Re: EUDI Wallet Consortium (EWC)

Alternate take: there are not enough combatants for war, and this is just
the beginning of the wallet ecosystem's blooming, where many wallets get
built, catering to different use cases and workflows, specializing in
particular tasks to ensure great UX for their respective use cases. The
wallet that lets you unlock your car may be a different brand and
experience than the one you use to board your flight, which again may be
different than the one you use to transfer your educational
credentials--and I think this is a good thing. "Super apps" that aim to
encompass all use cases will likely demonstrate subpar performance/UX
across the board, and it will be hard for them to be competitive in the
market except under mandate, and even under mandate they would leave tons
of consumer benefits on the table, abandoning the benefits of
specialization that competitive markets can bring.

This brings us to the importance of interoperability and standardization
across wallets, so that your physical device only needs to keep one copy of
a credential in a security-appropriate manner, yet this credential can
appear across many workflows that don't require you to clumsily pick
through your towering stack of credentials, as if you were in regedit hell,
when you're just trying to check in to your hotel room at 11 pm. The hotel
brand's wallet could help you present your proof of identification
(selectively to only the threshold required), confirmation details, deposit
authorization, relevant partner loyalty programs, with a single tap and
your consent to share. Nothing to clutter the UX except what you needed to
check-in for that hotel, and if you already obtained a credential you
needed for this workflow (such as your driver's license from the DMV), then
it should just work without onerous and privacy-eroding reissuance
processes.

These wallets could all be built with a compatible set of data models,
issuance protocols, presentation protocols. They could all support a
baseline of security and privacy requirements, perhaps with different
grades required for more sensitive credentials such as those related to
strong identity (your digital passport may require different storage
environments and security features such as holder binding than does your
grocery store membership card). Perhaps when you present credentials from
any wallet of certain trust frameworks, you receive a data receipt from
verifiers in a standard format allowing you to exercise your data rights
automatically and assess your complete inventory of "leased" data whenever
you want.

Data models and protocols will win and lose, and I think we've all accepted
that there will be several valid ones supported by the market. To the user,
it shouldn't matter, and wallets should work out of the box for their use
case whether they are entering a bar, transferring credits to their next
school, or applying for a job, and it should be done in a way that does not
violate their expectations of privacy, security, or ecosystem lock-in. All
this needs specifications and standards, and that's why the work of this
community is so critical, to allow a multi-wallet world that enshrines user
choice to be a feasible path (shoutout to early efforts such as Universal
Wallet 2020, CHAPI, SIOP, and emerging ones like the forthcoming FIDO
Alliance work discussed at this past IIW).

Best,
- Wayne


On Tue, Nov 29, 2022 at 3:34 AM Anders Rundgren <
anders.rundgren.net@gmail.com> wrote:

> The war of the wallets seems to be imminent:
> https://eudiwalletconsortium.org/
> 👉 Using the EUDI wallet for payments will be a major step forward in
> facilitating secure eCommerce for all parties 👈
>
> Anders
>
>
>
>

Received on Tuesday, 29 November 2022 18:52:37 UTC