Difference between revisions of "Wallet Deployments"

From MgmtWiki
Jump to: navigation, search
(Created page with "==Full Title or Meme== This is a collection of some of the mobile wallets that have been deployed to hold user credentials and other user secrets. ==Context== Digital Identif...")
 
(References)
Line 4: Line 4:
 
==Context==
 
==Context==
 
Digital Identifiers for authentication and commerce.
 
Digital Identifiers for authentication and commerce.
 +
 +
==Deployments==
 +
 +
Tom Jones  11:11 AM
 +
this looks interesting - @Markus Sabadello (Danube Tech) do you know anymore than what is here?  Particularly where did the “digital Wallet” come from?  https://www.bundesregierung.de/breg-de/aktuelles/oekosystem-digitale-identitaet-1960124
 +
 +
BundesregierungBundesregierung
 +
Ökosystem Digitale Identitäten Wie geht es weiter?
 +
Anwendungsfälle aus dem Ökosystem digitale Identitäten starten für breite Öffentlichkeit. Kanzlerin spricht mit Wirtschaft wie es weitergehen soll. (31 kB)
 +
https://www.bundesregierung.de/breg-de/aktuelles/oekosystem-digitale-identitaet-1960124
 +
 +
white_check_mark
 +
eyes
 +
raised_hands
 +
 +
 +
 +
 +
 +
 +
Tom Jones  11:28 AM
 +
In particular it seems that the wallet needs national recognition - does that mean the wallet needs to be verified by one EU country? (by september 2022) (edited)
 +
 +
Markus Sabadello (Danube Tech)  11:59 PM
 +
@Tom Jones I know a little bit about this, but the landscape of projects is pretty complicated.
 +
The link you posted is about an initiative led directly by the German government. They already built a pilot for checking into hotels and want to expand that now: https://www.bundesregierung.de/breg-de/aktuelles/start-pilot-hotel-check-in-1914392
 +
Also in Germany, there are several additional projects, e.g. IDunion which is funded by the government, but run by a consortium of private companies. It's a different project than the one above but may converge at some point: https://idunion.org/
 +
I think esatus built one of the wallets for these projects, but other companies such as Jolocom, Spherity, etc. are involved as well. Our German friends should be able to tell you more. @Dr. Andre Kudra @Joachim Lohkamp (Jolocom) @Niclas Mietz (Spherity)
 +
There are several bi-lateral / multi-lateral cooperation initiatives, e.g. Germany signed a collaboration agreement with Spain: https://www.bundesregierung.de/breg-de/aktuelles/digitale-identitaeten-spanien-1947050
 +
Separate from such country-level initiatives, there is of course also the EU Commission's own EBSI/ESSIF project. Within this project, there is currently a debate where the wallet(s) will come from, e.g. will they be provided directly by the governments, or can any private company build a "compliant" wallet. I'm not quite sure what's the latest thinking.
 +
:pray:
 +
4
 +
 +
 +
 +
2 replies
 +
Last reply today at 2:09 AMView thread
 +
 +
Dr. Andre Kudra  11:59 PM
 +
was added to #wg-id by Markus Sabadello (Danube Tech).
 +
 +
Markus Sabadello (Danube Tech)  12:02 AM
 +
Here in Austria, we also have a similar initiative, which was one of the first in Europe but is now lagging behind due to political and funding challenges.. https://digitalesvertrauen.at/
 +
 +
Tom Jones  8:43 AM
 +
On this side of the pond the FTC woke and made some rumblings about wallets and Kantara has started looking at privacy and security profiles for wallets.  —  The [https://www.ftc.gov/news-events/press-releases/2021/09/ftc-warns-health-apps-connected-device-companies-comply-health US FTC Warns Health Apps and Connected Device Companies to Comply With Health Breach Notification Rule] They issued this [https://www.ftc.gov/system/files/documents/public_statements/1596364/statement_of_the_commission_on_breaches_by_health_apps_and_other_connected_devices.pdf STATEMENT OF THE COMMISSION On Breaches by Health Apps and Other Connected Devices] dated 2021-09-15 which noted that “when a health app, for example, discloses sensitive health information without users’ authorization, this is a “breach of security” under the Rule. Violations of the Rule face civil penalties of $43,792 per violation per day.”
 +
 +
Federal Trade CommissionFederal Trade Commission
 +
FTC Warns Health Apps and Connected Device Companies to Comply With Health Breach Notification Rule
 +
The Federal Trade Commission today issued a policy statement affirming that health apps and connected devices that collect or use consumers’ health information must comply with the Health Breach Notification Rule, which requires that they notify consumers and others when their health data is breached.
