- From: <meetings@w3c-ccg.org>
- Date: Wed, 15 Oct 2025 15:13:39 -0700
- To: public-credentials@w3.org
- Message-ID: <CA+ChqYeR5NU6k5hQ8D8T+qzj5vASWmztL29ppKuEcbqxNq_q3Q@mail.gmail.com>
Meeting Summary: CCG Asia-Pacific - 2025/10/15
*Meeting Attendees:*
- Amos Li
- Anand Acharya
- Dan Yamamoto
- Denken Chen
- LearnStudy
- Otto Mora
- Rose Luo
- s
- Warren Liu
- Will Abramson
- Yen-Lin Huang
- Zoey
- 吳欣穎
- 林丞璿
- 陳建佑
*Summary:*
This meeting of the CCG Asia-Pacific featured a presentation by Anand
Acharya on Bhutan's National Digital Identity (NDI) project. The discussion
covered various aspects of the project, including its implementation,
technical details, and future plans.
*Topics Covered and Key Points:*
- *Introduction to Bhutan NDI:* Anand provided an overview of the Bhutan
NDI, which was launched on October 13, 2023. It is a nationwide,
decentralized system with legal backing from the NDI Act of Bhutan. The
system utilizes a digital wallet for citizens, which provides a
foundational ID credential.
- *Verifiable Credentials and W3C Standards:* The project uses W3C
standards for verifiable credentials (VCs), including the JSON-LD format
for interoperability. The trust model is based on a decentralized approach,
with issuers, holders, and verifiers.
- *Decentralized Identity Benefits:* The benefits of decentralized
identity for Bhutan were discussed. These include user control over data,
no single point of failure, and the ability for organizations to use a
common framework. The project also incorporates privacy-enhancing features
such as selective disclosure and zero-knowledge proofs.
- *Use Cases:* The NDI is integrated with various government services,
including government-to-citizen (G2C) portals, banks, telecom providers,
and government employee verification.
- *Technical Details:* The project utilizes the Credible platform, which
has a main origin code base from Credo, with some customization and using
the Aries framework. The DID method used is DID:polygon and now uses
DID:ethr for its Ethereum integration. The data storage is privacy focused.
- *Revocation Service:* The NDI supports revocation services, where VCs
can be revoked if needed. The system uses revocation IDs linked to VCs.
- *Mandatory vs. Alternative Pathways:* The discussion explored the
mandatory nature of the NDI and its integration with government services.
The project started with alternative login options alongside the NDI, but
is phasing them out for government portals.
- *Future Plans and Interoperability:* The project aims for
international interoperability, with discussions underway with DGATRA,
India for sharing passports.
- *Q&A:*
- The use of JSON LD and the potential of using BBS+ for ZKP.
- The reason for the shift from Hyperledger Indy to Polygon.
- Data Stored on Blockchain.
- Revocation Scheme.
Text:
https://meet.w3c-ccg.org/archives/w3c-ccg-ccg-asia-pacific-2025-10-15.md
Video:
https://meet.w3c-ccg.org/archives/w3c-ccg-ccg-asia-pacific-2025-10-15.mp4
*CCG Asia-Pacific - 2025/10/15 07:50 EDT - Transcript* *Attendees*
Amos Li, Anand Acharya, Dan Yamamoto, Denken Chen, LearnStudy, Otto Mora,
Rose Luo, s, Warren Liu, Will Abramson, Yen-Lin Huang, Zoey, 吳欣穎, 林丞璿, 陳建佑
*Transcript*
Will Abramson: Hi, thanks.
Anand Acharya: Hi. Hi every noise.
Will Abramson: Hope you're today. Appreciate you taking the time to speak
to us.
Anand Acharya: Sorry because I didn't know the format of the presentation.
So is it going to be a wider number of people or is it just us right now
here?
Will Abramson: We shall see this is an experiment to run do you know the
credentials community group?
Anand Acharya: Yes. Yes.
Will Abramson: Yeah so it's an experiment to run these calls at a more
friendly time for people in the AsPacific region.
Anand Acharya: Okay.
Will Abramson: And last call we had about 12 people join. So we'll just
see. It really depends.
Will Abramson: Sure I think that's great.
Anand Acharya: Because I didn't know the kind of audience that we are going
to have. So I've kept the presentation very generic and just the
introduction of our national digital identity.
