The Emerald City Awaits: further updates on Ireland’s Digital Credentials Journey

Back on February 29th 2020 I wrote a piece promoting the idea of a credentials sharing ecosystem for the island of Ireland on behalf a voluntary, not-for-profit initiative called Emerald, formed to promote this purpose.

Infographic about Digital Identiy

We were lucky to quickly receive significant buy-in and support from individual contributors, tech business owners, large tech vendors, legal firms and “big X” consulting firms who formed our advisory and experts panel to help flesh out the mission and explore the art of the possible. The Irish Government in the form of Barry Lowry and his team at the Office of the Government CIO (OGCIO) have been stalwart supporters from day one, bought into our not-for-profit, common good driver and being largely agnostic of technology choice and vendors: simply seeking a solution that would allow participants in the economy on the island of Ireland easily exchange credentials such as passports, driving licences, birth certs, educational credentials and other ‘proofs’ in a secure, trusted digital manner.

Given the pandemic and lockdown that unfolded within a couple of weeks of that article being published all of our work went online and there are many of the contributors who signed up as volunteers to the cause who we never met in person.

Of course, the pandemic also meant that this effort while useful and game-changing in its own niche paled into insignificance alongside the fear, uncertainty and doubt, sickness and hardship as we began to experience lockdown and multiple waves of Covid. At the same time, it was good to be involved in something extracurricular during those months aimed at making a little difference in a post-Covid world.

We registered, started the Emerald Advocates LinkedIn group and our progress through the early lockdown towards producing a Blueprint was documented in ‘Further along the Yellow Brick Road’ blog post on in May 2020. During this time, we continued our engagement and promotion activity with anyone who would listen, meeting with and/or presenting to IBEC, American Chamber of Commerce Ireland, a couple of Government ministers, peer organisations in the Nordics, Canada, Australia, global payment providers: you name it, we were talking to them.

The highlight of our work over the summer of 2020 was a proof of concept/working pilot of a credentials ecosystem developed between OGCIO and Irish Life’s EXO DigitalHub using the Evernym (now Avast) Verity toolkit. This used a commercial implementation of the HyperLedger Digital Identity protocols to implement a complete ecosystem with Evernym’s Connect.Me wallet app.

Sample screenshots from the app proof of concept (used with permission of OGCIO and Irish Life)
Sample screenshots from the app proof of concept (used with permission of OGCIO and Irish Life)
Sample screenshots from the app proof of concept (used with permission of OGCIO and Irish Life)
Sample screenshots from the proof of concept (used with permission of OGCIO and Irish Life)

Towards the autumn of 2020 we found ourselves with some relatively mature technology, and a broad willingness from the state to move, subject to legislative and administrative support, towards the digital issuance of gold standard credentials but we struggled with how to fund the ecosystem. In truth a digital credential exchange would ideally operate like the national primary road system: funded as a common good. Toll roads are an option, but they add friction into transactions and also require the existence of an accounting mechanism to count credential usage that can be a death-knell for data privacy. 

What did Covid ever do for us?

Ironically given the challenges Covid presented to our collaboration, the successful launch of the Irish Covid Tracker app and the digital vaccination certificate was a great scaled test of our broad principle as it had hundreds of thousands of digital credential QR codes being scanned daily at bars and restaurants. If we had wondered whether the user experience of providing say proof of age at a bar door would work – this was the very same experience operating at scale in the wild. An idea whose time had come (albeit in trying circumstances).

Unlike our trials which used Evernym’s take on the Hyperledger Indy, Ursa and Aries frameworks to deliver a Self-Sovereign Identity (SSI) ecosystem requiring a connected network, the technology chosen by the government used a self-contained package of compressed, signed and encrypted data all contained in the QR code with tech provided by qryptal.

Sample Covid vaccination certificate (Kilkenny People)

It doesn’t have all of the safeguards of SSI but meets a lot of the functional requirements for verifiers of credentials and ease of use for credential holders and was delivered quickly and efficiently by all the parties involved. It was great to see the government open source their Covid app and see it reused in a number of locations worldwide. Well done Ireland and to all of the individuals and companies involved in making it happen! It’s also great to see Ireland punching above its weight in eHealth initiatives.

World Economic Forum

Garvan Callan has been one of the more committed volunteers in the Emerald team from day one and he had fostered an involvement with the World Economic Forum’s Digital Identity special interest group resulting in a number of useful meetings with our consortium pre-Covid. Through this route, we received significant support on mission review in early 2021 from the Global Digital Identity arm of one of the Big Five (they didn’t seek any thanks for this, but purple is their preferred branding colour) looking once again at how we might get a practical network off the ground and make it pay its way as a not-for-profit ecosystem. That evolved our thinking but funding remained elusive.

