The GLASS Wallet: Now Compliant with EBSI and EU e-ID
The GLASS Wallet: Now Compliant with EBSI and EU e-ID
And, so, I have no real NHS digital record, I have no real UK government digital record, and I have no real digital record for the city I live in. I thus live in the 21st Century, but for public and government service, I am still back in the 20th Century — and, in some places, still using methods that go back to the 19th Century. While tax and the paying of parking tickets have excellent citizen integration, the rest of it is still focused on the vague use of a jumbled set of numbers.
As such, for the past two years, we have been part of an amazing EU project named GLASS. Our key output is a citizen-focused and privacy-aware digital wallet which allows a citizen to share their credentials, such as their tax status, their academic qualifications, and proof of a bank account. This should further support the freedom of movement across the EU and break down the barriers that have divided us for centuries.
A core part of the e-ID system is the usage of the EBSI identity ledger, and which will store the public keys of registered entities, such as for organisations and individuals. And, a great impact from the GLASS project, is that our wallet is now compliant with the EBSI infrastructure [here]:
This will now allow us to scale up the outputs from the research project, and move towards real impact.
The EU Digital Wallet
For me, it is the EU who are blazing the way for a citizen-enabled digital world, and who have just released its final agreement for a digital wallet for every citizen [here]:
So, while EU citizens will still have the right to define their own identities (such as with their Gmail address), the root of their identity can now be defined by their e-ID. This will allow countries to harmonize their government and public sector systems, and further support the freedom of movement.
So, if a university in Berlin awards an MSc to a candidate, they could use the citizen’s e-ID in the digital award, but the greatness of the digital identity system is that the university can sign the digital award with their own private key, and which can be verified within the e-ID infrastructure. This will truly move away from our paper-based and siloed approaches of the past.
For us, we have been integrating the concept of an EU digital wallet within the GLASS project, which focuses on citizen rights and their sharing of trusted documents:
You can read the paper here.
GLASS
Last year we won an award at the Scottish Cyber Awards for the GLASS project. Behind this project is the commitment from the EU to provide every EU citizen with a digital wallet, and which can be used to link to identity credentials, such as academic qualifications, a digital driver’s licence, and so on. It is thus the core of building a frictionless world of travel across the EU and breaks down the siloed world of the past. I deeply believe in the freedom of movement for the next generation, and for them to be faced with the border and boundaries that falsely divide us.
As research should be, it brings together organisations and teams with diverse skills, including Fraunhofer, Uni Systems, University of Patras, PDM, Suite 5, EEMA, and Ubitech. Each of the partners plays their role and has a common vision of creating a citizen-centric wallet that will support the freedom of movement in the EU.
The basic concept behind the GLASS digital wallet is to support citizens to own their own digitally signed documents and to share them with others. This might relate to the gathering of tax information, academic qualifications, or proof of residency. If we take an academic award, we will thus just aim to mimic our existing paper-based information in a digital form:
Alice can then gain her academic award from a trusted signing (such as from a trusted university), and encrypt this document and link it to her wallet. When applying for a job with Bob, she can then pass it to the employer:
Overall, the digital version of her academic award will be signed with the private key of her university, and which is then proven with the associated public key. This public key will be stored on a trusted ledger (such as with EBSI):
Overall, we store the public keys of trusted organisations on the trusted ledger and move away from the PKI approach of verified public keys. We can then set up a trusted infrastructure for each EU country, and which defines the trust level on the signing for each organisation:
We can then federate the trust in registering the signing keys within a country-wide infrastructure, and where each country is responsible for the trusted registration of signing keys:
If you want to find out more, try here:
https://www.glass-h2020.eu/media
Identity
Lykidis et al [1] define a wide range of ongoing blockchain-based e-Government applications including Authentication, e-Voting, Land Property Services, e-Delivery Services, Human Resources Management, and Government Contracting. A part of these infrastructures is the integration of an identity infrastructure, and which can involve the generation of identities by a trusted authority, or where entities can control their own identity. The method of creating and controlling our own identity is known as SSI (Self-sovereign Identity). With this, we typically use a key pair, and where transactions are digitally signed using a private key, and then this is proven with a public key. The private key can then be stored in a citizen wallet, and which cannot be accessed by any other entity.
Two major global initiates which aim to harmonize the usage of verifiable credentials and wallets are: The Open Identity Exchange (OIX) and Trust over IP Foundation (ToIP). With ToIP we see a focus on decentralized digital identity projects, and where it issues global compatibility guidelines for Hyperledger Aries and Indy, and verifiable credentials [2].