 +
Sep 15th
 +
https://www.ftc.gov/news-events/press-releases/2021/09/ftc-warns-health-apps-connected-device-companies-comply-health
 +
 +
 +
Robert Mitwicki  10:56 AM
 +
FYI: as I recently learned ETSI will address digital wallet interfaces in eIDAS 2.0 (the work is just starting), in addtion JTC 19 https://standards.cencenelec.eu/dyn/www/f?p=305:7:0::::FSP_ORG_ID:2935523 will address specifically decentralized identity and after first meeting seems that identity backed by DLT is not very popular there :wink:  Worth to follow those works. EU is really focus on digital transformation: https://ec.europa.eu/commission/presscorner/detail/en/ip_21_4630
 +
standards.cencenelec.eustandards.cencenelec.eu
 +
CENELEC Technical Bodies - CEN/CLC/JTC 19/WG 01
 +
CEN/CLC/JTC 19/WG 01 Decentralised identity management
 +
European Commission - European CommissionEuropean Commission - European Commission
 +
Press corner
 +
Highlights, press releases and speeches (39 kB)
 +
https://ec.europa.eu/commission/presscorner/detail/en/ip_21_4630
 +
 +
 +
1 reply
 +
20 hours agoView thread
 +
 +
GitHubAPP  12:42 PM
 +
New issue created by kimdhamilton
 +
#92 [BUG] verifyPresentation doesn't verify VCs inside VP
 +
Current Behavior
 +
verifyPresentation verifies the outer VP but not the VCs inside
 +
Expected Behavior
 +
My understanding is that VP verification includes verification of VP plus VCs contained in it. The VC-DATA-MODEL is not clear on this, but this is the convention that we've established based on common interpretation/expectation. Documented here: https://github.com/w3c-ccg/vc-http-api/blob/main/verification.md
 +
Failure Information
 +
verifyPresentation succeeds when VP is wrapping a known failing VC
 +
Steps to Reproduce
 +
Please provide detailed steps for reproducing the issue.
 +
1. Created an expired VC, e.g. 
 +
  const expiredVc = 'eyJhbGciOiJFZERTQSIsInR5cCI6IkpXVCJ9.eyJleHAiOjE2MjYyMDgzNTIsInZjIjp7IkBjb250ZXh0Ij… Show more
 +
Labels
 +
bug
 +
<https://github.com/decentralized-identity/did-jwt-vc|decentralized-identity/did-jwt-vc>decentralized-identity/did-jwt-vc | Yesterday at 12:42 PM
 +
 +
Markus Sabadello (Danube Tech)  12:54 PM
 +
Good links, thanks @Tom Jones and @Robert Mitwicki
 +
 +
Tom Jones  2:40 PM
 +
@Robert Mitwicki i am somewhat disappointed that the wallet effort seems to be split between mDL folk and ssi folk. I was hoping that a single interface to wallet would evolve as i suspect users will have both and it would be great if both could reside in the same wallet.  Since Apple and Google wallets are already handling mDL, a combined approach might get ssi into those wallets w/o much effort. Is there anyway to create a fusion task force to try for a single solution?
 +
 +
 +
 +
5 replies
 +
Last reply today at 5:22 AMView thread
 +
 +
GitHubAPP  9:27 PM
 +
Pull request opened by dependabot[bot]
 +
#75 Bump tmpl from 1.0.4 to 1.0.5 in /resources/did-configuration/generate-config
 +
Bumps tmpl from 1.0.4 to 1.0.5.
 +
Commits
 +
• See full diff in compare view
 +
 +
Dependabot compatibility score
 +
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
 +
* * *
 +
Dependabot commands and options 
 +
You can trigger Dependabot actions by commenting on this PR:
 +
• @dependabot rebase will rebase this PR
 +
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
 +
• @dependabot merge will merge this PR after your CI passes on it
 +
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
 +
• @dependabot cancel merge will cancel a previously req… Show more
 +
Labels
 +
dependencies
 +
<https://github.com/decentralized-identity/.well-known|decentralized-identity/.well-known>decentralized-identity/.well-known | Yesterday at 9:27 PM
 +
:white_check_mark: All checks have passed
 +
1/1 successful checks
 +
 +
Robert Mitwicki  10:51 PM
 +
replied to a thread:
 +
@Robert Mitwicki i am somewhat disappointed that the wallet effort seems to be split between mDL folk and ssi folk. I was hoping that a single interface to wallet would evolve as i suspect users will have both and it would be great if both could reside in the same wallet. Since Apple and Google wallets are already handling mDL, a combined approach might get ssi into those wallets w/o much effort. Is there anyway to create a fusion task force to try for a single solution?
 +