Will Abramson: I mean generally we get a pretty wide spread but we are
primarily from a technical leaning background at least aware of this
standards like verifiable credentials decentralized identifiers that sort
of thing…
Anand Acharya: Okay.
Will Abramson: but yeah I think it's great right you can start high level
I'm really excited to learn about what you guys have been doing over there
and then maybe we can take questions that take us a bit deeper
Anand Acharya: Yeah. Yeah. I could have asked our technical team to join
us,…
Will Abramson: Okay.
Anand Acharya: but then yeah, it's quite late in Bhutan. So, yeah. it is 6
p.m.
Will Abramson: What time is it for you?
Anand Acharya: But since it's I think already autumn so people leave very
early here.
Will Abramson: Yeah. Yeah. So, we'll give people a couple more minutes and
then I'll introduce the call and run through some CCG sort of
administrative stuff and then I'll hand it over to you.
Anand Acharya:
Anand Acharya: Okay, no worries. I'll wait for your prompt then.
Will Abramson: Yeah. Great. Thank you.
Will Abramson: Hey Nice to see you.
Otto Mora: Hey, how's it going?
Will Abramson: Yeah, good.
Otto Mora: Just thought I'd check this out.
Will Abramson: Okay, we usually wait until about a couple minutes past 5,
but I think I will get started and since I don't know everyone on this
call, I'll give people a bit more time if they want to introduce
themselves. but before we get into that, let me just introduce this. So, hi
everyone. I'm Will.
Will Abramson: I'm one of the chairs of the credentials community group at
the W3C and we're experimenting with is there appetite for a CCG style call
at a more friendly APAC time and know and today we're joined by anand who's
going to speak to us about Bhutan's national dig digital identity project
and I think that's just one example of some really exciting work that is
going on in the Pacific region around identity credentials that maybe
doesn't get a chance to get surfaced in the general CCG calls. So this is a
series of calls that is going to run throughout the month of October.
Will Abramson: I think we have one more sort of speaker next week and then
the week after I'll just be hosting a sort of open discussion session where
anyone who is welcome to show up and I'd really love your input to discuss
what happens next is this worth continuing what would that look like? and
it will really depend if there's appetite for it and motivation and people
willing, then let's go for it and figure out some schedule that makes sense
and create maybe change the time. I know Andrew you said it's 6 p.m. so
that's all open for debate following this session. before I kind of do a
few more things that I generally do at the normal CCG call.
00:05:00
Will Abramson: So the first one is just a reminder for the code of ethics
and professional conduct reminder. So this is a W3C community group and we
abide by the W3C code of ethics which you can find here. it's really
straightforward stuff. Just treat people with respect, be friendly,
welcoming. Let's create a collaborative environment where people want to
show up and you're able to share their perspectives. So, please help me
continue to create a nice friendly space here. second is probably not that
relevant, but this is an IP note. So, anybody is welcome to join these
calls. And one of the good things about a community group is you don't need
to be a member of the W3C to join these group calls.
Will Abramson: However, if you want to contribute to any of the credential
community groups work items, so these are proto specifications, things that
we kind of incubate before moving them into a working group call. We
require you to join the credentials community group, not become a W3C
member, but this just entangles like the IP stuff. So, if you're interested
in learning more about that, I would invite you just to reach out to me. I
put my email in the chat in case you don't have it. So you can reach out to
me and we can talk about that. it'd be really interesting to see if there
is appetite in the Asia Pacific region to start working and incubating work
items under the W3C. but we can discuss that later. And then as I've said I
don't know everyone here very well at all.
Will Abramson: I know a few people but generally at the start of our calls
we have an opportunity for anybody who is new on the call or who wants to
come off mic and maybe you can raise your hands first and I'll go around
just introduce yourselves tell me who you are and where you join from. So
you don't feel like you have to but I would be lovely to hear from a few of
you if you want. Yes. Yen Lynn,…
Will Abramson: go for it. Hi, that's me.
Yen-Lin Huang: Yeah, thanks.
