruct the people that validate forms? • How to support them with IT (e.g. links with systems of relevant authorities) – fully automated, or where they have to login with username/password? • What is the fallback in case of validator mistakes? • How do I control the cost of validation? • How do validation and rectification impact lead time? 8 Business Dilemma: Pay the Price or Run the Risk Impact: Societal Divide Citizens that cannot complete forms will not get the benefits they are entitled to CC BY-SA 4.0
  10. 10. digital 9 CC BY-SA 4.0
  11. 11. 10 (Already validated) data from other IT systems may be added to the forms CC BY-SA 4.0
  12. 12. User Benefits: • Inclusivity: you no longer need to be well-educated in order to fill in forms. • Speed: • Collect data electronically 🡪 speed. • No need to physically go places to collect data. Organizational Benefits: • They get quality data, i.e. • It means what it is supposed to mean; • Data is verified by party that the organization itself trusts. • Validation of data is easy: • Cryptographic check on provenance and integrity of data; • Electronic check op actuality. • Higher customer/citizen satisfaction 🡪 higher filling in and success rates resulting from faster decision making and because users do not give up any more. • Do away with IT-links that supply data that can now be reliably and trustworthily be supplied by the users. • Support for GDPR e.g. digitally providing purpose and other meta data helps enforce the right of transparent information, access, data portability, restriction of processing, etc.). • New business opportunities arise because many more kinds of data can become available. 11 • Ease: • Minimize typing data. • No need to upload PDFs. • Minimize frustration. CC BY-SA 4.0
  13. 13. = Objective Interoperable Tech: • Functionally specified components … (Apps, Agents, Wallets, Proxies, etc.) • … for the exchange of Credentials/Attestations … (W3C VCs, X.509 attr. Certs, ABCs, OIDC tokens, SAML tokens, BlockCerts, OpenCerts, etc.) • … over secured connections … (traditional (e.g. SSL) en new (e.g. DIDComm)) • … that have connections (APIs) for legacy … (webservers, WordPress, …) • … and do not require tedious logins (but do not forbid that either) = Subjective Information Processing: • Every party (individual, enterprise, government), regardless of the vertical it is in (admin, finance, health, telecom, energy, etc.) • … must think (self-sovereignly) about the online transactions it wants to participate in and the business rules/policies for committing, … (e.g. what data is needed, who is trusted as an issuer for such data, what it means, liabilities, etc.) • … establish processes for integrating SSI … (e.g. for designing forms, annotating them with credentials/attestation requests, etc.) • … and create business-cases for driving adoption and/or transformation. We need to organize the infrastructure collectively … allowing it to be used in individual use-cases 12 CC BY-SA 4.0
  14. 14. CC BY-SA 4.0 Business Oriented Topics: • Credential catalogue • Yellow pages service • Webshop SSI business plugins • Usability (for different verticals and/or personal preferences) • Lowering transformation barriers • GDPR support/violation detection • Attestation services (e.g. for application integrity, functionality) • Specification of credential types for guardianship, mandates, delegation (and the validation thereof) Tech Infra Oriented topics • Secure Credential Storage (wallet/hubs) • SSI phone Apps and/or browser add-ons that work with different kinds of credentials (e.g. VCs, ABCs, …) • Web server proxies that implement, or connect with components for the various SSI roles • Revocation service that allows verifier to check for revocation of a credential any time after having received it • ‘On the fly' requesting the issuance of a credential if it is asked for, but missing in the wallet • Cryptographically enforceable issuer policies 13
  15. 15. EU H2020 NGI Infra open call Buss open call #1 Buss open call #2 SubgranteeSubgranteeSubgrantee 7 M€ 3.1 M€ 1.27 M€ 1.22 M€ SubgranteeSubgranteeSubgrantee SubgranteeSubgranteeSubgrantee Technical & business mentoring for subgrantees of buss open calls Max 155 k€ per subgrantee Max 106 k€ per subgrantee Max 106 k€ per subgrantee 14 CC BY-SA 4.0
  16. 16. Infrastructure Open Call • SSI architecture development • Open-source SSI component development • Agile development, integration, interoperability, testing Business Open Call #1 • Generic SSI functionality, software & services • Commercial, competitive • Open source or proprietary as needed Business Open Call #2 • Sector and application specific functionality, software & services based on SSI • Commercial, competitive • Open source or proprietary as needed Open-source SSI components Market feedback Products & services Customer feedback Round 1 Round 2 SSI vision & architecture Market feedback 15 CC BY-SA 4.0
  17. 17. Business Open Call #2 Business Open Call #1 Infrastructure Open Call *In coordination/liaison with CEF EBSI eSSIF, EC NGI and others 16 CC BY-SA 4.0
  18. 18. • Buss. Open Call (BOC)#1 opens: March 1, 2020 • BOC#1 closes: April 30, 2020 (13:00 CEST) • Evaluation, establish sub-grant agreements: beginning of August 2020. The work starts September 2020 (=M1) • Infra Open Call (IOC) opens: March 1, 2020 • IOC closes: June 30, 2020, or when 25 eligible proposals are received (but not before April 31st ). • Evaluation, est. sub-grant agreements: 3+1 month after closure of call. Then, the work starts. 17 CC BY-SA 4.0
  19. 19. •eSSIF-Lab home page •Vision, purpose •Functional architecture •eSSIF-Lab Gitlab repo •Infrastructure Open Call •Business Open Call #1 18 CC BY-SA 4.0
  20. 20. Thank you for your attention Take a look: · CC BY-SA 4.0 International
  21. 21. • Mean processingcosts: • N-1 * cost of form design + • Cost of validation + • Cost of decisionmaking • Validationcost for establishing a bank account: > 100 €. • Estimate of yearly validation cost in NL: > € / year. • From days-months to minutes • From days/weeks to seconds • Average lead time = • average time to fill in form + • Mean time for data transport + • average time for validation + • average time for deciding • # IT-Links that can be reduced. • ??? Per Link? Per organisation? Money Time IT-Links 20 CC BY-SA 4.0
  22. 22. 21 check for expiry and revocations SSI-Agent (Holder, or Wallet) SSI-Agent (Verifier) Process info request, i.e. collect data (attestations) for responding; and construct the response Request form metadata Send form structure, attestation requirements and other meta-data Data/attestations that satisfy the requirements Commit / decline SSI-Agent (Issuer role) Apply the business logic (outside scope of SSI) and decide to commit (or decline). Public Ledger register revocations obtain missing data (attestations) Check attestations, i.e. the proofs of integrity, provenance Scan QR-code register revocations register revocations CC BY-SA 4.0
  23. 23. Validate attestation i.e. check proof of integrity and provenance Make credential and create proof of integrity and provenance 22 Request a prod./svc. Provide the prod./svc.Party (Holder role) Issue Credential Request Credential Request attestations Share attestations Party (Issuer role) Party (verifier role) CC BY-SA 4.0
  24. 24. 23 Infrastructure that is not used has no use. CC BY-SA 4.0
  25. 25. 24 CC BY-SA 4.0