If digital wallet is designed according to true principles of SSI (actually it should never be SSI but that another topic :wink:  - but close enough), you would realize that this is the most important part in the whole chain. It is a root-of-trust. So it needs to be design that it is completely own and control by user himself. This is hard to achieve nowadays with mentioned platforms. I am not saying that we should not seek for compromise at that stage but I think we need to be careful. If that is done wrong, people can die, election can be win/lost, a lot of bad things could happen. We need to remember that whole SSI is so early stage that hard to think of it as production system, there is more questions then answers at that stage. This is why mDL i think is a bit faster since this is known territory. Look on eIDAS regulation where in EU we have it since 2014 and now we are entering the phase where it goes more into the hands of the citizens (SSI-like). It takes time.
 +
At HCF we are working on the concept of TDA  (Trusted Digital Assistant), we sometimes call it human operating system. As it is more concept of operating system for human being to be present in digital space then any app or wallet. If you want to learn more I invite you to our weekly calls or join this year DDE event or IIW where we would address those topics.
 +
To answer directly your question about synergy and single solution, this is why we created HCF to bridge those grounds. You need to remember that level of trust to companies like Apple and Google is quite low at the EU level. So obviously legislators would be very very careful before allowing those companies to have control over user identity. This is why they are planning to roll out something which could be implement by anyone (including Apple and Google). In those CEN groups mentioned above we are working on overall picture how this could be done. As soon as we would have proposition, and address all concerns form EU level I am pretty sure that the dialog with commercial space would start and we would try to find consensus with tech companies. This is why we trying to be active in different communites like ToIP, DIF, Linux foundation, W3C, CEN and more to glue all that stuff in a way.
 +
View newer replies
 +
 +
Joachim Lohkamp (Jolocom)  2:09 AM
 +
replied to a thread:
 +
@Tom Jones I know a little bit about this, but the landscape of projects is pretty complicated.…
 +
thx for looping me in Markus!
 +
the initiative of the German Government goes all the way back to 2016 where I presented the idea of a large lighthouse project for “autonomous digital identity” - the term SSI was only coined shortly after :wink:
 +
here are a few resources of the early and more recent work making way for the current SDI projects schaufenster-sdi.de
 +
there was a competition phase of 11 projects in 2020, out of which 4 were selected to make to the 3 year implementation phase, which started in  in spring this year.
 +
in parallel the Bundeskanzleramt pushed a 5th project, which was on a tighter timeline (think: elections in Germany next weekend). all 5 projects are required to be interoperable. there is even a parallel research project (Begleitforschung) to also support this effort as well as standardization, eIDAS among other research topics.
 +
Currently there are 3.5 wallets as far as I’m aware involved in these projects. Lissy and esatus self at IDUnion, the Jolocom SmartWallet in SDIKA, ONCE and ID-Ideal, as well as a fork of the esatus self in the fifth project.
 +
here is a quick intro to the SDI projects from Jolocom’s side
 +
https://jolocom.io/blog/sdi-breakthrough/
 +
for some more back ground info here are some papers:
 +
Position Paper of the German Bundesblock
 +
https://jolocom.io/wp-content/uploads/2018/07/Blockchain-Opportunities-and-challen[…]-infrastructure-for-Germany-_-Blockchain-Bundesverband-2018.pdf
 +
Identity Paper of the German Bundesblock
 +
https://jolocom.io/wp-content/uploads/2018/10/Self-sovereign-Identity-_-Blockchain-Bundesverband-2018.pdf
 +
Identity paper INATBA
 +
https://inatba.org/wp-content/uploads/2020/11/2020-11-INATBA-Decentralised-Identity-001.pdf
 +
JolocomJolocom
 +
The latest in the DWeb: SSI's breakthrough - Jolocom
 +
Developers can integrate Jolocom's platform-agnostic SSI technology to reach millions of EU citizens across 40 use cases poised to scale.
 +
Written by
 +
admin
 +
Est. reading time
 +
1 minute
 +
May 6th
 +
https://jolocom.io/blog/sdi-breakthrough/
 +
 +
:raised_hands:
 +
2
 +
 +
  
