The W3C Verifiable Credentials Data Model (VCDM) definition states, “a set of one or more claims made by an issuer” [vc-data-model-2.0]. On the one hand, this definition seems similar to NIST’s. However, its framing is in the decentralized versus federated model (which we will analyze shortly), and thus, to ISO’s definition of identity mapping the ISO’s attributes to VCDM claims.
+The W3C Verifiable Credentials Data Model (VCDM) definition states, “a set of one or more claims made by an issuer” [vc-data-model-2.0]. On the one hand, this definition seems similar to NIST’s. However, its framing is in the decentralized versus federated model (which we will analyze shortly), and thus, to ISO’s definition of identity mapping the ISO’s attributes to VCDM claims.
Note: Therefore, we will refer to the specific definition of credential in the various sections of the document according to the context.
These definitions introduced important concepts such as identifiers, authentication, and trust that are good to clarify.
@@ -892,27 +892,27 @@Let us proceed to examine the use cases for those organization-related identities.
We can look at organizations from different aspects. On the one hand, they can benefit from their government-issued digital identity; on the other hand, they can issue identities themselves to better manage their identification and access systems, both for people and for identities of specific services, software, or processes. To top it off, they can leverage people’s identities for greater assurance, particularly when distributed worldwide.
-Organizations can also have a digital identity and related identfiers such as the Registration Number with the government where it was opened, possibly the VAT Number if not the Legal Entity Identifier. Although the organization has an identity of its own, it operates through individuals who, in the bylaws, have various authorizations, delegations, and signing powers. Therefore, when you do any transaction, such as opening a bank account or a business transaction, you need the organization’s and the personal documentation of the various individuals involved. The use of digital identity in a wallet, with delegation managed through Verifiable Credentials, certainly streamlines the various transactions both with governments and suppliers and with customers, particularly for those aspects of global transactions where the trust relationship goes through a digital transaction and the Association of Certified Fraud Examiners (ACFE) estimates that organizations lose 5% of revenue to fraud each year [acfe-occupational-fraud-2024].
+We can look at organizations from different aspects. On the one hand, they can benefit from their government-issued digital identity; on the otier hand, they can issue identities themselves to better manage their identification and access systems, both for people and for identities of specific services, software, or processes. To top it off, they can leverage people’s identities for greater assurance, particularly when distributed worldwide.
+Organizations can also have a digital identity and related identifiers such as a registration number with the government where it was opened, possibly a VAT number if not a legal entity identifier. Although the organization has an identity of its own, it operates through individuals who, in the bylaws, have various authorizations, delegations, and signing powers. Therefore, when you do any transaction, such as opening a bank account or a business transaction, you need the organization’s and the personal documentation of the various individuals involved. The use of digital identity in a wallet, with delegation managed through Verifiable Credentials, certainly streamlines the various transactions both with governments and suppliers and with customers, particularly for those aspects of global transactions where the trust relationship goes through a digital transaction and the Association of Certified Fraud Examiners (ACFE) estimates that organizations lose 5% of revenue to fraud each year [acfe-occupational-fraud-2024].
The IAM market is thriving, with an estimated growth of 43 billion USD in 2029 [statista-identity-and-access-management]. Such systems enable an employee’s identification, authentication, and authorization on the organization’s platforms according to assigned roles and responsibilities. Decentralized identities enable an additional approach, such as Bring Your Own Identity (BYOI), where users can use their identity to interact with corporate assets and not just for human resource management practices.
-Digital Transformation has been a trend for several years and has played a crucial role, particularly in the Workforce, during the COVID-19 pandemic. Organizations could decide whether to stop operations or change as far as possible by digitizing and enabling remote work. This transformation made it clear that looking into the global workforce is possible.
-The fact is that, net of a further trend in the last year of "back to the office", remote workers are estimated to be 67 percent in the technology industry, and this approach is preferred by 91 percent of workers [statista-work-from-home]. In a global context, digital identities can help register employees and contractors by verifying their identities and qualifications, which is particularly challenging for a global workforce. This can speed up hiring, employee management, and other HR processes.
