Project Coordinator (EU) :
Danube TechCountry of the EU Coordinator :
AustriaOrganisation Type :
SMEProject participants :
Danube Tech (EU):
- Markus Sabadello (CEO, background in standards development and EBSI/ESSIF infrastructure, https://www.linkedin.com/in/markus-sabadello-353a0821/) – project coordinator, planning of narratives and technical infrastructure on the EU side.
- Bernhard Fuchs (Full Stack Engineer, background in DIDs and DID resolution, https://www.linkedin.com/in/bernhard-fuchs-66aa0414b/) – setting up frontend demo web sites on the EU side.
- Azeem Ahamed (Software Engineer, background in DIDs/VCs and EBSI/ESSIF infrastructure, https://www.linkedin.com/in/ahamed-azeem-b5171594/) – developing backend components for creating DIDs and issuing/verifying VCs on the EU side.
Digital Bazaar (US):
- Many Sporny (CEO, background in standards development, https://www.linkedin.com/in/manusporny/) – project coordination, planning of narratives and technical infrastructure on the US side.
- Adam Lake (Business Development Lead, https://www.linkedin.com/in/adamlake-7a20931b/) – project coordination and dissemination activities.
- Ganesh Annan (Product Manager, background in DIDs/VCs and US DHS SVIP infrastructure, https://www.linkedin.com/in/ganeshannan/) – developing frontend and backend components for creating DIDs and issuing/verifying VCs on the US side.
State of US partner :
VirginiaTransatlantic SSI Interop
Experiment description
The concept behind this experiment was to demonstrate interoperability in the area of the emerging Self-Sovereign Identity (SSI) concept, building on top of infrastructures that are being developed in the US and the EU. SSI is clearly emerging as a next-generation paradigm for digital identity that enables independence, privacy, security, and human dignity for individuals, as well as new opportunities for digital identity of organizations and things. This approach is based on inherently decentralized architectures that eliminate dependencies on centralized authorities.
At the moment, many SSI projects and initiatives are being built across the world, but each project in each country and each industry is essentially being designed and deployed in an isolated manner, not paying much attention to how to interact with other related efforts. This stands in strong contrast to both the ideology of SSI and its foundational technical building blocks such as Decentralized Identifiers (DIDs) and Verifiable Credentials (VCs), which have been designed for interoperability across both technical and political boundaries. Just like on the Internet itself, everyone should be able to communicate with everyone else independently of their location, service provider, and software, so should the various global SSI projects connect seamlessly into a single network fabric, instead of working on isolated structures that only fit limited use cases for a limited audience.
In this project, we conducted an experiment that connects SSI infrastructures in the US and the EU, and we demonstrated that decentralized digital identity based on open standards can be globally interoperable and connected. To achieve this, we built upon existing infrastructures and use case narratives that have been developed in the US and the EU.
Impacts :
Impact 1: Enhanced EU – US cooperation in Next Generation Internet, including policy cooperation.
We have communicated our work to representatives both of the US Commission and of the US Department of Homeland Security. We believe that our concrete initiative will help to inspire cooperation, including on the policy level. On 15th September 2021, a panel on the topic of “Choice and Global Interoperability” took place between representatives of the EU, US, and Canada, to discuss deeper collaboration on the topic of decentralized digital identity: https://www.dhs.gov/science-and-technology/svip-demo-week
Impact 2: Reinforced collaboration and increased synergies between the Next Generation Internet and the Tomorrow's Internet programmes.
We are not familiar with the Tomorrow’s Internet programmes, but believe that the technologies used in this experiment (DIDs and VCs) will be fundamental building blocks for many future digital infrastructures and applications.
Impact 3: Developing interoperable solutions and joint demonstrators, contributions to standards.
We succeeded in developing and deploying our experiment, which demonstrates concrete interoperability based on W3C standards. The fact that the experiment was developed jointly by different companies on different continents is unique and useful for the wider SSI community. We have produced concrete test data structures for the experiment, including DIDs and VCs. Also, both the US partner Digital Bazaar and the EU partner Danube Tech are heavily involved in standardization processes at W3C and other organizations such as DIF.
Impact 4: An EU - US ecosystem of top researchers, hi-tech start-ups / SMEs and Internetrelated communities collaborating on the evolution of the Internet
This experiment has helped us deepen our pre-existing collaboration with our US partner Digital Bazaar, and also allowed us to further involve other start-ups and SMEs, through existing communities such as ESSIF-Lab and the Silicon Valley Innovation Program.
One particularly exciting development was that a key member from the Digital Bazaar team (Ganesh Annan) visited us in Vienna at the end of November, which gave us the opportunity to work closely with him for several days. This allowed us to proceed with our experiment with increased productivity, and will also generally be advantageous for the collaboration of our two companies, and the SSI community in general.
During this week, we had several joint conference calls, including one with representatives of our EBSI4Austria partners, the Graz University of Technology and Vienna University of Business and Economics, to discuss topics around digital wallets and technical specifications such as CHAPI, OpenID Connect, WebKMS, and Encrypted Data Vaults. We also discussed ongoing SSI community topics such as JSON-LD contexts, different cryptographic proof formats, and different approaches to distributed ledgers. Another very important topic was the creation of test suites for VCs, especially for the digital diploma use case.
After that in-person visit, we had an additional follow-up call on 13th December 2021 in which we further discussed technical topics as well as future opportunities for more extended international collaboration.