 
==References==
 
==References==
  
 
[[Category: Best Practice]]
 
[[Category: Best Practice]]
 +
[[Category: User Experience]]

Revision as of 09:32, 22 September 2021

Full Title or Meme

This is a collection of some of the mobile wallets that have been deployed to hold user credentials and other user secrets.

Context

Digital Identifiers for authentication and commerce.

Deployments

Tom Jones 11:11 AM this looks interesting - @Markus Sabadello (Danube Tech) do you know anymore than what is here? Particularly where did the “digital Wallet” come from? https://www.bundesregierung.de/breg-de/aktuelles/oekosystem-digitale-identitaet-1960124

BundesregierungBundesregierung Ökosystem Digitale Identitäten Wie geht es weiter? Anwendungsfälle aus dem Ökosystem digitale Identitäten starten für breite Öffentlichkeit. Kanzlerin spricht mit Wirtschaft wie es weitergehen soll. (31 kB) https://www.bundesregierung.de/breg-de/aktuelles/oekosystem-digitale-identitaet-1960124

white_check_mark eyes raised_hands




Tom Jones 11:28 AM In particular it seems that the wallet needs national recognition - does that mean the wallet needs to be verified by one EU country? (by september 2022) (edited)

Markus Sabadello (Danube Tech) 11:59 PM @Tom Jones I know a little bit about this, but the landscape of projects is pretty complicated. The link you posted is about an initiative led directly by the German government. They already built a pilot for checking into hotels and want to expand that now: https://www.bundesregierung.de/breg-de/aktuelles/start-pilot-hotel-check-in-1914392 Also in Germany, there are several additional projects, e.g. IDunion which is funded by the government, but run by a consortium of private companies. It's a different project than the one above but may converge at some point: https://idunion.org/ I think esatus built one of the wallets for these projects, but other companies such as Jolocom, Spherity, etc. are involved as well. Our German friends should be able to tell you more. @Dr. Andre Kudra @Joachim Lohkamp (Jolocom) @Niclas Mietz (Spherity) There are several bi-lateral / multi-lateral cooperation initiatives, e.g. Germany signed a collaboration agreement with Spain: https://www.bundesregierung.de/breg-de/aktuelles/digitale-identitaeten-spanien-1947050 Separate from such country-level initiatives, there is of course also the EU Commission's own EBSI/ESSIF project. Within this project, there is currently a debate where the wallet(s) will come from, e.g. will they be provided directly by the governments, or can any private company build a "compliant" wallet. I'm not quite sure what's the latest thinking.

pray:

4


2 replies Last reply today at 2:09 AMView thread

Dr. Andre Kudra 11:59 PM was added to #wg-id by Markus Sabadello (Danube Tech).

Markus Sabadello (Danube Tech) 12:02 AM Here in Austria, we also have a similar initiative, which was one of the first in Europe but is now lagging behind due to political and funding challenges.. https://digitalesvertrauen.at/

Tom Jones 8:43 AM On this side of the pond the FTC woke and made some rumblings about wallets and Kantara has started looking at privacy and security profiles for wallets. — The US FTC Warns Health Apps and Connected Device Companies to Comply With Health Breach Notification Rule They issued this STATEMENT OF THE COMMISSION On Breaches by Health Apps and Other Connected Devices dated 2021-09-15 which noted that “when a health app, for example, discloses sensitive health information without users’ authorization, this is a “breach of security” under the Rule. Violations of the Rule face civil penalties of $43,792 per violation per day.”

