E-ID based on SSI – Needs for regulatory support

On time for the end of 2021, as planned, Federal Council has announced on Dec 17th their decision in regards to the future direction of E-ID implementation. This decision is a result of the public consultation that has started with a publication of their discussion paper “on a traget vision for an e-ID” and culminated with a conference on October 14th.

DIDAS community welcomes the decision wholeheartedly and applauds the commitment to orient the implementation of the future E-ID system based on SSI principles with the focus to enable the so called “ambition level 3“, as it was called in the discussion paper.

In the selected implementation variant, based on SSI, a decentralised solution architecture is highlighted, which focuses on maximum protection of privacy.

In “ambition level 3, the aim is enable the usage of various E-ID attributes not just for eGovernment use-cases, but also in the other sectors, as a building block, in order to generate maximum added value for the population of Switzerland. This “level of ambition” clearly goes beyond the creation of the E-ID and aims to build an ecosystem of (business-domain) ecosystems in which, in addition to the E-ID, other verifiable credentials can be exchanged securely and reliably.

In such an implementation scenario, the E-ID plays an important role, but it is only part of the puzzle. In this blog post, we would like to provide a practical guidance, expressing consolidated, expert postion of our members, regarding the regulatory requirements that must be created for an effective and efficient implementation.

First, let us consider the following roles in the SSI model: “Holder“, “Issuer & Verifier“, and “Decentralised Trust network“:

Holder: Central to the success of an SSI-based E-ID ecosystem is low-threshold access to suitable wallets. We assume that a market will develop a suitable solution here. For use as a carrier of the E-ID data or attributes, minimum requirements for the wallets or certification processes should likely be specified by the state.

Issuer & Verifier: In many sectors, operational or technical standards already exist for the exchange of credentials. Some of these are based on regulatory requirements, but in many cases they are sponsored and developed by organisations coming from the relevant sector itself. These already existing structures should be reused and, if deemed necessary, adapted or expanded so that they can leverage a common trust network. This may require amendments to the regulations of individual sectors. Here, the creation of an enabling conditions for harmonisation and compatibility with the overarching LEI framework should be strongly considered, with the goal to support international interoperability. This point explicitly refers not only to the E-ID or the eGovernment sector (“ambition level” 1 or 2), but to the entire ecosystem according to the “ambition level 3”.

Trust network: The trust network is the common basis for the secure exchange of credentials between all the actors. This can be done on the basis of a blockchain, for example, but other possibilities are also conceivable. There is a clear need to clarify governance in terms of state supervision, as well as technical and operational standards. The development of these standards, but also the performance of operational tasks, such as the operation of nodes when implemented with a blockchain, should preferably be carried out in cooperation with organisations from the various sectors.

Since different sectors will contribute to this ecosystem, we would like to take a closer look at the interplay between these sectors:

Here we place E-ID as an important part of the ecosystem in the “eGovernment” sector. Among other things, the issuing processes of the E-ID and the division of tasks between the Confederation and the cantons will have to be regulated there. However, aspects of international interoperability must also be adequately taken into account. Following the same logic, the necessary standards for Educational Degrees or Standards for Health Certificates will be established in their respective ecosystems or industrial sectors. The important requirement here is that all these ecosystems place their so called “trust anchors” in common the “trust network”. This will ensure the secure exchange of credentials across sector boundaries.

In summary, we suggest the following three main measures:

1. In terms of a “sector eGovernment”, the federal government is to define the design of the processes relating to e-ID together with the cantons. This gives residents of Switzerland the opportunity to store and use their personal E-ID as a “Verifiable Credential” in their wallet. International developments must be taken into account. Requirements for wallets, in which E-IDs can be held, must be defined.
2. In the individual sectors, the existing structures are to be leveraged . Where necessary, existing regulations should be adapted so that the use of the E-ID and operation of ecosystems for the electronic exchange of Verifiable Credentials is made possible. This should also include the creation of an enabling conditions for harmonisation and compatibility with the overarching LEI framework, in order to support international interoperability
3. For the trust network, clear framework conditions for governance as well as for the technical and operational standards must be defined. Organisations from the participating sectors are to be involved in the operational implementation of the “trust network”. This approach will strengthen the decentralisation of the “trust network”.