+The IAM market is thriving, with an estimated growth of 43 billion USD by 2029 [statista-identity-and-access-management]. Such systems enable an employee’s identification, authentication, and authorization on the organization’s platforms according to assigned roles and responsibilities. Decentralized identities enable an additional approach, such as Bring Your Own Identity (BYOI), where users can use their identity to interact with corporate assets and not just for human resource management practices.
+Digital transformation has been a trend for several years and has played a crucial role, particularly in the workforce, during the COVID-19 pandemic. Organizations could decide whether to stop operations or change as far as possible by digitizing and enabling remote work. This transformation made it clear that looking into the global workforce is possible.
+The fact is that, net of a further trend in the last year of "back to the office", remote workers are estimated to be 67 percent in the technology industry, and this approach is preferred by 91 percent of workers [statista-work-from-home]. In a global context, digital identities can help register employees and contractors by verifying their identities and qualifications, which is particularly challenging for a global workforce. This can speed up hiring, employee management, and other HR processes.
Although applications with identities linked to individuals are the most studied cases and are delicate to handle, identities also find fertile ground in the supply chain and IoT world, which are decentralized and distributed by nature.
-Although applications with identities linked to individuals are the most studied cases and are delicate to handle, identities also find fertile ground in the supply chain and IoT world, which are decentralized and distributed by nature.
+A particularly common and interesting scenario is the use of identities and the identification of physical assets and other organizations in the supply chain as well as in end-user services:
Import-export markets: the "cost of trade" tends to double the cost of a good when it is exported, creating significant barriers to entry, even for small and medium-sized enterprises (SMEs) [edata-verifiable-credentials-for-cross-border-trade]. Digital Identities for other organizations and goods can support the traceability of the supply chain, especially when there are certifications related to sustainable production.
+Import-export markets: the "cost of trade" tends to double the cost of goods when exported, creating significant barriers to entry, even for small and medium-sized enterprises (SMEs) [edata-verifiable-credentials-for-cross-border-trade]. Digital Identities for other organizations and goods can support the traceability of the supply chain, especially when there are certifications related to sustainable production.
Counterfeit-prone markets: such as luxury goods. Proving that the physical good has a proper digital identity and demonstrating the ownership of its Digital Twin in the form of a credential issued by the producer can benefit the end-user and mitigate fraud.
+Counterfeit-prone markets: such as luxury goods. Proving the physical goods proper digital identity and demonstrating the ownership of its Digital Twin in the form of a credential issued by the producer can benefit the end-user and mitigate fraud.
Identifying physical goods presents unique challenges, such as associating the physical good with the credential. Some solutions include using barcodes, DNA fingerprinting of agricultural products, and radio frequency identification (RFID).
-In "Self-Sovereign Identity" [self-sovereign-identity], we find an interesting pilot project in the Energy Sector initiated by the Austrian Power Grid (APG) and Energy Web Foundation (EWF) to enable small and medium-sized devices called Distributed Energetic Resources (DER), to participate in frequency regulation of the national power grid [distributed-energy-resources-for-frequency-regulation]. This response to the UN’s Sustainable Development Goal 7 "Ensure access to affordable, reliable, sustainable and modern energy for all".
+Identifying physical goods presents unique challenges, such as associating the physical goods with their credentials. Some solutions include using barcodes, DNA fingerprinting of agricultural products, and radio frequency identification (RFID).
+In "Self-Sovereign Identity" [self-sovereign-identity], we find an interesting pilot project in the energy sector initiated by the Austrian Power Grid (APG) and Energy Web Foundation (EWF) to enable small and medium-sized devices called Distributed Energetic Resources (DER), to participate in frequency regulation of the national power grid [distributed-energy-resources-for-frequency-regulation]. This response to the UN’s Sustainable Development Goal 7 "Ensure access to affordable, reliable, sustainable and modern energy for all".
The challenge is that the transmission grid must maintain a consistent frequency to function properly. Power plants typically coordinate to adjust the input frequency in response to changes in energy consumption. However, this becomes particularly complex when integrating small and distributed devices.
It is necessary to identify small devices correctly to avoid issues throughout the network. Verifiable Credentials are present within the devices' operating systems to ensure the IAM aspect, as well as DIDs to identify them correctly [energy-web-credentials-overview].