Federal Trade CommissionFederal Trade Commission FTC Warns Health Apps and Connected Device Companies to Comply With Health Breach Notification Rule The Federal Trade Commission today issued a policy statement affirming that health apps and connected devices that collect or use consumers’ health information must comply with the Health Breach Notification Rule, which requires that they notify consumers and others when their health data is breached. Sep 15th https://www.ftc.gov/news-events/press-releases/2021/09/ftc-warns-health-apps-connected-device-companies-comply-health


Robert Mitwicki 10:56 AM FYI: as I recently learned ETSI will address digital wallet interfaces in eIDAS 2.0 (the work is just starting), in addtion JTC 19 https://standards.cencenelec.eu/dyn/www/f?p=305:7:0::::FSP_ORG_ID:2935523 will address specifically decentralized identity and after first meeting seems that identity backed by DLT is not very popular there :wink: Worth to follow those works. EU is really focus on digital transformation: https://ec.europa.eu/commission/presscorner/detail/en/ip_21_4630 standards.cencenelec.eustandards.cencenelec.eu CENELEC Technical Bodies - CEN/CLC/JTC 19/WG 01 CEN/CLC/JTC 19/WG 01 Decentralised identity management European Commission - European CommissionEuropean Commission - European Commission Press corner Highlights, press releases and speeches (39 kB) https://ec.europa.eu/commission/presscorner/detail/en/ip_21_4630


1 reply 20 hours agoView thread

GitHubAPP 12:42 PM New issue created by kimdhamilton

  1. 92 [BUG] verifyPresentation doesn't verify VCs inside VP

Current Behavior verifyPresentation verifies the outer VP but not the VCs inside Expected Behavior My understanding is that VP verification includes verification of VP plus VCs contained in it. The VC-DATA-MODEL is not clear on this, but this is the convention that we've established based on common interpretation/expectation. Documented here: https://github.com/w3c-ccg/vc-http-api/blob/main/verification.md Failure Information verifyPresentation succeeds when VP is wrapping a known failing VC Steps to Reproduce Please provide detailed steps for reproducing the issue. 1. Created an expired VC, e.g.

  const expiredVc = 'eyJhbGciOiJFZERTQSIsInR5cCI6IkpXVCJ9.eyJleHAiOjE2MjYyMDgzNTIsInZjIjp7IkBjb250ZXh0Ij… Show more

Labels bug <https://github.com/decentralized-identity/did-jwt-vc%7Cdecentralized-identity/did-jwt-vc>decentralized-identity/did-jwt-vc | Yesterday at 12:42 PM

Markus Sabadello (Danube Tech) 12:54 PM Good links, thanks @Tom Jones and @Robert Mitwicki

Tom Jones 2:40 PM @Robert Mitwicki i am somewhat disappointed that the wallet effort seems to be split between mDL folk and ssi folk. I was hoping that a single interface to wallet would evolve as i suspect users will have both and it would be great if both could reside in the same wallet. Since Apple and Google wallets are already handling mDL, a combined approach might get ssi into those wallets w/o much effort. Is there anyway to create a fusion task force to try for a single solution?


5 replies Last reply today at 5:22 AMView thread

GitHubAPP 9:27 PM Pull request opened by dependabot[bot]

  1. 75 Bump tmpl from 1.0.4 to 1.0.5 in /resources/did-configuration/generate-config

Bumps tmpl from 1.0.4 to 1.0.5. Commits • See full diff in compare view

Dependabot compatibility score Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