Results :
In this experiment, we demonstrated interoperability of experimental decentralized identity infrastructures in the US and EU. On the US side, our partner Digital Bazaar has set up infrastructure for issuing digital Permanent Resident Cards, as envisioned by the US Department of Homeland Security’s (DHS) Silicon Valley Innovation Program (SVIP). In the EU, we issued digital diplomas using the pre-production European Blockchain Service Infrastructure (EBSI). In the experiment, we successfully showed how the US- and EU-issued digital identity credentials can be exchanged between the two sides.
In the US DHS SVIP program, a key narrative is about a French citizen named "Louis Pasteur", who wants to immigrate to the US. He obtains and uses a digital US permanent resident card (PRC) as well as various other credentials (e.g., vaccination, employment, age, citizenship, etc.).
In the EU's EBSI/ESSIF ecosystem, one narrative involves "Eva", a young Belgian student. She wants to study and work in different EU member states and obtains a digital diploma credential from a European university.
Both use cases are also described in more detail in the W3C DID Use Cases document (see "Digital Permanent Resident Card" and "Public authority identity credentials").
In this experiment, we developed and demonstrated a combined story that involves narrative and technological elements from both sides. Digital Bazaar implemented the US side of the experiment, while Danube Tech implemented the EU side, and we reused components that we have already developed during the US DHS SVIP program as well as the EU EBSI/ESSIF Early Adopter program.
We demonstrated the following two combined narratives:
Narrative 1: Eva studies in the EU, then wants to work in the US:
Eva is a student at the Graz University of Technology (Austria), which is a "Trusted Issuer" within the EBSI/ESSIF ecosystem. After graduating, Eva visits the university website to obtain an EU digital diploma VC. The university website issues the EU digital diploma VC. |
|
Eva now wants to work in the US and apply for an H1B visa. During the application process, she presents the EU digital diploma VC to a USCIS website in order to prove her qualification. The USCIS website verifies the EU digital diploma VC and performs some additional steps. After successful application, the USCIS website issues a visa to Eva. |
Narrative 2: Louis Pasteur is a permanent resident in the US, then wants to go back to the EU for PhD studies:
Louis Pasteur goes through the process of obtaining a US permanent resident card VC from USCIS. He may also obtain other VC (e.g., vaccination VC, employment VC, etc.) |
|
After working for a few years in the US, Louis wants to return to Europe to pursue a PhD study program at the Vienna University of Business and Economics (Austria). During the application process, he presents the US permanent resident card VC as proof of his identity to the university website. The university website verifies the US permanent resident card VC and performs some additional steps. After successful application, Louis can begin the PhD study program. |
In order to concretely demonstrate these narratives, we set up the required technical infrastructure for the experiment and have achieved the following results:
- Digital Bazaar has deployed an instance of their “Veres Wallet” that we used for the experiment:
- Danube Tech has updated the Decentralized Identifiers (DIDs) that will be used on the EU side of the experiment.
- The DIDs did:ebsi:FqiyP831qX5xUD66CCAKMDs225QNb9Sp3UHvbJ9tSDn6 and did:ebsi:51rzpDXXCtKExG47boFBahAgd2dtfAZbQxMHM17mYKoq have been changed to did:ebsi:zuoS6VfnmNLduF2dynhsjBU and did:ebsi:z23EQVGi5so9sBwytv6nMXMo, due to updates to the underlying EBSI APIs.
- https://github.com/danubetech/ebsi4austria-examples#dids
- Digital Bazaar has confirmed that they are able to resolve DIDs from the EU side, using the EBSI infrastructure.
- Digital Bazaar has added support for the EBSI digital diploma JSON-LD context to their wallet:
- After discussions with Digital Bazaar, Danube Tech has updated the type of verification methods used in the DID documents on the EU side of the experiment. While previously we were using EcdsaSecp256k1VerificationKey2019, we are now using JsonWebKey2020.
- Danube Tech has deployed demo websites for the EU side of the experiment, based on the ones that have already been used in the EBSI4Austria project:
- https://tugraz.ngiatlantic.danubetech.com/ for the VC issuer in Narrative 1.
- https://wuwien.ngiatlantic.danubetech.com/ for the VC verifier in Narrative 2.
- Digital Bazaar has deployed demo websites for the US side of the experiment, based on the ones that have already been used in the DHS SVIP project:
- https://uscis.ngiatlantic.veres.app/ for the VC issuer in Narrative 2.
- https://uscis-2.ngiatlantic.veres.app/ for the VC verifier in Narrative 1.
- Danube Tech and Digital Bazaar have collaborated on concrete example data to be used as the actual content of issued VCs (e.g. name, date of birth, etc. of a student for the digital diploma VC).
- On the EU side of the experiment, this example data is based on example VCs we have been using previously in the EBSI4Austria project: https://github.com/danubetech/ebsi4austria-examples#verifiable-credentials
Future Plan :
This experiment has been extremely useful insofar as it showed interoperability not only between different vendors and across different use cases, but also between different continents and jurisdictions. We are convinced that this will become much more important in the next year, when SSI will continue to grow and attract more interest. Global interoperability will have to become a “default assumption” rather than an afterthought in every SSI initiative, and we hope that this experiment will serve as a blueprint for future similar activities. Danube Tech and Digital Bazaar are committed to continuing work in this direction, together with our friends and partners in the wider SSI community.