Yen-Lin Huang: I am Yanling and also called Mashbin and I serve as a public
servant in the Taiwan's government before the Ministry of Digital Affairs
and at that time we initiate our Taiwan digital identity wallet project and
we also use verifiable credential and decentralized identifier at that time
and right now I am a policy fellow in Harvard Kennedy School and I still
doing some works about…
Yen-Lin Huang: how digital identity especially verifiable credential can
really implement into the geopolitical region. Yeah. Thanks
Will Abramson: Great. Thank you so much.
Will Abramson: Lovely to have you. anyone else would like to say hi? Go.
Anand Acharya: I got
Otto Mora: I'd like to say hi just to introduce myself. I'm the chair of
the group here with Will. we're really interested as Will was saying in
promoting participation from the AP pack region. I know the APAC region
certainly has some of the key I'll say government bleeding edge use cases
for the u just like Mashin was saying in Taiwan and Wutan certainly very
interesting as well. so yeah, I'm really curious to see where this can go.
Also good to see Dan here who I know from IW.
Otto Mora: so yeah we would love to have a community and have interest
group created and come to us with any specifications that you're interested
in either advancing or developing we want to make sure that we reach out to
the APAC region and I'm looking really forward to this presentation as well
because I know that the folks in Bhutan had an interesting transition from
Hyperledger Indie to Polygon. So, I'm curious to see how that was done as
well. So, great to be here.
Will Abramson: Okay, Thanks, last chance before I hand over to Anand. I'm
not seeing anyone, but I encourage you to feel welcome to, contribute to
this call. if you want to ask a question, just raise your hands and I'll
manage the queue. this should be hopefully a welcoming space.
00:10:00
Will Abramson: And with that, Anam, I'll hand over to you and you can talk
to us about the boot slide project.
Anand Acharya: Hi. Hi.
Anand Acharya: Hi everyone. yeah, so brief introduction of myself. So I'm
Anand joining from so the Bhutan India project actually started in 2022 and
then I joined the project in 2023 as a project manager So for the last
couple of years till we successfully launched the Bhutan NDI identity
system I was the project manager and then afterwards of course we became a
startup or company from the project and after that I'm currently leading as
the chief product officer here.
Anand Acharya: So yeah more or less so I had handled this project in most
of his lifespan. So yeah so Otto mentioned we transitioned from Hyperledger
Indygon and I think recently although we have not migrated but we have made
the code integrate with Ethereum. So saying which now there's a plan to
migrate the full use cases to Ethereum in coming days. I think in fact
Etfounder Datalik was here day before yesterday we work together I mean to
launch this part and then I still have to sit down with our team and then
plan the whole complete migration of what we have in polygon to Ethereum.
so yeah so that's in nutshell.
Anand Acharya: So I'll go forward with the presentation and you can feel
free to ask me questions in the meet also I don't mind that but it's just
that my technical team are not here so there are a few questions that I
might have to get back to you if you dig down too technically for me right
now. Okay. can you see this screen?
Will Abramson: Yes.
Anand Acharya: I will for the internet I think. So this was basically the
presentation that we presented. a few months back we had a presentation
with ID it for Africa conference also. So this is more or less from there
only. So I felt like this justifies the topic that we are going to discuss
today. So, Bhutan NGI we launched in October 13th of 2023.
Anand Acharya: So last October 13 a few days back it marked the second
anniversary of Bhutan NDI and yeah so as a thing it also coincided with
Vitalik coming to Bhutan the Ethereum's co-founder and then we took
advantage of that timeline to also integrate launch the integration with
Ethereum on that day. so basically we do say that it's a world's first
nationwide decentralized system which it's fully decentralized and fully n
it's a nationwide and the stakeholder was our government and then DHI which
is the investment arm of the government which has a portfolio of lot of
companies and they take care of actually this high-end innovative projects
and then we sorry
Anand Acharya: And then we always say that any technology should also come
with its own legal backing. So we have this NDI act of Bhutan in which it
was passed by the parliament just before we launched that it gives legal
authenticity to all the data shared through Bhutan NDI and all the
organization in Bhutan. if they cannot deny service to citizen even if the
information is given to them through the Bhutan NI system. So that is one
of the thing so that's what this NI act actually takes care of the privacy
and control of personal data.