  • * *

Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: • @dependabot rebase will rebase this PR • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it • @dependabot merge will merge this PR after your CI passes on it • @dependabot squash and merge will squash and merge this PR after your CI passes on it • @dependabot cancel merge will cancel a previously req… Show more Labels dependencies <https://github.com/decentralized-identity/.well-known%7Cdecentralized-identity/.well-known>decentralized-identity/.well-known | Yesterday at 9:27 PM

white_check_mark: All checks have passed

1/1 successful checks

Robert Mitwicki 10:51 PM replied to a thread: @Robert Mitwicki i am somewhat disappointed that the wallet effort seems to be split between mDL folk and ssi folk. I was hoping that a single interface to wallet would evolve as i suspect users will have both and it would be great if both could reside in the same wallet. Since Apple and Google wallets are already handling mDL, a combined approach might get ssi into those wallets w/o much effort. Is there anyway to create a fusion task force to try for a single solution? If digital wallet is designed according to true principles of SSI (actually it should never be SSI but that another topic :wink: - but close enough), you would realize that this is the most important part in the whole chain. It is a root-of-trust. So it needs to be design that it is completely own and control by user himself. This is hard to achieve nowadays with mentioned platforms. I am not saying that we should not seek for compromise at that stage but I think we need to be careful. If that is done wrong, people can die, election can be win/lost, a lot of bad things could happen. We need to remember that whole SSI is so early stage that hard to think of it as production system, there is more questions then answers at that stage. This is why mDL i think is a bit faster since this is known territory. Look on eIDAS regulation where in EU we have it since 2014 and now we are entering the phase where it goes more into the hands of the citizens (SSI-like). It takes time. At HCF we are working on the concept of TDA (Trusted Digital Assistant), we sometimes call it human operating system. As it is more concept of operating system for human being to be present in digital space then any app or wallet. If you want to learn more I invite you to our weekly calls or join this year DDE event or IIW where we would address those topics. To answer directly your question about synergy and single solution, this is why we created HCF to bridge those grounds. You need to remember that level of trust to companies like Apple and Google is quite low at the EU level. So obviously legislators would be very very careful before allowing those companies to have control over user identity. This is why they are planning to roll out something which could be implement by anyone (including Apple and Google). In those CEN groups mentioned above we are working on overall picture how this could be done. As soon as we would have proposition, and address all concerns form EU level I am pretty sure that the dialog with commercial space would start and we would try to find consensus with tech companies. This is why we trying to be active in different communites like ToIP, DIF, Linux foundation, W3C, CEN and more to glue all that stuff in a way. View newer replies

Joachim Lohkamp (Jolocom) 2:09 AM replied to a thread: @Tom Jones I know a little bit about this, but the landscape of projects is pretty complicated.… thx for looping me in Markus! the initiative of the German Government goes all the way back to 2016 where I presented the idea of a large lighthouse project for “autonomous digital identity” - the term SSI was only coined shortly after :wink: here are a few resources of the early and more recent work making way for the current SDI projects schaufenster-sdi.de there was a competition phase of 11 projects in 2020, out of which 4 were selected to make to the 3 year implementation phase, which started in in spring this year. in parallel the Bundeskanzleramt pushed a 5th project, which was on a tighter timeline (think: elections in Germany next weekend). all 5 projects are required to be interoperable. there is even a parallel research project (Begleitforschung) to also support this effort as well as standardization, eIDAS among other research topics. Currently there are 3.5 wallets as far as I’m aware involved in these projects. Lissy and esatus self at IDUnion, the Jolocom SmartWallet in SDIKA, ONCE and ID-Ideal, as well as a fork of the esatus self in the fifth project. here is a quick intro to the SDI projects from Jolocom’s side https://jolocom.io/blog/sdi-breakthrough/ for some more back ground info here are some papers: Position Paper of the German Bundesblock https://jolocom.io/wp-content/uploads/2018/07/Blockchain-Opportunities-and-challen[…]-infrastructure-for-Germany-_-Blockchain-Bundesverband-2018.pdf Identity Paper of the German Bundesblock https://jolocom.io/wp-content/uploads/2018/10/Self-sovereign-Identity-_-Blockchain-Bundesverband-2018.pdf Identity paper INATBA https://inatba.org/wp-content/uploads/2020/11/2020-11-INATBA-Decentralised-Identity-001.pdf JolocomJolocom The latest in the DWeb: SSI's breakthrough - Jolocom Developers can integrate Jolocom's platform-agnostic SSI technology to reach millions of EU citizens across 40 use cases poised to scale. Written by admin Est. reading time 1 minute May 6th https://jolocom.io/blog/sdi-breakthrough/

raised_hands:

2


References