My Key Takeaways from the Digital Identity unConference Europe
I had a great experience at the Digital Identity unConference held in Zurich a few weeks ago. It was the first time such a meeting had been held in Europe, so I wasn't sure what to expect. At Curity, we work with digital identities daily and strongly believe in the decentralized identity (DI) movement. That's why it was essential to join the discussions (and support the conference as a sponsor).
The Digital Identity unConference brought in over 150 attendees from all over. There was a good mix of private and public sector participants and people actively working on the specifications and technologies behind decentralized identities. There were many interesting conversations and exchanges of experience. Here are my key takeaways.
Questions Around Decentralized Identity Remain
Currently, the community is still trying to figure out many things. And there seem to be more questions than answers around decentralized identity. These questions aren't just technical or legal challenges but also organizational and conceptual ones. For example:
How many wallets will a user have? Will there be just one wallet provided by the government, a wallet built-in in every vendor app, or a few dozen wallets to choose from, from several vendors not related to verifiers?
Some solutions should work reliably in a 10/20/50-year perspective, like a VC representing someone's university degree. If we put data on an immutable ledger, will we be able to consume it in 50 years?
Four Hot Topics In Digital Identity
1. Verifiable Credential (VC) Revocation
Verifiable Credential (VC) revocation is an important topic that is still a big issue. It's especially problematic for credentials like a driver's license or a passport. The verifier can't rely only on the data presented by the holder and needs a way of ensuring that the VC wasn't revoked. Several solutions have been proposed, but none of them are perfect.
2. Interoperability
Interoperability is another big subject. With more and more standards in place, some groups are working on profiles that will enable products to work together more easily.
3. Trust
Trust is another big subject. The term is quite broad, and a few sessions covered it in some way. One aspect is the trust we will place in wallet vendors. For example, how do we ensure that wallets are created by trustworthy parties?
It seems like there will be quite a lot of pressure put on the wallet creator. The issuer will probably want to make sure that it issues credentials only to trusted wallets, and users should be able to trust their wallets. Then maybe verifiers will also want to only accept presentations from wallets they know they can trust.
In government environments, establishing a trust relationship can be a long and complicated process. For example, Bhutan has successfully rolled out an e-ID solution with a wallet provided by the government and an e-ID issued by the government to the wallet. They are now trying to partner with Canada to mutually recognize e-visas. They told us that the process to get their wallet trusted by Canadian authorities takes around nine months and involves, among others, opening the wallet code and sharing it with Canadians.
4. User Onboarding
Another important topic is around getting the users on board, especially when thinking beyond e-IDs provided by the government (situations where people might use the technology anyway). A phrase that came up a few times was, "How do we create a wallet my parents would use?"
Decentralized Identity Is Gathering Momentum
Overall, it feels like Decentralized Identity is gathering momentum, and it's good to be at the forefront of innovation in digital identity. Yet, we're still quite far from robust solutions that will see a lot of adoption. Also, in my opinion, we shouldn't view DI as a way of authentication that will replace every other authenticator but rather something that will be used in concrete solutions. It will be fascinating to see the developments in this space, and I'm excited to attend the next Digital Identity unConference to follow what happens.