*Manufacturer, vendors and workshops *: Tracking maintenance and service history.
Governmental Entities: Registration and tax payment.
+Governmental entities: Registration and tax payment.
Owners and Users: Ownership verification and usage rights.
+Owners and users: Ownership verification and usage rights.
Road Infrastracture: Toll payments and other interactions during use.
+Road infrastracture: Toll payments and other interactions during use.
Insurance Companies: Policy management and claims processing.
+Insurance companies: Policy management and claims processing.
It could also be opened and closed directly through the owner’s Wallet, making the car a Verifier during unlocking and a Subject in the owner’s wallet.
This illustrates the utility of IoT identities and credentials, and their integration with governmental and human identities [self-sovereign-identity]. For example, when buying and selling a used car, several elements must be verified, such as:
@@ -948,11 +948,11 @@In the past, individuals were known and acknowledged based on their physical attributes and voices, particularly in small, close-knit communities where mutual familiarity prevailed. Within such contexts, the establishment of trust among acquaintances served as an effective means of identification.
Note: Notably, the assurance of our identity in the social realm often relies on a third party, such as society as a collective entity or directly through government authorities.
-Up until the 1700s-1800s, when there was a lack of direct knowledge between the parties (and thus trust), such as when traveling, to identify oneself, it began to be necessary to present credentials issued by a trusted third party, such as a government, in the form of a paper with written information proofed by the authority.
Note: A particularly well-known example of textual credentials is the first driver’s license, issued in 1888 to Karl Benz so he could use his experimental car [how-might-driver-licensing]. It was a paper signed by the local authority (a trusted party), which was required after neighbors complained about noise generated by his driving, so not for identifying himself.
These credentials are issued by a trusted entity (e.g., a government), carried or presented by the person in question (e.g., the user with a passport), and then verified by those in charge to authenticate (e.g., the border police) and provide something (e.g., permission to cross the border).
Even then, there were security problems: on the one hand, counterfeiting—which was mitigated by using stamps, seals, or special paper—and the use of documents by persons other than the one for whom the document was issued, which was mitigated by including a written description of the owner’s facial features to bind them to the document as photography had not yet been invented.
-The first documented use of photography for identification was in 1876, thanks to the photographer William Notman, who had used photographs to identify workers and guests at the Centennial Exposition in Philadelphia [the-world-of-william-notman].
However, government-wide use was introduced only in 1915 after the U.S. government discovered that a German spy was using a U.S. passport because he had physical characteristics similar to those described in written words in the passport and could talk in English [how-have-passport-photos-changed-in-100-years].
Note: The primary purpose of photography is to associate the passport with the individual to whom it was issued. It is essential to ensure that only the legitimate holder of the credential can utilize it.
-As the technology evolved, the idea was to use machines to help read the documents. This would speed up the verification process. But it was necessary to make the documents easy for machines to read.
-To address this, particularly for travel documents, ICAO began working on machine-readable travel documents in 1968, and in 1980 , it published Document 9303, which contained the specification of a machine-readable code to be printed on documents [doc-9303]. It is the code with many "<"s in our passports and on some ID cards.
As an evolution, in 1998, Doc 9303 also included biometric information transmitted via RFID technology. Nowadays other machine-readable techniques include barcodes and QR codes.
+To address this, particularly for travel documents, ICAO began working on machine-readable travel documents in 1968, and in 1980, it published Document 9303, which contained the specification of a machine-readable code to be printed on documents [doc-9303]. It is the code with many "<"s in our passports and on some ID cards.
As an evolution, in 1998, Document 9303 also included biometric information transmitted via RFID technology. Nowadays other machine-readable techniques include barcodes and QR codes.
Note: ISO endorsed this document through ISO/IEC 7501-1, making the role of Standard Development Organizations (SDOs) particularly important for interoperability in this field.
-While these practices have certainly sped up reading and verification in physical contexts - when the verifier has access to the original physical document, they are inefficient if used in a digital context, in particular when the verifier has no access to the original document as the physical credential is scanned or photographed and its file is used.
A classic use of government-issued documents on the Internet and the Web is enrollment in financial services.
