Any company that wants to have a current account in a bank must provide the entity with a copy of the legal representative's ID card. If the company has accounts in other banks, it must provide this copy to each one, multiplying the paperwork and security risks, as this documentation is exposed many more times to a possible theft of information. This is what happens today, but imagine a scenario in which the company does not have to provide any physical or electronic document, but simply allows the bank to access the ID number through its wallet, a kind of digital wallet. This same mechanism would be used, for example, to carry out the procedures to become a supplier to a business or for tenders in public administrations. Behind this system is the sovereign digital identity, known as Self Sovereign Identity (SSI).
With this model, the person or company becomes the owner of their digital identity and, therefore, of the credentials that make it up. By credentials we mean any identifying data, such as a DNI or NIF number, a driving licence, a university degree, a professional qualification or a bank account. Think, for example, of a person who must prove that he or she is of legal age. With this system, it is not necessary to provide the DNI with all the personal data it collects, but a verifiable credential (VC) in which an administration confirms the age of majority while preserving the privacy of the data.
This represents a 180-degree change towards a decentralised model, as right now we are giving data to technology companies every time we access their services. We log in to Amazon, for example, with Google's password, and so on across multiple services, so we give our CV to LinkedIn, our shopping history to Amazon, and our viewing history to Netflix. This is precisely what the EU wants to avoid with its digital identity project.
Roles and data flows
The aim is for companies and individuals to own their credentials and decide with whom they share data. The European project aims to make the mobile phone like the wallet where we carry all our documents. It will be available to all EU residents and businesses, but its use will be voluntary and will not replace electronic ID cards.
«We will be able to decide how much of our information we want to share, with whom and for what purpose. It is a unique opportunity to deepen what it means to live in Europe and to be European»
How is digital identity built?
This European digital identity framework is based on the European Self-Sovereign Identity Framework (ESSIF), which is the European proposal for sovereign identity and is one of the four use cases of the European Blockchain Services Infrastructure EBSI, launched in 2019 by the member states and the European Commission, to improve cross-border services, mobility and reduce the environmental impact of paper and transport, in addition to complying with European privacy and data protection regulations. In turn, all these projects are based on the eIDAS regulation that governs the basis for electronic identification, authentication and certification on websites in the European Union and which already includes the concept of "verifiable credentials" for which the World Wide Web Consortium (W3C) has defined a standard.
By 2030, 80% of citizens will be using an e-ID solution, according to EU estimates.
Member states now have until September 2022 to work on the design of the architecture and technical standards. The idea is to start testing pilot projects in the same year. In parallel, many countries are considering projects to implement eGovernment solutions, also building on initiatives that have been developed in recent years with a view to the uses of the ISS.
Benefits of digital identity
Alastria ID, an SSI model designed to be legally binding
In Spain, the multidisciplinary consortium Alastria, of which Cuatroochenta is a partner, has collaboratively developed Alastria ID, a technical model of digital identity based on international standards, which aims to take advantage of the capabilities of blockchain and SSI. The company 4TIC, acquired in 2020 by Cuatroochenta, collaborated on this project for two years, together with other firms such as Everys, Inetum, Grant Thornton, Deloitte and Santander. Specifically, it participated in the development of a testing platform so that any company wishing to use the Alastria ID environment could self-verify that its system complied, at a technical level, with the bases defined by the consortium.
Through an app, "users will have control over the transactions associated with their identity and will be able to access different services". This protocol has become a benchmark, both in Spain and in the rest of Europe. Alastria ID will be deployed as one of the basic applications of the consortium's blockchain infrastructure. Of the 126 nodes that make up the regular Alastria blockchain, one is installed in Cuatroochenta.
Blockchain, the key to digital identity
Although SSI is a model that has been in use for a couple of decades, the emergence of blockchain technology has given it a big boost. Every issuance or verification of a credential is recorded on the blockchain. Nowadays, it is difficult to find technologies that have such an advanced regulatory adoption, in fact, the technological development of digital identity goes hand in hand with regulation and in Spain the Spanish Association for Standardisation, UNE, has already published the first global standard on decentralised blockchain digital identity.