Wallet Deployments

From MgmtWiki
Jump to: navigation, search

Full Title or Meme

This is a collection of some of the mobile wallets that have been deployed to hold user credentials and other user secrets.

Context

Digital Identifiers for authentication, government-mediated access (like national security, finance and social services) and commerce.

Deployments

Posts to DIF ID in 2021-09

To Markus Sabadello (Danube Tech) do you know anymore than what is here? Particularly where did the “digital Wallet” come from? https://www.bundesregierung.de/breg-de/aktuelles/oekosystem-digitale-identitaet-1960124

BundesregierungBundesregierung Ökosystem Digitale Identitäten Wie geht es weiter? Anwendungsfälle aus dem Ökosystem digitale Identitäten starten für breite Öffentlichkeit. Kanzlerin spricht mit Wirtschaft wie es weitergehen soll. (31 kB) https://www.bundesregierung.de/breg-de/aktuelles/oekosystem-digitale-identitaet-1960124

In particular it seems that any wallet needs national recognition - does that mean the wallet needs to be verified by one EU country? (by september 2022) (edited)

Markus Sabadello (Danube Tech) 11:59 PM @Tom Jones I know a little bit about this, but the landscape of projects is pretty complicated. The link you posted is about an initiative led directly by the German government. They already built a pilot for checking into hotels and want to expand that now: https://www.bundesregierung.de/breg-de/aktuelles/start-pilot-hotel-check-in-1914392 Also in Germany, there are several additional projects, e.g. IDunion which is funded by the government, but run by a consortium of private companies. It's a different project than the one above but may converge at some point: https://idunion.org/ I think esatus built one of the wallets for these projects, but other companies such as Jolocom, Spherity, etc. are involved as well. Our German friends should be able to tell you more. @Dr. Andre Kudra @Joachim Lohkamp (Jolocom) @Niclas Mietz (Spherity) There are several bi-lateral / multi-lateral cooperation initiatives, e.g. Germany signed a collaboration agreement with Spain: https://www.bundesregierung.de/breg-de/aktuelles/digitale-identitaeten-spanien-1947050 Separate from such country-level initiatives, there is of course also the EU Commission's own EBSI/ESSIF project. Within this project, there is currently a debate where the wallet(s) will come from, e.g. will they be provided directly by the governments, or can any private company build a "compliant" wallet. I'm not quite sure what's the latest thinking.

Markus Sabadello (Danube Tech) 12:02 AM Here in Austria, we also have a similar initiative, which was one of the first in Europe but is now lagging behind due to political and funding challenges.. https://digitalesvertrauen.at/

Tom Jones 8:43 AM On this side of the pond the FTC woke and made some rumblings about wallets and Kantara has started looking at privacy and security profiles for wallets. — The US FTC Warns Health Apps and Connected Device Companies to Comply With Health Breach Notification Rule They issued this STATEMENT OF THE COMMISSION On Breaches by Health Apps and Other Connected Devices dated 2021-09-15 which noted that “when a health app, for example, discloses sensitive health information without users’ authorization, this is a “breach of security” under the Rule. Violations of the Rule face civil penalties of $43,792 per violation per day.”

Federal Trade CommissionFederal Trade Commission FTC Warns Health Apps and Connected Device Companies to Comply With Health Breach Notification Rule The Federal Trade Commission today issued a policy statement affirming that health apps and connected devices that collect or use consumers’ health information must comply with the Health Breach Notification Rule, which requires that they notify consumers and others when their health data is breached. Sep 15th https://www.ftc.gov/news-events/press-releases/2021/09/ftc-warns-health-apps-connected-device-companies-comply-health

Robert Mitwicki 10:56 AM FYI: as I recently learned ETSI will address digital wallet interfaces in eIDAS 2.0 (the work is just starting), in addtion JTC 19 https://standards.cencenelec.eu/dyn/www/f?p=305:7:0::::FSP_ORG_ID:2935523 will address specifically decentralized identity and after first meeting seems that identity backed by DLT is not very popular there :wink: Worth to follow those works. EU is really focus on digital transformation: https://ec.europa.eu/commission/presscorner/detail/en/ip_21_4630 standards.cencenelec.eustandards.cencenelec.eu CENELEC Technical Bodies - CEN/CLC/JTC 19/WG 01 CEN/CLC/JTC 19/WG 01 Decentralised identity management European Commission - European CommissionEuropean Commission - European Commission Press corner Highlights, press releases and speeches (39 kB) https://ec.europa.eu/commission/presscorner/detail/en/ip_21_4630

Tom Jones 2:40 PM @Robert Mitwicki i am somewhat disappointed that the wallet effort seems to be split between mDL folk and ssi folk. I was hoping that a single interface to wallet would evolve as i suspect users will have both and it would be great if both could reside in the same wallet. Since Apple and Google wallets are already handling mDL, a combined approach might get ssi into those wallets w/o much effort. Is there anyway to create a fusion task force to try for a single solution?

Robert Mitwicki 10:51 PM replied to above

If digital wallet is designed according to true principles of SSI (actually it should never be SSI but that another topic :wink: - but close enough), you would realize that this is the most important part in the whole chain. It is a root-of-trust. So it needs to be designed so that it is completely owned and control by user himself. This is hard to achieve nowadays with mentioned platforms. I am not saying that we should not seek for compromise at that stage but I think we need to be careful. If that is done wrong, people can die, election can be win/lost, a lot of bad things could happen. We need to remember that whole SSI is so early stage that hard to think of it as production system, there is more questions then answers at that stage. This is why mDL i think is a bit faster since this is known territory. Look on eIDAS regulation where in EU we have it since 2014 and now we are entering the phase where it goes more into the hands of the citizens (SSI-like). It takes time.

At HCF we are working on the concept of TDA (Trusted Digital Assistant), we sometimes call it human operating system. As it is more concept of operating system for human being to be present in digital space then any app or wallet. If you want to learn more I invite you to our weekly calls or join this year DDE event or IIW where we would address those topics.

To answer directly your question about synergy and single solution, this is why we created HCF to bridge those grounds. You need to remember that level of trust to companies like Apple and Google is quite low at the EU level. So obviously legislators would be very very careful before allowing those companies to have control over user identity. This is why they are planning to roll out something which could be implement by anyone (including Apple and Google). In those CEN groups mentioned above we are working on overall picture how this could be done. As soon as we would have proposition, and address all concerns form EU level I am pretty sure that the dialog with commercial space would start and we would try to find consensus with tech companies. This is why we trying to be active in different communites like ToIP, DIF, Linux foundation, W3C, CEN and more to glue all that stuff in a way.

Joachim Lohkamp (Jolocom) 2:09 AM replied to a thread: @Tom Jones I know a little bit about this, but the landscape of projects is pretty complicated.… thx for looping me in Markus!

the initiative of the German Government goes all the way back to 2016 where I presented the idea of a large lighthouse project for “autonomous digital identity” - the term SSI was only coined shortly after :wink: here are a few resources of the early and more recent work making way for the current SDI projects schaufenster-sdi.de there was a competition phase of 11 projects in 2020, out of which 4 were selected to make to the 3 year implementation phase, which started in in spring this year. in parallel the Bundeskanzleramt pushed a 5th project, which was on a tighter timeline (think: elections in Germany next weekend). all 5 projects are required to be interoperable. there is even a parallel research project (Begleitforschung) to also support this effort as well as standardization, eIDAS among other research topics.

References