Anand Acharya: and then also through done NGI we make sure that whatever
data we share is legally acceptable by the company services which is
digesting those data so on top of that Bhutan India we have a wallet so if
you see in the screen there so there's a citizen using Bhutan India app so
that's a wallet that all the citizen can have access to so it's bio
biometrically
00:15:00
Anand Acharya: protected saying which we have all the standard of pin word
and password but then I think we also mean that whenever we onboard a new
user we go through certain onboarding process which is going which is they
have to do the biometric access and then they have to give a certain number
of information that v them through our department of civil registration
which keeps data of all the users. So once that person has validated that
it's the right person through biometric and other mechanism then they get
their verifi foundational ID credential back to their wallet. So it's only
for bhutinis we have done this and then pretty soon in coming months we are
going to also extend it to all the foreigners who are visiting Bhutan.
Anand Acharya: So they can also have their own foundational ID within
Bhutan's India wallet that they can go around and use within Bhutan. So
this foundational ID basically for Bhutes will contain information which is
of course digitally signed and everything about their citizenship identity
and then also their information about their permanent address. Those two
are by default will be given to them as their foundational ids. So
basically we say the Bhutan NDI is a flagship project because apart from
Bhutan NDI there are a set of eight different IT enabled services that's
being developed simultaneously but Bhutan NDI will remain the main flagship
the backbone of all those systems saying which that all the login
information all those access to those system that's been developed for
example we have something called bits putan
Anand Acharya: taxation system and Bhutan's so we also have a health system
that's been developed but the core end not back end the core u link between
all these are going to be bhutan ndi so it's a digital transformation with
Bhutan India in the center of all the new digital transformation that's
going on in Bhutan so of course I think I'll just go a bit on the
verifiable credentials. So the VC that we have is temper proof which is
digitally signed certificates containing claims and digitally signed by the
issuer. So I think I'll go to the issuer and verifier in later of this
slides and we have followed W3C standards.
Anand Acharya: So we have adopted the W3C data model and then for the VC we
have used the JSON LD format which we believe is interoperatable which we
are also trying to actually integrate with other digital wallets where we
can freely share the VC within the different wallet across the world. So I
think this is also a good forum in which I can reach out to people who are
also working on digital identity decentralized or otherwise then where we
can freely share and make it truly interoperable. for Bhutan NDI we chose
W3C standards because like I mentioned again for interoperability.
Anand Acharya: earlier we used to use non crates when we are in hyper laser
indie but as we moved to polygon subsequently we also changed to JSON LD
format okay so I think since I feel everybody knows this trust triangle but
then I'll just briefly go over the trust triangle so basically what we mean
by decentralized is that I always like to say that this whole decentralized
system which when we began the project of course the decentralized
philosophy approach to a digital identity was not there. So pretty much we
were looking into some successful centralized identity system in Aadhaar
and Singas and all those things. we were taking inspiration from them.
Anand Acharya: But in the middle we thought that maybe we have to make our
dig digital identity system future proof saying that with wave three and
then with self-serving identity concept and philosophy coming we thought
that maybe we should work more towards decentralized identity system which
would be self-serving identity philosophy which our policy maker thought
that it would be more future proof. So saying which we all know that there
is always an organization if you take into example of a physical format
right so if you have a passport so a passport is printed for you by your
government and given to you.
00:20:00
Anand Acharya: So that passport and if you go with that passport outside
and you saw it around in the immigration section people who trust that
passport in physical world and by just looking into the passport they know
that this is genuine passport and this is something based on this I can
allow so and so to travel. So basically we say that we are trying to build
that same trust through the digital sphere saying which if you look into
the digital world like this right now the most common mechanism would be
you would give certain information to the verifier and the verifier would
individually go back to a centralized server or make a API call all the way
Anand Acharya: back to some system of the issuer where you don't know what
else data they are looking into. So that we can't really trust that kind of
system. So basically through this trust triangle what we are trying to do
is that we are going to bring that same trust of the paperbased mechanism
that I just explained a few moments back through this whole concept of
trust triangle and self-serving identity decentralized approach. Now how it
came together was of course these deeds were ready and this digital
signature concept and I would not say blockchain all the time but I think
the blockchain can also be replicated through a decentralized data as long
as it's a decentralized laser concept.
