Towards digital identity wallets: with patience and through practical applications

The idea of Self-Sovereign Identity (SSI) is to provide individuals with digital identity wallets containing a number of different attributes related to their respective identities, such as date of birth, gender, academic and professional qualifications, permits, licences etc. The attributes are written to the wallet by the authorities, such as population registry for the date of birth, a university for the academic qualifications, etc. This approach allows for targeted sharing of identity data depending on what attributes are required for each transaction, thereby increasing the users’ control over their own identity data in line with the MyData and Data Sovereignty principles.

All this is of course very nice but it must be noted that the triumph of SSI is not evident and immanent despite the strong push given recently by the European Commission (see below). A lot of resources, change leadership and time will be needed to bring about the significant legislative and technical changes that SSI implementation will require. Also, the user-centric model bears inherent risk: when in full control of their own data, people may end up making bad choices and sharing their data too freely. Some kind of solution will be needed to support users of SSI wallets in making informed decisions about what data to share with whom.

Political push: the new EUid scheme

From the point of view of research and education, it is important to develop digital identification solutions that allow for cross-border identification, as students and researchers often operate and need to access services in another country than the one they’re physically based in. Therefore, we are pleased to note that the European Commission is pushing for a common European digital identification solution. If adopted, this will present a major improvement to the current eIDAS framework established in 2014.

eIDAS made it compulsory for the EU Member States to recognise each other’s electronic identification schemes but fell short of making it compulsory for Member States to notify their schemes for the other Member States to recognise. As a result, only 15 of 27 Member States have notified their schemes, thereby giving only 58 % of EU population access to cross-border identification under eIDAS. Moreover, the take-up has been mostly concentrated on public services as there is currently no obligation for Member States to make eIDs available to private online service suppliers, having led to very few Member States doing so.

The European Commission has now suggested to improve the situation by developing the eIDAS framework into an SSI-based European Digital Identity scheme (EUid) whereby all Member States would be required to notify at least one electronic identification scheme and issue European Digital Identity Wallets for their citizens, residents, businesses and other organisations. The aim is to enable trusted identification of both individuals and organisations in their digital interactions.

While the possible caveats of SSI expressed above apply to the Commission’s proposal, we welcome its intentions and want to help to make the new EUid scheme a success. We are prepared to contribute to the preparation of the EUid Toolbox with the expertise we have gained through our involvement with the development of the identity and access management frameworks of, for example, ELIXIR and Gaia-X. To learn more about our views, please see our statement on the Commission proposal and/or reach out to the authors of this blog post.

Putting it into practice: using SSI to access research data

Inspired by the proposed EUid scheme, we at CSC have started considering how SSI-based wallets could be made use of in research. If the researchers had wallets anyway, they could use them also for their professional activities.

In genomics research, a global sharing of genetic samples is crucial for high-quality research. People with different ancestry have different genes; some genomic variants are common in certain geographical regions. To develop a new drug or treatment, researchers need to have samples from several regions, commonly collected by the local researcher groups and universities. For rare disease research, sharing of samples is particularly valuable as there may be just a handful of patients suffering from the disease globally.

Sharing of genomic samples for secondary use is controlled by the research project that originally collected the samples. To get access to the samples, a researcher needs to present a data access request to the original data collector who will grant access to the data set. The researcher can then use their data access permission in any secure computing cloud or supercomputer which has a dataset copy. This introduces a challenge how the researcher is able to smoothly pull the permissions from the various sources and present them to the computing environment. The current approach relies on the federated identity management protocols.

In autumn 2021, funded by the CINECA project, CSC implemented a proof of concept on how a researcher can use SSI to collect the data access permissions from the data owners to their wallet and then use the wallet to log in to CSC’s sensitive data services to start the sample analysis. The proof of concept relies on ELIXIR AAI and REMS tool for managing data access permissions and was implemented using Evernym’s wallet and service development kit. You can watch a screencast video on the set-up and also try it yourself. A full report has been published by the CINECA project.

Satu Tuomikorpi
Author works as Senior Policy Specialist in CSC.

Mikael Linden
Author works as Senior Applications Specialist in CSC