The Digital Identity Wallet ParadigmΒΆ
The Digital Identity Wallet paradigm refers to a new architecture in Identity and Access Management (IAM) that improves the privacy and grants complete control and ownership over the personal data by their owner, the users. Users possess their digital documents and determine to which actors they present these documents, with the ability to revoke the use of said documents, all while maintaining a history of their activities.
The main difference between this new approach and the traditional IAM infrastructure is that during the presentation phase there are no intermediaries between the Wallet and the Relying Party, while in the SAML2 or OIDC based infrastructure an Identity Provider is always involved, knowing which services a citizen is accessing to.
Digital identity Wallet Architectures are significant in the field of data exchange and data governance. In accordance with the eIDAS Regulation, a new digital identity paradigm is designed for European Users - be they citizens, public administrations, or companies - who want to access another Member State's services using their national authentication systems.
The main roles in a Wallet ecosystem are are listed as follow:
Issuers: parties who can issue digital credentials about a person;
Verifiers: parties who request Holders' digital credentials for authentication and authorization purposes;
Holders: individuals who own a Wallet and have control over the digital credentials they can request, acquire, store, and present to verifiers;
Verifiable Data Registries: Authorities that publish certificates, attestations, metadata, and schemes needed for allowing the trust establishment between the parties.
In this model, the credential issuer (e.g., an educational institution) provides digital credentials to the user, who can store them in their digital Wallet. The Wallet typically comes in the form of an application on the User's mobile phone.
Other key elements that characterize an SSI system include:
Privacy and control: Wallets enable individuals to maintain control over their personal data. They can choose what information to release, to whom, and for what purpose;
Security: Wallets leverage cryptographic mechanism to ensure the integrity and security of identity information. It avoids the risk of identity theft, fraud, and unauthorized access since the data remains under the individual's control;
Interoperability: Wallets promote interoperability by enabling different systems and organizations to recognize and verify identities without relying on a central authority. This allows for seamless and trusted interactions between individuals, organizations, and even across borders;
Efficiency and cost reduction: individuals can manage their own identities, eliminating the need for multiple identity credentials and repetitive identity verification processes. This can streamline administrative procedures, reduce costs, and enhance the user experience.