Anand Acharya: So all those thing when it came together then through the
book of the self-serving identity written by Drand I think we found that
this is something that can be replicable and also we took lot of
inspiration from the W3C's books also sorry websites and standards. So what
we are doing right now is that if you see here in issuer we are trying to
whenever issuer send some credential to the holder holder obviously is the
single person or me who has this wallet with me.
Anand Acharya: So whenever they issue some claim to me the meta data and
the public key of those of that issuer claiming that their public key is
written on the blockchain right so this holder will hold those PC and
whenever you have to present let's say I get my foundation ID saying that
Anand with the citizenship identity number this and datab this are the
information that are genuine so that's why I'm sending this information as
a VC on the holder's wallet. So I will keep this information on my wallet
in my VC format. But then this issuer has already signed the metadata and
it has its own public key in the decentralized GPK.
Anand Acharya: So now this holder whenever if I have to go to a bank to
open my account now the bank will have a set of proof proof requests that
needs to be sent to my wallet and in the reply to those proof request I'll
send my proof claims to the verifier when it gets this verifiable
credential the VC. So we also have a D locator. So bas based on this did it
will go and search in the decentralized blockchain what is the public key
of the issuer. So it's based after that it's all the digital signatures pro
algorithm in which they check that yes the information sent to me was
genuinely given to the holder by the issuer and whatever information that I
am reading is genuine and is linked to this wallet.
Anand Acharya: So that is all the trust framework that it's the same trust
that in physical work we have replicated in that way. So now we can say
that we have given an ident identity to a user through their devices.
Please let me know if I'm going to overboard with few of them. So why
decentralized identity? So in Bhutan of course it's a new concept that's
why we have to go over this really whenever we present to our stakeholder
to integrate with Bhutan NI.
00:25:00
Anand Acharya: So of course it gives more control of their individual data
to a user because once the government gives you your data on your wallet
then of course they will maintain the central repository but then none of
the other organization will be given any API backend access to this data.
So now what we are doing is in the later slides you'll see that now all the
government's portal through which you have to do certain things apply for
certain things those calls will not be made to those centralized data but
it will be sent to the user upon open their consent only the user can send
their data back to those portals or systems that is
Anand Acharya: that the government portals are using saying that I know
exactly what information is certain portal asking from me and I also have
the ability I will also have the features where I can refuse to give those
data to those portals and also there will be no single point of failure
being which if a central server crashes you have your own data with you
which is safely on your wallet.
Anand Acharya: Of course many organization can use an issue verifier with a
common framework saying which these banks will no longer be dependent on a
centralized data from which to verify users and of course we have the
privacy and consent mechanism in which there can be a selective disclosure
that or we can also have the zero knowledge proof in which you don't really
have to share a data If you are going to a bar and you have to show that if
you are more than 18 or not rather than giving away your age there will be
a simple question on the system in which they will just ask are you 18 or
not then we have the ability to verify yes or no answer with that and also
recently we also have a second product called a mobile verifier which all
the traffic police in Bhutan is going to use very soon in which the traffic
Anand Acharya: Police could not be able to know what is your name, what is
your age, So they only need to know whether your driving license is valid
for you to drive or not or is your driving license still active or not. So
that kind of zero knowledge proof and selective disclosure we have enabled
for now.
Anand Acharya: Yes will.
Will Abramson: And…
Will Abramson: yeah, I have a quick question on that.
Anand Acharya: Yeah. no no so of course BBS is used for the ZKP right…
Will Abramson: What signature scheme have you been using to sign these
credentials? Are you using BBS?
Anand Acharya: but then for now we are using JSON LDS ED EDSA but then we
also have a web hook in which we have done certain customization in…
Anand Acharya: which we have enabled this GKP okay yes there's a layer on
top of that in…
Will Abramson: …
Will Abramson: it's way on top after the signal, right? Yeah.
Anand Acharya: which you ask some question and then based on that we give
those answer back because of course earlier when we were using the non
create we were using the BBS plus which of course gave us the default GP
features…
Will Abramson: All right.
Anand Acharya: but I think in the JSON LD we don't have that anymore or I
think I would like the community to let me know if there's been any
enhancement which enables this
Will Abramson: I think that is actually let me try and find the just so
well on that I think I haven't looked at this in detail but a lot of work
has gone into this so this is a VC data integrity crypto suite for BBS
signatures…
Will Abramson: which means you can sign JSONLDD documents using BBS now and
then the section I linked to these optional features includes how you
Will Abramson: would get some of the same privacy features that were in an
onre built into it in a JSLBC.
