One of the largest Dutch banks, Rabobank, is doing research on Self-Sovereign Identity using blockchain technology since 2016.
Self-Sovereign Identity (SSI) is a new model of identity that puts users at the center of the identity management process. Parting ways from the current systems of managing identity:
- – the siloed model, where each user has to undergo a new registration for each service he wants to use (and those services do not “communicate” with each other);
- – and the federated one, where users and companies “outsource” their identity management to third parties to facilitate access to services (i.e login with Facebook, Google, etc).
With Self-Sovereign Identity, users own their personal data and are always in control of the identity-based relationship established with other parties. A person holds their data on a digital identity wallet, like an app on his mobile device, and chooses who to share it with and how “much” of it to share.
This new model of identity management will considerably increase the privacy and security of personal data. Companies would not collect and store large databases of personal data that can always be under the risk of leaks, breaches, hacks or destruction (in case of physical databases).
When developing a Self-Sovereign Identity solution, one should use a common identity metasystem to create interoperability. This will enable a seamless experience for when users have to register or validate their identity across multiple platforms and services. Reducing bureaucracy and increasing the efficiency of identification processes.
The emergence of blockchain technology accelerated the possibility of Self-Sovereign Identity as blockchain unlocked the “functionalities for timestamping, the trust registry and revoking credentials.” (source)
Examples of Rabobank’s use cases, which they believe can bring “added value for the business lines, our customers and employees” are:
- – KYC: With their extensive “Know Your Customer” KYC and due diligence processes, Rabobank believes they could provide “directly verifiable data” that the customer could provide to third parties or use verifiable credentials in order to onboard new customers.
- – Mortgage: Mortgage flows require a lot of time and documents from several different sources. Most of those documents are not verifiable. Self-Sovereign Identity would allow for the direct verification of that data and the source.
- – HR and onboarding of employees: Rabobank wants their employees to be in control of their own data. Reusing “certificates or assessments they achieved or did at Rabobank everywhere else. Therefore we do projects in order to save certificates, diplomas, trainings and employment credentials”. They believe this innovative technology would “drastically improve employee onboarding times”.
Rabobank built a SSI backend for the identity issuer and the verifier. “For the issuing process, the issuer sends a challenge request to the holder – asking for a DID [Decentralized Identifier] for each credential so they can be revoked independently whilst maintaining privacy. The holder sends the DIDʼs back in the form of self-issued verifiable credentials encapsulated in a verifiable presentation. The issuer then issues credentials on those DIDʼs and sends a verifiable presentation back to the holder. The verifier uses the same process, but the challenge request has different content. So, the holder sends a verifiable presentation with credentials retrieved from the issuer in the previous step.”
We had the opportunity to have a (virtual) sit down with David Lamers, Blockchain Specialist at Rabobank, about the work his team, the “Blockchain Acceleration Lab” and the bank have been doing regarding Self-Sovereign Identity.
What are your responsibilities at Rabobank?
As Blockchain Specialist at Rabobank you have a very versatile job so my daily tasks differ a lot, which I love. The blockchain team is researching the possibilities and opportunities blockchain can offer for the different business lines within the Rabobank. So, for me it’s important to be aware of the latest developments in the blockchain space, on technical as well as application level.
My responsibilities lie mainly within the identity and real estate finance domains. Within the blockchain team, named “Blockchain Acceleration Lab” we are developing a blockchain agnostic self-sovereign identity solution for PoC and pilot goals. I’m the linking pin between the developers and the interested business lines, also I’m working on our blockchain identity strategy. We have created a list of potential applications for SSI within the bank or for our clients. All projects are collaborations with (inter)national partners since you can’t do SSI alone. Being aware of all SSI developments and startups around the world is also important to me.
What does Self-Sovereign Identity mean to you?
For me SSI is the future step in building a society where one can exchange his personal data in a safe way, creating customer friendly and frictionless processes. SSI is the next step in the evolution of (digital) identity management. This evolution is often described as movement from siloed identities, to federated identities, to user managed identities and in the future self-sovereign identity. In the SSI scenario, the end-user should be fully in control of his own data (according to the design principles of Christopher Allen) and so not having to rely on a centralized authority.
Do you remember when you first heard of SSI and what interested you in it?
After already experimenting with cryptocurrencies in 2013 I became really interested in blockchain technology in 2016. It was back then when I first read about SSI. Identity was an important topic in blockchain and players like uPort had a great vision. It was the early stage and solutions were not fully shaped. It is great to be so closely involved in the developments. Standards and protocols are much more defined, although still not fully, and we are working on an implementation. In this playing field it is still experimenting, changing and adapting, which makes it a wonderful experience and challenge.
In the field of Digital Identity, what is the question that people should be asking more but aren’t?
People should be more aware of the possibilities of digital twins. After having shifted towards semi-structured, non-cryptographically verifiable data that maybe matches the person that is in front of you (or the computer), digital twins can provide new opportunities. But that’s more for the business side. On the customer side, one should ask themselves about the sensitivity of the data they share with everyone. More and more data breaches are taking place which compose a risk to society. GDPR already requires businesses already a little more to take awareness of their customer privacy data, but customers should play a bigger role in this.
