Continuous innovations in Digital Identity at European Identity and Cloud 2024!

EIC 2024 gave important insights into the Digital identity landscape and DSR returned with key takeaways from the show. The main observation from the event is the proliferation of decentralized technologies or Self-Sovereign Identity for Digital Identity uses. This surge in popularity is due in part to the expansion of eIDAS 2.0 in the European Union, which requires member states to offer at least one EU Digital identity Wallet by 2026.

Takeaways

Below you can find a full list of takeaways from the show:

eIDAS 2.0 and the EU adoption of Decentralized Identity Many presentations at the EIC 2024 were dedicated to eIDAS 2.0, which was put into force this year. Key discussions focused on the EUDI ARF (European Union Digital Identity Architecture and Reference Framework) and EUDI Wallet reference implementation. Specific examples of EUDI ARF adoption by member states, like Germany, were highlighted, providing insights into both regulatory and technical aspects of this digital transformation.

Several large-scale projects showcased use cases and ongoing development of Decentralized Identity. Attendees had the opportunity to learn about the technical standards underpinning the EUDI ARF, such as OpenID4VC, SD-JWT, and mDL, along with the associated business use cases and opportunities.

Worldwide adoption of Decentralized Identity  The European Union is not alone in adopting new approaches to digital identity. Many countries, including Switzerland, Bhutan, Japan, Australia, Canada and the US, have been implementing similar regulations or principles. The event saw participation from both the private and public sectors across the globe.

Adoption and potential synergy between passkeys and decentralized identity wallets Passkeys represent a new and promising trend in passwordless login technology. During the event, several cases highlighted the potential synergy between passkeys and decentralized identity wallets. Notably, passkeys could be used for backup and recovery solutions, as well as for web wallets. An upcoming WebAuthn signing extension will further enable the use of passkeys for holder binding, enhancing their functionality and security. 

Post-quantum Cryptography Post-quantum cryptography was a key talking point at the event. The consensus opinion believes that it’s time to start thinking about and adopting quantum-resistant cryptographic algorithms and technologies. The good news is that the most popular formats for verifiable credentials—such as W3C JWT, W3C SD-JWT, and W3C JSON-LD—are compatible with quantum-safe signature schemes.

AI and Decentralized Identity Artificial Intelligence is bound to be trending at nearly every technology conference these days, including EIC. This trend is brought about by numerous innovative ideas on how AI can be integrated with digital wallets and verifiable credentials. AI has the potential to act as a privacy-preserving helper and advisor, enhancing the functionality and security of these technologies.

OpenID for Verifiable Credentials OpenID for Verifiable Credentials (OID4VC) is rapidly gaining traction amongst developers and has become the de facto protocol for verifiable credentials exchange. It is integral to several profiles, like HAIP, and regulatory frameworks, such as EUDI ARF. Numerous open-source projects have emerged, implementing OID4VC in various programming languages.

Secure Key Storage and Holder Binding Modern decentralized identity frameworks and regulations, such as eIDAS 2.0 and EUDI ARF, impose dedicated and stringent requirements on key storage and holder binding. The ARF introduces the concept of a Wallet Security Cryptographic Device (WSDC) to ensure tamper-proof key storage and user authentication. Various options for WSDCs are under consideration, including local, local external or remote ones, as well as National ID cards, Secure Elements, Cloud HSMs and more.

Discussion Points

Biometric and holder binding While various techniques exist to securely bind credentials to a device or key, further discussion is needed to determine the necessity and proper implementation of biometric-based binding. Biometric binding becomes crucial in scenarios where the verifier needs to ensure that the presented credential genuinely belongs to the user presenting it.

Trust Model and Trusted Lists infrastructure The new ARF 1.4 provides more details on the Trust Model, but the exact regulatory and technical qualification requirements have yet to be finalized. This uncertainty raises questions about whether a given trust framework, such as a distributed ledger, can be qualified under the current guidelines.

DSR and Digital Identity

EIC 2024 provided a clearer picture of the Digital Identity landscape. As pioneers in the Decentralized Identity space, DSR is happy with the direction the Digital Identity market is headed, as decentralization makes digital identities and transactions more secure for all parties. 

Interested in learning more about DSR’s decentralized identity and Web3 capabilities? Visit: https://en.dsr-corporation.com/technology#blockchain

About the Author

Alexander Shcherbakov, head of DSR's Decentralized Systems business unit, has over 14 years of experience in software engineering and management, and over seven years of experience in self-sovereign identity, blockchain, consensus protocols and distributed ledger technologies. Alexander has a Ph.D. degree in Mathematics and is a speaker at the Hyperledger Global Forum, IIW and other industry conferences. He actively contributes to open-source projects, including Hyperledger Indy, Hyperledger Aries, DIDComm, CSA DCL, Tendermint and others.