Global state of SSI and how to build on it: EU report
The European Union’s cybersecurity agency has been busy typing up its research. The latest report is an overview of Self-Sovereign Identity (SSI) technologies, standards, providers and regulation from around the world with a view to their relevance applicability to the EU project for digital identity for individuals and businesses.
For example, the Latin America and Caribbean Chain is already aligned with the EU’s eIDAS framework for digital identity, and Poland’s digital wallet is the closest so far to what the EU wants to achieve.
It is not yet a guide as such, as the components and regulatory glue are not yet ready. But by investigating organizations and attempting to survey EU member states, the European Union Agency for Cybersecurity, ENISA, sets out what is known so far, what is possible, creates a synthesis and something of a to-do list towards an interoperable SSI system for the bloc and beyond.
“Digital Identity: Leveraging the Self-Sovereignty Identity (SSI) Concept to Build Trust” starts with a summary of aspects of SSI from around the world and assesses their relevance to the EU.
Window shopping for SSI systems
The report finds that the Sovrin Foundation has the most experience in operating a self-sovereign network: “The use of Cloud Agents, as adopted by Sovrin, could provide a way forward for assurance of wallets through an adaption of CEN 419 241-1/2 to support European electronic identity wallets.”
There is a similar view of Hyperledger Indy, from the open-source community hosted by the Linux Foundation. “Indy is the most advanced SSI solution based on blockchain and should be considered as one of technologies for the implementation of a European electronic identity wallet,” notes the report. “The Indy network also provides the revocation functionality, which is required by eIDAS.”
The Latin America and Caribbean Chain (LACChain) led by the Innovation Laboratory of the Inter-American Development Bank Group (IDB LAB) for the development of the blockchain ecosystem in Latin America and the Caribbean also scores well. It has experience, has developed digital wallets and its framework mentions and is aligned to eIDAS and GDPR.
The report also outlines the role of the bloc’s own bodies in this area and where they are up to. Acronyms are involved throughout. The European Self-Sovereign Identity Framework (ESSIF) is part of the European blockchain service infrastructure (EBSI), itself a joint initiative of the European Commission and the European Blockchain Partnership (EBP).
EBSI aims to deliver EU-wide, cross-border public services via blockchain technology. ESSIF aims for alignment with European legislation, such as eIDAS and GDPR.
“In EBSI v1, technical governance is implemented with a classical IT centralised model. This means that the major operations of governance, including the creation of the code base, onboarding of nodes, onboarding of use case applications and decisions on management of the node are all managed centrally, either by the European Commission’s Directorate-General for Informatic (DIGIT) or the Member State node host, depending on the operation.”
The EU also has its working groups looking into many different aspects of SSI, such as a common vocabulary for blockchain and distributed ledger technology (DLT), smart contracts, security and governance. ISO/TC 307 on the use of distributed ledgers for identity management plays a key role, with its own working groups.
“Whilst a few general documents have been published, much of the work in TC 307 is still immature. However, it is expected that, in the next year or so, some important standards will be produced as a result of this work.”
Searching for the SSI glass slipper
As with ENISA’s report on remote identity proofing published the same day, this report is a highly readable account of the current state of affairs and gives a useful summary of eIDAS in the context of SSI, such as “Users should be under no obligation to use the wallet to access private services, but if they wish to do so, large online platforms should accept the European Digital Identity Wallet for this purpose while respecting the principle of data minimisation.”
The paper acknowledges the work of the OpenID Foundation and EU funding of projects to fund the development of transnational identification via the Horizon 2020 Initiatives. Four projects have been selected to run in Germany as part of “Showcase Secure Digital Identities,” all within the field of SSI.
The first project, IDunion has entered the second phase of its project to implement a decentralized public key infrastructure, using the European cooperative Societas Cooperative Europaea S.C.E as a governance authority. It integrates with the Lissi and Esatus digital wallets.
Spain created an SSI standard and is promoting it at EU level. One of the country’s autonomous communities also legislated for a Blockchain Digital Identity, and is waiting for approval at national level.
biometrics | blockchain | digital identity | digital wallet | eIDAS | EU | Europe | GDPR | identity management | interoperability | regulation | self-sovereign identity | Sovrin Foundation | standards