olly - Fotolia

Netherlands investigates innovative privacy technology SSI

Dutch research organisation is looking into areas where self-sovereign identity technology could be used in society and business

Dutch research organisation TNO is investigating concrete applications of self-sovereign identity (SSI) technology to make citizens’ lives easier, and enable organisations to make considerable savings in administrative processes.

SSI offers new ways for citizens to manage their privacy, eliminates the need to log in with passwords, and speeds up transactions over the internet and in real life.

“We are investigating how SSI can be made suitable for applications,” said Rieks Joosten, senior scientist in business information processes and information security at TNO. “Perhaps the most important application is the electronic filling of administrative forms. If you want to apply for a mortgage, you need to gather all sorts of information to submit to the lender. Not only do you often have to fill in the same data repeatedly, you also need authorised documents, from your employer and the bank, for example.”

Midway through last year, the Netherlands’ national ombudsman published a report, Keep it simple, which looking at the red tape that citizens face when doing business with government departments and businesses. The report showed that such processes are often time-consuming and frustrating for citizens.

“But it is also costly for the parties who have to validate these forms,” said Joosten. “We estimate that Dutch organisations spend more than €1bn a year on validation.”

Using SSI, this can be done more efficiently and effectively in the future. Behind it lie cryptographic technologies, for instance public-key cryptography, zero-knowledge proofs and often blockchain. These technologies give the user control over which personal data is shared with whom, while the recipient can quickly verify this data electronically.

“This enables secure and efficient exchange of digital information,” said Joosten. “Parties can now get quality data that provably originates from organisations that they trust, and hasn’t been changed in transit.”

SSI can help companies to comply with European privacy legislation and save considerable costs on administrative processes. For citizens, the system saves a huge amount of time and frustration, and can prevent people from “giving up” in a complex administrative process and therefore not getting what they are entitled to. Also, they no longer have to log in with usernames and passwords.

Read more about electronic ID in Europe

  • The Dutch government should push for an electronic ID system for its citizens that works across the public and private sectors, according to a report.
  • Suppliers are reacting to the rapid adoption of digital government in Sweden with electronic ID technology that will replace passwords.
  • A regulation aimed at cutting red tape to enable a digital single market in Europe will soon be in full force, but it could present some challenges to the UK after Brexit.
  • In recent months, the fuss about surveillance revelations has distracted attention from some good work in the European Commission to try to align and push forward a harmonised electronic identity and trust services approach.

Joosten added: “You fill in a form because you want to get something, say a parking permit or a mortgage. This form is designed so that the provider can get answers to three questions. One, what do I get from you and what do you get from me? Two, do I value what I get more highly than what I give? And three, is the risk I’m taking with this transaction acceptable to me?”

This allows the provider to decide whether or not to provide what is requested, he said. “SSI adds the ability to electronically annotate the form, allowing the provider to specify which organisations it trusts to provide what data.”

The user’s SSI app can read these annotations and, after obtaining the user’s consent, gets that data from the user’s digital wallet and sends it to the provider’s web server, including electronically verifiable proofs of provenance and integrity. “So the provider obtains quality data from a source that he or she trusts,” said Joosten.

“Several ‘local’ solutions already exist that do this,” he added. “In the Netherlands, we have IRMA, in Belgium It’s Me, and similar initiatives exist in other countries. They support ‘local’ SSI markets, have their own infrastructure, their own governance and their own forms of credentials.

“It resembles how data networks worked in the early days of the internet. We had local area networks [LANs], each using its own protocol. With the advent of IPv4, it became possible to send data across different LANs, all over the world. We are looking for an SSI network infrastructure that is not owned by a single party, and does for ‘local’ solutions what IPv4 did for LANs.”

Organic growth

Although the Netherlands, Germany and Belgium are leading the way in Europe with the development of SSI research and applications, Joosten sees the necessity of collaboration. “Individual parties, large and small, need to contribute to the bigger picture,” he said. “We not only need technicians, but also visionaries and people with political and business knowledge.

“Some of them will contribute to the horizontal SSI infrastructure, others to vertical SSI markets, and still others to make it all work together, so that SSI can grow organically. We work with lots of parties in communities such as the Dutch Blockchain Coalition or Techruption, consortia such as uNLock, programmes such as EBSI/ESSIF, in events such as Odyssey.org or Rebooting Web of Trust, and others.”

Within its SSI Lab in Groningen, TNO works on components that could become part of the SSI infrastructure, integrating where possible with components that others are developing. Also, applications are being developed to support SSI marketplaces and for demonstration purposes.

“The SSI Lab is not just for TNO,” said Joosten. “It provides a safe environment for other organisations to experiment with several technologies, allowing them to experience the state of the art and build a business case for themselves. Also, the SSI Lab develops mental models and other stories for the purpose of aligning the currently different and non-interoperable ways in which people think about SSI.”

However, many technological and organisational challenges remain to be resolved before citizens, businesses and public authorities can benefit from SSI. “We need to understand exactly how different individuals and organisations will use the same technology, and what needs have to be catered for,” said Joosten. “We must provide assurances regarding the security and integrity of the various user- and business apps, that can be verified at the business level. To find answers, we work together with many other parties.”

Since November last year, the eSSIF-Lab has been launched, with European Union funding available for small enterprises and startups that want to build or improve SSI components. “The aim is to create multiple open source interoperable SSI components that are actually used,” said Joosten. “In fact, the SSI Lab is entering Europe in this way.”

Read more on Identity and access management products

Data Center
Data Management