The EU are now committed to rolling out a European e-ID system across the EU [here], and where each citizen should be able to use SSI to create their own wallet, and thus link this to their identity. As it is GDPR compliant, it breaks down many of the barriers that have been put in place by other national ID schemes.
Common European Framework
In 2018, 27 EU Member states, Norway and Liechtenstein signed up to the European Blockchain Partnership (EBP). This led to the creation of the European Blockchain Services Infrastructure (EBSI). There are currently four main use cases: Self-Sovereign Identity, Diploma, Document Traceability and Trust Data Sharing. Within the European Self-Sovereign Identity Framework (ESSIF) we have a trusted method of identifying citizens and thus allow them to create their own digital identity. There is thus no need for trusted third-party trust providers for identity checking. ESSIF aligns with the General Data Protection Regulation (GDPR) and the electronic IDentification and Authentication and trust Services (eIDAS).
Overall EBSI is a public permissioned blockchain and where digital credentials are stored in wallets that citizens own and control. This means that citizens have full control of their identities, and of their associated data. The blockchain does not store any personal information. Baldacci et al define that the core principles of EBSI are:
- Public Permissioned: The identity of all participating nodes must be governed;
- Decentralized: Each member should run its own node or set of nodes;
- Scalable: Support of high-throughput and high number of nodes;
- Open Specifications: EU Public License and free from IPR;
- Sustainable: Energy-efficient consensus mechanism;
- Interoperable: should foster interoperability via alignment with the work of standardization bodies such as ISO, CEN or ETSI.
In 2020, a number of proponents (DIZME, Findy, Lissi and MeineSichereID) outlined their collaboration within the Trust over IP Foundation and with a goal to focusing on achieving a European SSI Network. A key focus of their statement is related to the integration of EBSI with ToIP stack and ESSIF, and thus move towards a common single market for data across both private and public services.
eIDAS 2
At the core of digital systems is the implementation of digital signing. With this, a trusted entity has a key pair: a private key and a public key. The private key can be stored in a wallet, and then used to digitally sign transactions. The public key can then be used to prove the identity of the signer.
At the present time, qualified signatures (those in a written form) are typically seen as the core requirement for legal requirements. eIDAS aims to create both a technical and organisation infrastructure that can reach the trust levels of qualified signatures. Within an EU context, the eIDAS framework provides an enhanced method of supporting the legal requirements of digital signatures [3]. This also allows them to be compliant with GDPR regulations, along with being trusted by each of the EU members. With a digital signature, we have a cryptographic proof of the usage of the private key. eIDAS enhances this by authenticating documents created by legal persons. These are defined as electronic seals, and which confirm the existence of the document and of its origins. Overall, eIDAS does not actually define any strict rules for electronic signatures, apart from having a legal status and being admissible as legal evidence.
The definition of the eIDAS framework for an advanced electronic signature is outlined in Article 26 of Regulation (EU) No 910/2014 [here] as:
- it is uniquely linked to the signatory;
- it is capable of identifying the signatory;
- it is created using electronic signature creation data that the signatory can, with a high level of confidence, use under his sole control; and
it is linked to the data signed therewith in such a way that any subsequent change in the data is detectable.
Conclusions
If e-ID is successful it will leave the rest of the world looking old and will build new governance and economic infrastructures, and with the citizen and their rights at the centre of this. In our GLASS project, we are building on e-ID and eIDAS, and aim to create a more trusted world for e-Governance. So, why not come and join us on this amazing path to building a world focused on citizens?
I advise any country in the world to look at the plans for e-ID and eIDAS, and perhaps look to integrate with it, as it might overcome many of the barriers that we currently face in rebuilding our world of trust. I personally hope that Scotland and the UK, especially, can build bridges back into the EU, and help build the systems of our future.
It’s a grand vision and which aims to break down the things that falsely seperate us, and builds bonds for the things that bind us together … go be crazy …
We are so proud to be part of the e-ID infrastructure, and hope to further support the freedom of movement across the EU. Find out more here:
References
[1] Lykidis, I., Drosatos, G., & Rantos, K. (2021). The Use of Blockchain Technology in e-Government Services. Computers, 10(12), 168.
[2] Dizme, Position statement toward EBSI, https://https://lissi.id/about
[3] Kutyłowski, M., & Błaśkiewicz, P. (2023). Advanced Electronic Signatures and eIDAS–Analysis of the Concept. Computer Standards & Interfaces, 83, 103644.