Ooh Aah Angela

As 2021 progressed we connected (again via the WEF) with a very exciting initiative in Germany. Angela Merkel’s department sponsored as large-scale SSI based deployment based on the open-source Hyperledger offerings tailored for deployment in Germany. In offline discussions we had at that time it was intended that this software would be made available on an open-source basis for deployment by other Governments (as part of a general trend toward open source Govtech). We and the OGCIO were very interested in the potential here as it would have opened up the possibility of a low cost tech solution backed by the investment of one of Europe’s largest countries and one with a very strong interest in robust data privacy: to paraphrase Sinatra – if you  could make it there, you could make it anywhere.

Sadly, with the change of government in Germany in late 2021 this initiative has taken a bit of a backseat and fallen off the radar. Wider developments in Europe may provide a clue as to why.

Could Europe provide an answer?

Europe has had the eIDAS standard for its members to support cross-border digital signatures for a number of years. In simple terms it allows each country to define a ‘means’ for their citizens to be uniquely identified and associated with a digital signature mechanism that has adequate administrative and technical protections to be usable in lieu of wet signatures. This ‘means’ then is peer-reviewed before being approved for use. It’s likely a lot more than that and to be honest sometimes it feels like you need to have a PhD to remember everything that goes on it this identity space.

Ireland has been a bit of a bystander in this work as the technical implementations were seen as a bit clunky and of limited day-to-day use by citizens “in country” so hard to justify large investment. Also, given that it is most useful among close trading partners and neighbours, Brexit had made it a little less interesting.

eIDAS is getting a revamp however! A core promise of eIDAS 2.0 is guess what? An EU-wide digital wallet standard for holding credentials of all sorts, allowing further leverage by businesses, not just government agencies. This is giving rise to initiatives like the EUDI Wallet Consortium and a discussion on that here and here. The EU issued a tender for ‘a contractor to provide services in support of the infrastructure for a European Digital Identity Wallet’ in June 2022 with planned implementation support between Q4/22 and 2023. The outcome of the tender was announced just as this draft was being finalised and signals are strong for legislative support and infrastructure testing during 2023 with a launch in 2024. This is good news.

Open Wallet Foundation

Back in September 2022 at the Open Source Summit, (in Dublin, Ireland, of all places), the Linux Foundation’s Open Wallet Foundation was announced. Its mission is to “focus on building an open-source software engine that other organizations and companies can leverage to develop their own digital wallets.  The wallets will support a wide variety of use cases from identity to payments to digital keys and aim to achieve feature parity with the best available wallets.”

Many of the more compelling technology adoptions of the last few decades have blossomed on the back of non-partisan open-source initiatives, so this is a very exciting development to see happen in the context of the EU Digital Wallet initiatives, the development of Self-Sovereign Identity technology and the rise in demand for effective, safe, digital interactions in the post-pandemic world.

Meanwhile, back at home

Back here in Ireland the OGCIO are not sitting on their laurels. On the back of the success of the technical platform beneath the Covid Vaccination certificates, and the strong support for enabling digital government, there are plans to provide opt-in access to an increasing number of credentials (e.g. birth certs, driving licences etc) via a ‘Life Events Portal’ during 2023. No doubt once the legislative and initial technical supports are put in place to expose these credentials there will be appetite to adapt this to integrate with the EU Digital Wallet and Open Wallet Foundation capabilities as they unfold. There’s little point in waiting for these to happen. And who knows? Maybe the Irish Government will repeat its success in open sourcing whatever it does in this space to allow other nations to follow in our footsteps. 

It would be great to see Ireland as a leading light in this space, which was one of the motivations of the Emerald consortium and initiative to begin with.

Where to from here?

I wrote about my first exposure to the ideas of Self-Sovereign Identity in late 2018, a little over four years ago and it’s been an interesting journey following the initial Digital Identity Summit sponsored by Irish Life, the engagement with OGCIO and the broader Emerald advisory group members and the more recent moves by the EU and the Linux Foundation. These are ideas whose time has come: it is now clearly only a question of time: one of when, not if, our ‘high value’ credentials such as passports and driving licences become as digitally accessible as we’ve come to expect of boarding passes, cinema tickets and other more transient credentials.

The folks who’ve been involved in Emerald over the last few years are excited about this evolution and are waiting patiently to promote the adoption and use of these capabilities as they arrive in (hopefully) the coming months, if not a small number of years.

It feels like a good time to say thank you to myriad supporters who have shown an interest and given of their time (particularly online during Covid) to help the journey along. Some of the long list of contributors to our blueprint activity are listed here (subject to correction).

Hopefully the next chapter in these posts will be a live pilot being used in compelling use cases on the digital and physical highways and byways of Ireland. If you think you can help accelerate the journey – reach out.

p.s. Correction and further reading suggestions welcome in the comments and I’ll edit the post as necessary. Any writings that simplify this space are most gratefully received

More Reading – a great book on all things Self-Sovereign Identity – Forbes article on the topic – lots of good blogs and commentary on SSI / eIDAS 2.0 etc from the artist formerly known as Evernym

Leave a Reply

Your email address will not be published. Required fields are marked *