The eSSIF-Lab framework is an SSI-domain-specific software framework that is
- built upon the extensions provided through the infrastructure-oriented call
- dedicated to the development of generic services that use SSI in 1st business-oriented call
- dedicated to the development of SSI-based applications in 2nd business-oriented call
Relationships between the opens call
Figure 2 sketches relationships between the open calls.
Figure 2: Relationships between the eSSIF-Lab open calls
The key requirement to the eSSIF-Lab framework is that it is consistent and integrated, and this is why the eSSIF-Lab framework has an architecture (work in progress), and why we expect the applicants to form a business ecosystem together under eSSIF-Lab supervision.
The emphasis is on interoperability, i.e. development and implementation of standardized protocols, data models and API’s, including contributing to standardization and performing of interoperability tests.
First business-oriented call: examples
Please surprise us!
The following are examples of topics that would be suitable for a potential proposal in the first business-oriented call. Applicants should use these for inspiration, and not take them normatively. Useful ideas and concepts for SSI that are not listed here are also very welcome. In case of doubt, contact us at firstname.lastname@example.org.
- Credential catalogue. This is a capability that allows issuers to advertise their credentials and associated metadata, enabling verifiers to decide whether or not to use such a credential for filling in forms associated to a specific business transaction. Credential catalogues are instrumental in making SSI work: they are the ‘shop windows’ that allow issuers to advertise their credentials such that they will be ubiquitously used.
- Yellow pages service. This is a capability that enables verifiers to search for organizations that issue credentials that they may consider to use for filling in forms for specific business transactions. This service can be seen as a search engine that knows where to find credential catalogues of many organizations, and knows what kinds of credentials are similar, and which are not.
- Web shop SSI business plug-ins. Technologies like WordPress make it easy for prosumers to open a web shop. There exists a simple solution to integrate inventory control and payments with the web shop. Can you provide a solution that enables an equally simple integration of SSI credential checks (basically building a plugin that has TVE and TRD functionality)?
- Usability solution. Usability is key to adoption of new technology. Providing a consistent user experience between applications is an important part of this. An example is the “folder” metaphor for digital file systems. Users understand that files go into folders, and that folders can go into other folders. What are usable metaphors and elements to rectify SSI concepts like “verifiable credential”, “credential request”, “verified signature” and more? And how could a good user-interface solution be commercialized? Do not just think about ‘users’ (individuals) that have an SSI wallet app, but also think about the kinds of usability that people need as they design forms that need to be filled in, or the various business- and/or SSI-component related policies.
- Barrier to entry. Parties have reasons for bureaucratic walls, e.g. keeping jobs for manual checking or postal administration processes. What could be rationales for organizations to lower this barrier? And what business models could provide the right incentives to the bureaucrats?
- Meta-wallet. What solutions could be conceived for users to seamlessly use multiple SSI wallets/ apps on multiple devices and/or in the cloud?
- GDPR-violator check. Solution to forward signed over-asking credential queries to authority. Or a service that allows for issuing a credential that contains ALL information an organization has about a person, have it revoked/replaced when the information changes, supports users that seek to exercise GDRP rights such as the right to rectification, right to be forgotten etc. How can legal and tech support to ultimate collect fines from violating verifiers be turned into a business?
- Application attestation services. In case of high-value high-risk transactions, (verifier/holder/issuer) agents may want to know that they are dealing with a peer agent whose functionality, integrity, and agency can be trusted to a sufficiently high degree. It is thinkable that such security-properties can be checked by services that are run by parties that specialize in such matters. For example, functionality may be attested to by credentials from an official accreditation agency. Integrity may be attested to by online services that can remotely check the status of apps. Agency may be attested to by ‘multi-factor authentication providers’. All such services may result in credentials that verifiers may ask for as they need the associated assurances.
Infrastructure-oriented call: examples
Please surprise us!
The following are examples of potential proposals. Applicants should use these for inspiration, and not take them normatively. Useful ideas and concepts for SSI that are not listed here are also very welcome. In case of doubt, contact us at email@example.com.
- SSI wallet. eSSIF-Lab needs multiple wallet codebases to validate interoperability and to integrate with. A wallet must provide safeguards against inadvertent adding, reading, modifying or deleting contents; be available when needed; and provide only access to applications that are allowed to. What codebase could you offer?
- SSI smartphone app. eSSIF-Lab needs multiple SSI apps that act on behalf of its owner; and that provides a user interface to register with the app, to get (re)authenticated, to specify preferences, to work with a browser for obtaining credentials, issuing credentials, filling in forms and requesting credentials from web-servers (to reduce the risk of dealing with fraudulent servers/fishing sites), to manage credentials it has obtained or issued, and to check the logs. What codebase could you offer?
- SSI browser add-on. How could the SSI wallet/app functionality be made available as browser plug-in? What codebase could you offer?
- Web server proxy. eSSIF-Lab may need a web solution, where the wallet resides in the cloud. What provisions can be made to make such solutions sufficiently secure? What codebase could you offer?
- Credential-query solution. How could a verifier agent semantically specify what combination of credentials it requires? What solution can you offer to further automate the credential query-response process at both the verifier and holder side?
- Automated issuer referral. How could an SSI application be automatically referred to appropriate issuers, when a requested credential happens to be missing in the wallet?
- Revocation service. Many credentials (e.g. driver’s license) need the possibility of revocation. While many solutions exist (e.g. revocation lists, online status protocols, accumulators), each has its merits and drawbacks that may make it unsuitable for certain issuers to use. For example, how could a verifier at some later time check the revocation status of a credential in absence of the holder, while respecting GDPR? What solutions do you envision?
- Cryptographically enforceable issuer policies. As stated by the Dutch ministry of internal affairs, a government should protect its citizens from data-guzzlers, e.g. foreign customs or tech giants that may coerce Dutch citizens to provide all credentials from their wallet. So, what solution can you envision that enables an issuer to cryptographically enforce a policy to prevent such abuse?
- Calamity override. In case of a calamity, what solution could you offer to give a health worker emergency access to health-related credentials, while respecting the self-sovereignty of the patient?