Anand Acharya: That's cool.
Anand Acharya: So I think because we launched in October 13 with anon
crates only.
Will Abramson: Mhm.
Anand Acharya: So two years back and then in the middle of 2024 June we
again migrated to polygon and then also to JSON LD. At that time we found
out that there was no GKP. So we could not do the GKP with JSON al
therefore we had that built-in feature in which we enable this GKP but
recently on our brainstorming session our technical team was saying that
now the JSON LD also has enabled this GKP features based on I don't know…
00:30:00
Will Abramson: Cool.
Anand Acharya: which signature was it but they said that BBS plus is kind
of enabled for JSON LG also but We haven't had much time to look into that
font for now.
Will Abramson: Thank you.
Anand Acharya: So, some of the features is that we can do offline
verification. So, this is mainly limited to code. I think I'll go back to
that mobile verifier that we have right now. What we have done is of course
we know that not all the users in Bhutan are technically savvy or don't
have a smartphone devices. So what we have done right now is whoever has
this physical CD we are printing this QR code of Bhutan NDI's QR code on
their CD.
Anand Acharya: So now if let's say a villager doesn't have smartphone so
they still have this QR code enabled C with them and they are traveling
across the country so anytime anyone would want to do digital transaction
they can actually scan this QR code and then we don't need to be online so
it's just offline verification can also be done right now but then right
now we have not extended the
Anand Acharya: use case saying which right now it's only for police use
case in which they can just scan and then it's only scannable through
Bhutan NDI's verifiable mobile so they will get all the information about
that person through that QR code and also we can also have a other use
cases embedded to that later but then since we just launched it a few days
or months back so we haven't gone further than that for now but then of
course it would not need a internet connection and…
Anand Acharya: also we have also enabled revocation services in which let's
say for example you are a driver and then your driving license validity has
finished so yeah William you had some question yeah Okay.
Will Abramson: I had a question about the offline verification,…
Will Abramson: but you can finish this one. Okay. My question is about I
think it's really interesting doing offline verification. I think that's
great and needed.
Will Abramson: I wondered if you'd seen this spec which is currently being
developed under the credentials community group mostly led by digital
bazaar about VC barcodes …
Anand Acharya: Okay.
Will Abramson: because they're doing similar thing but trying to create
some standard around how do you convert a ve how do you represent a
verifiable credential as a QR code and the reason I think it's interesting
is I think digital bazar recently announced that the state of California is
using this specification to encode on driver's licenses like physical
driver licenses these digital credentials in a way sounds kind of similar
right it would enable a cop to do offline verification of the validity of
that barcode so I just wanted to bring that to your attention
Anand Acharya: Yes. Yeah. Yeah. Yeah. So, yeah.
Anand Acharya: About I'm curiously taking this note because when we were
asked to do this, we didn't have pretty much time to look into most of the
things.
Will Abramson: Mhm. Yeah.
Anand Acharya: So, I think there's something that our team brainstorm and
made it. But like I said, if there's a standard here, I'm just taking this
notes so that I can revisit them with my team.
Will Abramson: And just to note this isn't yet a full standard. So this is
the kind of proto incubation standard that this community group works on.
But the plan is the verifiable credentials working group. So they create
the real standards. It's going to get stand chartered again and…
Will Abramson: one of the specs in that charter would be this VC barcode
spec.
Will Abramson: So the idea would be okay let's take this proto
specification and turn it into a W3C formal recommendation.
Anand Acharya: Okay.
Anand Acharya: Yeah, I have just taken a note of that. So, because we have
a very small team actually working on this.
Will Abramson: Mhm. Mhm.
Anand Acharya: So any help like I mentioned when we started we didn't have
much of a example someone who had implemented the whole system in
decentralized system so we could not really take aspiration inspiration
from few of the things but right now lot of things are coming up so yeah it
would be great to have this community So, we have this revocation service
where if your credential is stolen sorry if your wallet is stolen then you
can actually suspend the whole foundational ID only.