Why is Rabobank interested in blockchain technology?
Rabobank’s innovation department always focuses on the newest technologies and trends. Within the tech lab we focus on new and trending technologies like Blockchain. In the early stages it was already clear that blockchain could provide a wide range of opportunities for Rabobank. For example, we.trade which facilitates a trade platform using blockchain (already in production). we.trade provides more trust and transparency in open account trade.
How important is Self-Sovereign Identity for Rabobank and what are the key drivers for embracing SSI?
At the blockchain innovation conference our CEO Wiebe Draijer was interviewed (in Dutch). He is asked how blockchain can support the Rabobank as cooperation. He takes the example of identity, explains the principles of SSI and recalls blockchain as enabling technology. The potential value SSI can have for our business processes as well as for the societal contribution are example drivers.
What needs to be true for SSI to achieve mass adoption, and what uses cases you think will gain early traction?
In my opinion, interoperability is key. We see a wide range of initiatives and explorations, but if none is compatible with the other an adoption risk will arise. Therefore, we designed the Universal Ledger Agent (ULA) at Rabobank. This component is integrated in the app as well as verifier side and has the ability to store and verify credentials in different ledgers using different standards. This is realized with the use of plugins, an example plugin we developed is W3C verifiable credentials using the Ethereum blockchain or Sovrin.
Rabobank is developing a SSI wallet focused on HR. Can you tell us more about it?
HR Innohub is focusing on how new technologies can empower our employees. In our innovation process we do ideation games and an employee identity wallet was one of the use cases with HR on the closest horizon. They gathered a lot of interested stakeholders from other companies and educational institutions with whom we have a regular meetup. I really enjoy these meetups; everyone is really engaged and keen to deliver input. In Q4 2018 we had the first proof of concept: we integrated two educational institutions in order to deliver credentials to the wallet. We learned a lot of lessons and are now ready for the first pilot with Randstad. With the wallet, one holds all his verifiable credentials like diplomas, certificates and evaluations from issuers in an app and can share these easily with others. All are directly verifiable to improve employee onboarding and compliance and the employee is empowered with his credentials throughout his career.
What is the importance of creating an interoperable ecosystem in Rabobank’s SSI initiatives and how are you aiming to do so?
Important is that it should be possible to store different types of credentials in one wallet. In collaborations we started to face the challenge that each partner was interested in a different SSI technique/ledger. That’s why we designed the Universal Ledger Agent. In this way the consumer will not notice different techniques being used in the backend.
You wrote in your paper that you are “also looking at providing a nationwide solution with governmental partners. Together with government and banks we explore the possible setup of a dedicated entity for Self-Sovereign Identity. An important question remains who the provider should be and so the owner of such an Self-Sovereign Identity solution.” Why is that an important question?
The answer is twofold. On the one hand you don’t want to rely on a closed solution since it creates a dependency. So, an open source solution is required which is secure enough to handle your personal data. But this might create a liability towards the delivering party which can be a challenge to open source it. Also, important questions are how the key storage and recovery (backup) of verifiable credentials are implemented.
Apart from your work at Rabobank, what applications for SSI really excite you?
Personally, the most exciting use cases are the ones with societal impact. Tykn and ID2020 are great examples of how SSI can be meaningful for e.g. refugees. I’m also involved in cases for SSI within Rabobank focused on societal impact. Since they are still in the initial phase, I cannot tell you that much about it.
What are your hopes for the digital identity field in the future?
A single and interoperable digital identity being my digital twin which I can use in a safe way and is decentralized. From a business perspective I can use these to create customer friendly and frictionless processes and rely on signed, structured data from trusted sources.
Working at Rabobank, according to you how does the banking domain views SSI? Are they excited about it? Are they skeptical about it? Are they okay with losing the control over their user’s data? Are they happy with handing over the responsibility of keeping the data secure to the user’s?
At Rabobank they are very curious about the opportunities SSI can offer. There are a lot of roles a bank can take in the SSI ecosystem. We have identified the different roles and the relevant business lines are getting familiar with SSI. Rabobank is really focused on innovation and is for sure not skeptical. For instance, one of our four strategic pillars are excellent customer focus. We want to give our customers full control over their own data, and if they for instance want a verifiable credential of their wealth this should be possible. This because we are customer oriented and also see opportunities for our business processes.
We would like to thank David Lamers and Rabobank for this insightful interview and for sharing their ideas and knowledge with all of us!
Tykn is a digital identity company. We just launched Ana, a digital identity management platform that allows organisations to issue tamper-proof digital credentials which are verifiable anywhere, at any time. If you’re keen on reading more we suggest you check out our Blog. There are interviews with Daniel Hardman, Elizabeth M. Renieris, Kim Hamilton Duffy and many more. There’s also our Definitive Guide to Identity Management with Blockchain and the Ultimate Beginners Guide to Self-Sovereign Identity.