Being ourselves, everywhere: Blockchain and the European e-Identity framework

What happened at the European Union Blockchain Observatory & Forum workshop on e-Identity in Brussels on 7 November, 2018

Published 19 December, 2018

The full minutes of the workshop are available here.
Video from the workshop is available here.

It is no secret that the ability to correctly identify each other and our assets online is one of the most important prerequisites for a functioning digital market. For this reason the question of developing robust digital identity frameworks has long been a focus of policy makers and regulators.

At the fifth workshop of the European Union Blockchain Observatory & Forum, held on 7 November, 2018 in Brussels, thought leaders from around Europe gathered together to examine this issue in light of blockchain technology.

The goals of the workshop were to examine the current state of the decentralised identity framework, including the current state of identity standards, and then explore how to integrate the existing framework with Europe’s important Electronic Identification, Authentication and Trust Services (eIDAS) regulation. In particular, participants sought to clarify the use of blockchains for decentralized identities as well as define the infrastructure and regulatory requirements for a European blockchain infrastructure identity module.

eIDAS: establishing and using identity across borders in Europe

In Europe, the eIDAS regulation – which defines a set of standards for electronic identification and trust services in the European Single Market – plays a seminal role in the legal definition and use of online identity. The regulation mandates the mutual recognition of digital identities across borders in Europe, allowing among other things citizens of one Member State to access public services in another Member State using their own national identity, while maintaining the ability of individual Member States to define the means for e-identification at their own national level.

To accomplish this, Member States operate their own identity nodes, with nodes in one country linked not only to domestic identity providers, but also to eIDAS nodes in other Member States. This allows the information to be shared if needed and, more importantly, ensures that identity attributes issued in one Member State can be trusted for us in any other Member State’s public services.

An important goal of eIDAS is that dentity should speak “for us”, and not “about us”. Natural and legal persons should, for instance, be able to provide verified attributes about their identity without revealing the whole of this identity. A classic example is the ability to provide verifiable proof that one is over 18 years of age, and hence eligible for certain privileges, without revealing one’s birthday.

The eIDAS regulation covers a wide range of identity-related areas. These include the above-mentioned mutual recognition of digital identities as well as such things as the legal standing of electronic signatures and electronic documents. As such, the regulation naturally applies to transactions carried out and data stored on a blockchain-based ledger, making the regulation highly relevant to those developing blockchain-based platforms. While there are different frameworks for for e-identity that could be employed, being eIDAS-compliant has a number of advantages, allowing developers to leverage eIDAS’s trust framework and certainty across Europe.

e-Identity standardisation: State of the art

As workshop participants discussed, there are two main approaches to digital identity. Under centralised approach, there is a clear authority issuing and maintaining the identity verification. Under the more decentralised self-sovereign identity (SSI) approach, users can issue and administer their own digital identities, and support the reliability of these by collecting and storing verified identity attributes from different providers, and using these as needed.

These approaches are not mutually exclusive: indeed, SSI can be seen as an adjunct to centralised, “official” identities as defined under eIDAS, providing additional layers of verifiable identity information that remain both under the user’s own control but trustable by others in the marketplace. Supporting the provision of decentralised, self-sovereign identities is one of the areas where blockchain technology could be meaningfully employed in the overall digital identity framework.

Today there are a number of bodies working to provide the standards that can be used in either or both approaches. Among the most important of these are the World Wide Web Consortium (W3C), the International Standards Organisation (ISO), and the Digital Identity Foundation (DIF). Many important elements of these standards should be ready soon: Version 1.0 of DIF’s decentralised identity standard as already been released, and the W3C standard on verifiable credentials for example should be available in Q1 2019.