The user must indeed provide these documents. At the same time, the financial service provider must verify that they comply with Know Your Customer (KYC) and Anti-Money Laundering (AML) practices to Counter the Financing of Terrorism (CFT).
Then, the user photographs or scans the documents (rendering ineffective the anti-counterfeiting measures inherent in the physical document) and themself (to bind with the document) and sends these files to the financial provider.
Often, the financial provider delegates the process to specialized companies that use Machine Learning and manual control to verify the information.
-TThus, we have at least two problems: the entire document is sent to different places, making a data breach more likely, and Machine Learning systems often analyze it. The problem is well described in "AI & the Web".
+Thus, we have at least two problems: the entire document is sent to different places, making a data breach more likely, and Machine Learning systems often analyze it. The problem is well described in "AI & the Web: Understanding and managing the impact of Machine Learning models on the Web".
Moreover, an additional privacy concern is inherent in this use case - which applies even when the document is used physically. Even if the user uses the document for a specific reason (e.g., proof of address or proof of age), they must send the whole document, thus showing more information than is needed for the specific verification, violating the privacy principle of data minimization.
-Governments and regulatory bodies have also stepped up to issue digital credentials for citizens. Each government has made its own architectural choices and can offer different services, from centralized or federated authentication to decentralized identities giving citizens a wallet to hold one’s digital credentials.
Below is a short list with some implementation examples:
@@ -1017,14 +1017,14 @@Full Credential: It is possible to send the full credential since it also contains the date of birth, from which the verifier can derive the age. This doesn’t meet the principle of Data Minimization, though, as I’m sending a lot of other information that can be misused and make us traceable.
+Full credential: It is possible to send the full credential since it also contains the date of birth, from which the verifier can derive the age. This doesn’t meet the principle of data minimization, though, as a lot of other information is sent which can be misused and make us traceable.
Selective Disclosure: If only the date of birth is submitted, we still have a minor data release, as the verifier is interested not in the date of birth but in whether the person is of age. If the credential provided supports this privacy feature, which allows us to send individual attributes/claims, we can send only the date of birth, by which the verifier can derive the age. It certainly improves the situation concerning Data Minimization, but it does not solve it totally. To overcome this problem, some credentials have specific attributes with boolean values to present that our age exceeds a certain value (e.g., 16, 18, 21).
+Selective disclosure: If only the date of birth is submitted, we still have a minor data release, as the verifier is interested not in the date of birth but in whether the person is of age. If the credential provided supports this privacy feature, which allows us to send individual attributes/claims, we can send only the date of birth, by which the verifier can derive the age. It certainly improves the situation concerning data minimization, but it does not solve it totally. To overcome this problem, some credentials have specific attributes with boolean values to present that our age exceeds a certain value (e.g., 16, 18, 21).
Range Proof: If we send the verifier the boolean result of a computation related to the value of a specific attribute (e.g., the verifier asks us if we are older than 21 years old, and we send the result of the computation on the date of birth).
+Range proof: If we send the verifier the boolean result of a computation related to the value of a specific attribute (e.g., the verifier asks us if we are older than 21 years old, and we send the result of the computation on the date of birth).
The problem is that, even in the last two cases, we can present potentially linkable information to us or our issuer, which the verifier can use to make correlations. For example, it is necessary to decouple the signature from the signer and not use the same identifiers in different sessions.
-Conversely, the verifier will have to somehow prove that he or she performed the age verification, which further complicates the matter.
+Conversely, the verifier will have to somehow prove that they performed the age verification, which further complicates the matter.
Therefore, even in a scenario that may seem trivial, it requires extensive study.
Suppose threats cannot be managed at the technology level. In that case, they should be managed at the governance level, for example, by banning certain uses or removing features that are not technically possible to mitigate the threat. Two-way communication between governments, SDOs and implementers is therefore needed.
Several individuals contributed to the document. The editor especially thanks Pierre-Antoine Champin, Andrea D’Intino, Giuseppe De Marco, Heather Flanagan, Ivan Herman, Philippe Le Hegaret, Tommaso Innocenti, Ian Jacobs, and Denis Roio.