zurück
07/24

IDunion: Secure identity management for people, products and organizations

The IDunion research project funded by the Federal Ministry for Economic Affairs and Energy will expire at the end of 2024.

© Midjourney

On May 21, 2024, a “milestone for Digital Europe” (in German) came into force with the amended Electronic Identification, Authentication and Trust Services Regulation (eIDAS Regulation 2.0 for short). In addition to other trust services, it offers EU citizens the opportunity to use a free smartphone “wallet” with an electronic ID card and signature function across borders. 

This so-called European Digital Identity Wallet (EUdi Wallet for short) enables private individuals to manage their digital documents - from passports to driving licenses and ID cards, from health insurance cards to university certificates and concert tickets - not only conveniently via their smartphone. Citizens can also use it to identify themselves digitally and independently to authorities, educational institutions, banks or tour operators in any country of the European Union. The ID and signature function is intended to simplify and speed up administrative and business processes. As eIDAS is firmly integrated into the General Data Protection Regulation (GDPR) and the European Cybersecurity Act, data also remains protected. 

German consortium delivers technical standards 

The German Federal Ministry of the Interior (BMI) is already working on the implementation of the regulation as part of the architecture and consultation process. After all: “By 2026, all member states must have this wallet ready and make it available to citizens,” says Helge Michael, CEO and Managing Director of Lissi GmbH and consortium leader of the IDunion research project. The latter played a key role in developing the technical standards for the EUDI wallet: “Many of the technical building blocks for the EUDI wallet can be traced back to research and development activities in IDunion,” he explains. 

The original aim of the research project, which was funded by the Federal Ministry for Economic Affairs and Energy with 15.6 million euros as part of the “Secure Digital Identities Showcase” innovation competition, was to create a blockchain-based ecosystem for decentralized identity management (Self-Sovereign Identity, SSI). However, after the BMI spoke out against the use of blockchain for identity management in the Beyond EU Digital Identity Wallet discussion paper in June 2023, the project team reoriented the project: “We decided to store the data for use cases with natural persons not in a blockchain, but on various federated data stores,” explains Michael, “In principle, each provider can provide its own data store that can be checked against. This can be a traditional data center or a cloud environment, for example. The system remains decentralized.” 

The OpenID4VC protocol family will be used, which the partners have been developing since 2021 as a “small side project and possible backup solution”. The fact that the EU later integrated these protocols into the eIDAS 2.0 Architecture Reference Framework (ARF) confirms our expertise and the diversity of the approach to the technical solution,” explains the head of the research project. In order to also “promote the convergence of various projects in Germany and Europe under the eIDAS umbrella”, the partners unanimously decided at the IDunion Summit in the same year to switch to the new technical standard (note: Tech Stack 2.0). This is how “the small side project became a big project”, as Michael adds. 

Less technology exploration, more implementation?

Although this decision proved to be the right one, at least since the adoption of the eIDAS Regulation, it still presented a challenge: Since April 2021, IDunion's 15 consortium partners had already been working on use cases based on Tech Stack 1.0. Over 40 different SSI-based pilot applications in a wide range of areas have been researched in recent years: from education to eGovernment, banking, finance, mobility and health. The fact that these projects were to be converted to Tech Stack 2.0 and thus to the new eIDAS framework delayed their realization. For example, the SSI-based Smart Check-Out was technologically redesigned, says Michael. When shopping online, shipping addresses, payment details or even bonus cards can be sent to the seller simply during the ordering process, for example via a QR code on the online store's website. The payment process runs automatically in the background and the seller can verify the address data stored as verifiable credentials. Work is also underway to integrate a direct payment process into the Wallet - similar to Google or Apple Wallet.  

“We thought we would get there faster with the real applications,” says Helge Michael, describing the ‘interesting learning’, ‘but technological developments have come thick and fast in recent years’. As a result, the original plan of “less technology exploration, more implementation” had to be shelved in favor of pioneering technological work. At least temporarily. “Implementation is coming,” promises the consortium leader - and as early as the end of the year. 

The digital student ID card

TU Berlin is planning to be one of the first German universities to introduce a digital student ID card, initially as part of a pilot project with a limited number of participants,” explains Dipl. Inform. Thomas Gebhardt from the Central Facility Campus Management, Department for Identities, Integration and Innovation. The first students should be able to receive a digital ID as early as the third quarter of 2024. “In addition to the graphical representation of the ID card (normal viewing function), it will be possible to log in to the TU Berlin web portal via the wallet,” says the deputy head of department, ”it will also support the future use of other verifiable credentials and establish an infrastructure for the EUdi wallets that are coming as part of the eIDAS 2.0 regulation.” When fully operational, around 35,000 students will be able to use the digital student ID card in their mobile wallet to easily register for exams, gain access to university buildings or borrow books. They could also store their semester ticket, cafeteria card or access data for the examination platform in the digital “wallet”.

