DRAFT
The work item
- About Trust Over IP and Identity Wallets
The Trust over IP (ToIP) Foundation is an independent project hosted at the Linux Foundation, working with pan-industry support from leading organizations around the world. Its mission is to provide a robust, common standard and complete architecture for Internet-scale digital trust. The ToIP Foundation has grown rapidly to over 300 member organizations and individuals, and it has doubled from four to eight Working Groups, with over a dozen deliverables slated for release by the end of 2021
[1]
- Relationship Between ToIP and Identity Wallets
The ToIP model was originally inspired on digital identity wallets and agents. The focus has been on secure key pair generation and storage along with secure verifiable credential exchange and storage. However, the scope is steadily expanding to be inclusive of other decentralized identity stack architectures and protocols [2].The ToIP Foundation aims to build solutions that support the technical interoperability of blockchains, identity wallets, and verifiable credentials. This interoperability is a critical prerequisite for mass adoption and to enable the trusted exchange of data for everyone, everywhere.
- EU Digital Identity Wallet Initiative
The surge of interest in decentralized digital trust infrastructure has been fueled by the June 2021 announcement of the EU Digital Identity Wallet initiative. This initiative, along with Apple and Google's announcements about beginning to accept digitally-signed credentials in their proprietary digital wallets, has further propelled the interest in decentralized digital trust infrastructure[1]
- Our Mission
In GEANT we are trying to find the best solution of developing Wallet or contributing in wallet development to manage VC in research and education arena.
for more information about protocols related to wallets please refer to Fundamental page.
Transformative aspects
An essential Question is how is our contribution with EUDI. We should always be aware of the progress on EU Digital Identity Wallet Consortium WP3. EWC WP3 covers the Reference Wallet integration as well as development of PID and ODI Credentials. Moreover, B2B test scenarios needed for additional testing of the PID/ODI combination are also developed in WP3. ODI stands for Organizational Digital Identity. An ODI wallet is a wallet software for legal entities and represents a stand-alone legal body.
Technology development in hardware and software affects the wallets.
‘Consent’ thema should be considered. If the wallet and VC are available, how the wallet can support users to protect them from extra revealing id attributes.
The major and transformative Question is, Is it really needed that a new wallet get developed? Or we could probably develop an entity which is importable to almost every type of wallets? Into identity wallets, currency wallets, smartphone wallet, travel once or etc. And the next Question is , is it really possible without developing wallet? How big is challenging or dependency to other wallets.
One of the advantage of developing our wallet is beneficial aspect of a centralized system. An overview or statistic view of Edu-Credentials or maybe other type of credential.
Another point is, our users are not limited to EU-students. If we just rely on and depend on EUDI-Wallets, it means we exclude a big amount of students, universities, etc. who(which) are not located in EU and has no EU ID. Other wallets, could present any edu-credentials which issued by our ecosystem. But edu-credential management is our task. It could be implemented via our wallet. Another technical question here is, whether it should be implemented via our wallet or our integrable agent which introduce wallet APIs? Identity agents are software services that manage all the stuff in the wallet. Agents store, update, retrieve, and delete all the artifacts that a wallet holds. So, it could be interoperable with any type of identity wallet. It may also mean focusing on back-end instead of front-end.
We should also pay attention to large-scale activities like DC4EU, specially WP7(Integrations and Development) led by SUNET [3]
Opportunities
- We have chance of communication with NRENs and universities which provide us realistic requirements.
In distributed ecosystem, wallets are the strategic points and its provider still has essential role. Because, all sensitive data are partially or completely available for wallet providers. In a holistic view almost, all benefit of a central identity system can transfer to wallet, unless some regulations restrict the availability and access to data. For example: Statistics and analysis of user behavior.
Technically we can implement our wallet but it should split in two parts. Part one, Wallet is basically for us to using any centralized benefit , improve our userbase and rise communication opportunities. Part 2, Every credentials or related service (agents) should be portable or pluggable on other wallets as well. Specifically portable and integrable to EU wallet.
- Capable to deliver extra service like translation and legalization of edu-certificates from other countries beyond Europe.
- Statistic aspects of wallet could feed many sectors without revealing users private information. e.g. it could show how many student or employees(gaining micro credential) were graduated in AI and how many in network in last year!
