Digital identity and opening up the smartwallet

When an 80 year-old relative asks you how she can use her phone to both pay for shopping and get her supermarket loyalty points, like her friends do, you know that digital wallets are a success. And they’re not just for payments, either – as well as several different ‘loyalty’ cards, I can also use mine as a library card, a vaccination certificate and a bus pass, for example.

So why, when we already have Apple Pay, Google Pay, Samsung Pay and a few others, has the Linux Foundation set up the OpenWallet Foundation, or OWF? Surely we don’t need yet another one?

Well, maybe we do – and potentially not just one. For a start, those wallets I just listed are all tied to devices. But the aim of the OWF is not to actually build wallets, but to facilitate the process and promote interoperability by building a new shared toolkit and engine – open source, of course – that others can then use as the foundation of smart digital wallets.

Key to all of this is remembering the non-payment aspects. If you have a physical wallet – or purse – today, the chances are that, alongside the payment and loyalty cards, it also contains at least one verified identity. Perhaps it’s your driving licence or national ID card, or maybe it’s a company keycard or a card to access government services.

Payment ‘cards’ vs identity ‘cards’

It’s unlikely, however, that any of those will be in your digital wallet. Even if you do have them in digital form, they’ll probably be in a ‘wallet’ (or ‘digital vault’) of their own. The digital wallets we have today are fine for payment cards and anything bearing a QR or bar-code, but not much else. Plus, they are typically tied to a single device or service provider.

Yet looking forward, smart digital wallets – smartwallets – will be much more about the broader world of digital identity, of keys and credentials, not just about payment. Digital credentials are becoming ever more important to the functioning of the Web and the Internet more generally. If the decentralised, blockchain and token-based concept that its proponents call Web3 ever takes off, digital identity will be a critical component of it – and for digital ID to succeed, we need smartwallets.

There’s a whole lot more to work on behind this, of course, such as federated identity and decentralised identity. A big part of this is to control how much the identity provider and the identity requester (the ‘relying party’) know about each other. For example, you may have very good – and legal – reasons for wanting to know exactly what the requester is asking for, and for not wanting the ID provider to know what service you’re requesting for.

Connected to this is the difference between authorisation and identification, which has important privacy and security ramifications. To put it simply, it’s the difference between your smartwallet proving one key thing – that you are over 18, say, or are qualified to work in this regulatory environment – and you having to reveal your name, address and date of birth. Authority and/or ID as a token, if you like.

The growing need for portable digital ID

Anyway, an essential part of making a smartwallet ecosystem work is portability and interoperability, which is where it makes sense for someone such as the OWF to pull all this together. We don’t need another standards body – most of the necessary standards already exist or are under development.

But while an open-source smartwallet toolkit and engine should go a long way towards reducing complexity and risk, enhancing portability and interoperability, and generally opening the smartwallet opportunity to a broader range of players, it is not enough.

What’s needed is as much governance as technology. And as well as trust frameworks, policy management and so on, part of that governance will be to build in digital rights and ensure that the user is in control of their own data. In the past, technologists, businesspeople and politicians have not always been good at understanding the ramifications of privacy and digital rights. Let’s hope the OWF can help fix that for the future.

Data Center
Data Management