However, another pilot project has not yet been implemented at TU Berlin: The planned implementation of digital language certificates with the Moodle plugin is still delayed. Currently, students have to fill out forms in PDF format so that the ZEMS (Zentraleinrichtung Moderne Sprachen) can issue them with a language certificate. To simplify this procedure, the Service-centric Networking department, which is part of the IDunion consortium, has created a plugin for Moodle that can be used to export proof of successful participation in a language course. “With our solution, students can download their certificates independently,” explains Research Assistant Philipp Raschke from the T-Labs department, ”This eliminates the need to prepare individual certificates.” In addition, other institutions that also offer language courses and may require a certain language level for a specific course can verify these digital language certificates and automatically check whether a required language level has been certified. “This is intended to promote student mobility,” says Raschke, who is also aware of another major potential: when a certificate is presented at another institution, only certain information relevant to verification can be disclosed, while other information is not shared. The interest on the part of the ZEMS was correspondingly high. However, due to a lack of administrative staff, no pilot operation could take place until the end of the IDunion research project. 

However, this is not stopping Raschke and his colleagues from finalizing the plugin. The digital language certificate is to be published in the Moodle plugin store later this year. “Then other institutions that use the Moodle software could also issue digital language certificates using our solution,” they hope. 

From employee to library card

Other IDunion use cases are also in the starting blocks for implementation. According to Helge Michael, a “very nice prototype” was an employee ID card for DATEV - the software company for tax consultants, lawyers, companies and auditors. At the time of COVID-19, employees could only enter the office building with a negative test. “Employee ID cards in any form will come,” confirms the project manager. Library cards or municipal data cards, which citizens of a city can use to register for municipal services, obtain social entitlements or take advantage of cultural offers, could also be rolled out in the near future. The eIDAS regulation envisages that it will soon also be possible to open bank accounts using the digital identity and even use them to make payments.

DPP - Digital Product Passport

The same also applies to another application that IDunion has been working on: The Digital Product Passport (DPP). After all, it is not just people's identities that will be managed and used digitally in the future. In order to comply with the European Green Deal, goods will have to be identified in future and proof of their sustainability and circular economy will have to be provided during production. However, “the digital product passport entails strict regulatory requirements for some product groups,” says Dr. Andreas Füssler, Head of Special Projects/Topics at IDunion partner company GS1 Germany GmbH. These include batteries, toys, detergents, textiles, small electrical appliances and even steel and building materials. These “regulatory requirements have not yet been finalized.” In addition, cross-product standards and norms are needed for the DPP. Their development should be completed by 2025.  

Even before the time has come, the IDunion consortium has researched the use of verifiable credentials in the implementation of the digital product passport. “It is an important requirement for success,” says Füssler, convinced of the usefulness of the ‘pioneering project’. After all, the aim is not to reinvent the wheel in many areas, but to use the possibilities of new technologies in existing processes to gain efficiency and safety benefits. And the potential seems great, as was noted in a white paper: Verifiable evidence and secure data exchange through SSI technologies, for example, could help to increase trust in product data. This in turn would accelerate the digitization of physical documents such as digital receipts or warranty certificates. In addition, data exchange could be used both to obtain information from upstream suppliers and to provide data for consumers, customs or recyclers, for example. 

Outstanding utilization prospects

IDunion partner company Siemens demonstrates how data on the greenhouse gas emissions of products can be used with its SiGREEN CO2 management tool. This enables the management and reduction of emissions along the entire supply chain. The system has been live for two years and is actually operated on the original blockchain solution. Siemens is no exception: “The blockchain is used by some partners in the area of identities for organizations or the Internet of Things, whenever no personal data is processed,” emphasizes the project manager.  

The IDunion consortium report from 2023 states that, in general, the “prospects for exploitation increased significantly during the project period”. The adoption of eIDAS in particular gave developments an enormous boost. For example, Lissi (short for “Let's initiate Self-Sovereign Identity”) was one of the “first available ID wallets [to be published] that already support the OpenID4VC protocol family” in November 2023.

The work of IDunion “as a pioneering project in the field of digital identity and digital proofs (can) now also be implemented in a legally secure manner,” says Jonas Hammer, Compliance & Privacy Advisory at esatus AG, another IDunion member company. “This means that we can rely on official standards and legal requirements to implement the respective use cases,” he says, expecting one thing above all: ”A big leap forward for our digitalization.” 

IDunion SCE: From Germany to Europe

To enable this digitalization leap not only in Germany, but also in Europe, several project partners - including the companies Spherity and Danube Tech - founded a European cooperative (Societas Cooperativa Europaea S.C.E.) for IDunion in July 2022. Since April 2024, member companies have been able to use the IDunion SCE's distributed network to manage identity information and company data independently. “It's a democratic community,” says Michael, describing the principle. Research results and technological achievements of the IDunion SCE are not available to individual companies, but to all members on an equal footing. And not just to them: “The IDunion SCE is also responsible for transforming results into EU projects,” adds Michael. This is already the case in the EBSI-VECTOR project, the first European blockchain service for the public sector. IDunion SCE is already taking the findings of the German consortium out into the world - or at least to Europe.

 

Stories & Use Cases

09/24
Web3 meets AI at the 9. Blockch[AI]n@HTW Conference

Q&A with Prof. Dr.-Ing. Katarina Krüger, Izzat-Begum Rajan and Marleen Krüger.

© Midjourney
07/24
IDunion: Secure identity management for people, products and organizations

The IDunion research project funded by the Federal Ministry for Economic Affairs and Energy will expire at the end of 2024.

03/24
The History of Blockchain in Berlin

What made the capital an internationally sought-after hub for the blockchain community. A retrospective.