Some Benefits:
- Speed up the process of issuing an educational certificate, no need for non-local student to come and bring their certificates.
- Delivering the current status of a student not just as a verifiable credential after graduation. e.g. his notes. It could be helpful for looking for a master-job or any type of student job.
Risks
Here are some of the potential risks associated with digital ID wallets:
- Security Breaches: One of the primary risks is the potential for security breaches. If your digital ID wallet is compromised, an attacker may gain access to sensitive personal information, such as your driver’s license, passport, or other forms of identification.
- Identity Theft: If a malicious actor gains access to your digital ID wallet, they could use your identity to commit various forms of fraud and identity theft. This could have serious consequences for your financial and personal well-being.
- Data Privacy Concerns: Storing personal identification documents and data in a digital ID wallet means that this information is potentially accessible to service providers and the wallet provider itself. Users must trust these entities to protect their data adequately.
- Loss of Device: If you lose your mobile device or the device containing your digital ID wallet is stolen, there’s a risk that the thief could misuse your digital ID and access your accounts or impersonate you.
- Biometric Data Vulnerabilities: Many digital ID wallets use biometric authentication methods, such as fingerprint or facial recognition. These can be vulnerable to spoofing or hacking if not properly secured.
- Phishing and Social Engineering: Attackers may attempt to trick you into revealing your digital ID wallet credentials through phishing emails, fake websites, or social engineering attacks.
- Incompatibility and Interoperability Issues: Different regions and organizations may use different standards and technologies for digital ID. Compatibility issues could arise if your digital ID wallet is not accepted or recognized by certain entities.
- Regulatory and Legal Issues: The legal framework around digital ID is still evolving in many places. There may be regulatory changes or legal disputes that impact the use and security of digital ID wallets.
- Dependency on Technology: Relying on a digital ID wallet means that you’re dependent on technology and the infrastructure that supports it. Technical issues, outages, or system failures could temporarily prevent you from accessing your digital ID.[4]
- Technical Problems: Technical issues, such as system failures or connectivity issues, can prevent users from accessing their digital wallet accounts, making payments and accessing funds difficult.
- Limited Acceptance: Because digital wallets are not accepted everywhere, users may encounter situations in which they are unable to make payments using their digital wallets.
- Hidden fees: Some digital wallets may charge hidden fees, such as transaction fees, foreign exchange fees, or account maintenance fees. Users should review their digital wallet provider's fee schedule to ensure they understand the charges associated with using the platform. [5]
- No insurance by misusing or mistake. It is more related to currency wallet but for identity there such shortage too.
DRAFT
Subchapter | Description | Notes relevant to many/most T7 work items |
---|---|---|
The work item | a brief description of the topic at hand, map it to "our world". You may get inspiration from the corresponding ToIP description. | (individual) |
Transformative aspects | What will potentially change with respect to our current way of delivering value in general? And what will change with a particular view to our ecosystem? Include a critical review of our existing ecosystem services and the nature of potential impact on them. |
|
Opportunities | Describe use cases in our ecosystem that could potentially benefit from an emerging DI ecosystem Describe assumptions / requirements towards other players / outcomes etc. to make it deliver value to our ecosystem Describe actions we need to fulfil as a community (ecosystem) to get such value delivered to our ecosystem Might this make it easier for NRENs to participate in the ecosystem with less effort? |
|
Risks | Describe potential situations or actions of other important stakeholders leading to a failure to deliver value to our ecosystem This could be linked to external developments but also to our inability to fulfil above actions or to get consensus in our own ecosystem |
|
Engagements, projects | Describe (crowdsourced within our group) prior or ongoing activities in our ecosystem relevant to the topic at hand by NRENs and GÉANT |
|
Recommendations | Recommendations towards NRENs (and their community), GÉANT and "the research community" |
|
References
[1]https://trustoverip.org/about/about/
[2] https://trustoverip.org/blog/2022/07/13/identity-week-2022-recap/
[3]About DC4EU, 2024
[4] DIGITAL IDENTITY WALLET BENEFITS AND RISKS
[5] The Advantages and Risks of Moving Your Money to a Digital Wallet