00:35:00
Anand Acharya: But of course it has its own u SOP how it should be done and
who is allowed to do this revoc revoke the species and then also if your
driving license is suspended then we have this road safety authority who
has this authority to suspend or revoke someone's driving license based on
of course the rules and regulations gets they have on their end. So once a
driving license is given to you. So that we have three stages. So one is
active, one is suspended and one is revoked. So suspended is like if you're
drunk driving then you are liable to have suspended license for a month
then they just suspend it. which then they cannot use this license for any
other services like the system would straight away refuse to share this
because it's suspended.
Anand Acharya: And yeah I think I already talked about the security and
then of course we have this audit trail of the credential presentation
which will be within your wallet. So anytime you would want you we have a
section in which you have this audit trail where you can look and see what
did I share with whom where did I login with this credentials and all those
details are within the wallet. some of the use case is we have this
seamless so G2C here in Bhutan means government to citizenship citizen so
these are a bunch of portal that let's say if you're getting marriage
registration if you are going for passport verification or passport
application judiciary something all those things are within this G2C system
so for government it's
Anand Acharya: majorly a government al for this portal. What we have done
is we have done this passwordless login only right now. So meaning which
the citizen doesn't have to remember passport. So we have more than I think
80 or 120 services. So it's a hassle for people to remember all those
passport passwords. So they can easily right just scan and we give the
verifiable. So when they scan they have depending on those portals the set
of proof that they would want. So some might only want your name or email
id that was government issued to go in or some might need more than that.
So all those depends on the schema proof that they have created.
Anand Acharya: And then we also have this okay I'll go on the other page.
Yeah. So we have also integrated with lot of banks and telecom providers.
So basically for we have integrated with Bhutan National Bank. So this
development bank telecom and this Royal Civil Commission. So for them we
have these three use cases mainly. So EKYC whenever someone is opening a
bank all those information for a person to give to open a bank would come
from their wallet. So basically like I mentioned at the first we have this
foundational ID where you have all your email your name date of birth and
all your personal details and your own permanent address. So those would be
there by default. Those are actually more than enough to open accounts in
Bhutan.
Anand Acharya: so those can be electronically shared that is instantly
accepted and trusted by these banks because of all the trust triangle that
I shown before and then people here can actually open their bank very
conveniently. So also apart from that if you're booking a SIM then also you
can use your EKYC system to book your SIM and then for the CI Royal Civil
Service Commission and DHI what we have done is if you are employed with so
is one of the biggest corporate organization here and then royal civil
services where all the government employees civil servant of Bhutan
Anand Acharya: are under these two. So this I think u jointly has almost
50% of the workforce in Bhutan. So what we have done is you can actually
get your employee credentials saying that you're employee of this
organization and all your employee ID your role everything is sent back to
your wallet. So your employee VC will be given to that part we have done.
Yeah. So this is basically a snapshot of the live system for bo. So bank of
you actually can scan this to open an account and then this is something
that we have done with so these are all live system by the way. So this is
what we have done with this BTBL Putan development bank.
00:40:00
Anand Acharya: So you see that you can create an account. This logo that
shows is that they've already integrated with Bhutan NDI. So this is Same
way for Bank of Bhutan. So they have with sign up with NDI. So this is the
EKYC. So this basically for Tashi sales is one of the cell phone provider
in Bhutan. And yeah this is mainly for the government things. So if you see
you can get your vehicle ownership licenses through NDI. So if you receive
credential so whatever is your vehicle ownership all those PC will be given
to you on your wallet. So license credential like I mentioned your driving
license will be sent to your wallet. and if you are learner license on this
even we have this receipt credential in which you can get your license as a
VC on your wallet. So we have actually integrated with major should I say
units for function to-day functioning.
Anand Acharya: So most of the website if they have integrated with we have
this DI logo. Yes. So like I mentioned so we already have this digital
driving licenses. So Bhutan construction transport authority is the road
safety authority for Bhutan and yes so you can get this I think now people
have started really getting this. I myself have my driving license
credentials with me. So this when presented even it's legally accepted.
Anand Acharya: That's why I made sure that I talked about the act India act
before and of course the trust over internet protocol then so yeah this is
a bit outdated figure but we have build this on a national scale and then I
think there's a
Anand Acharya: strong legal and governance framework because of which most
of the organization is taking this up and we are trying to be more
interoperable saying which we are trying to find other stakeholder outside
of countries that is going to where we can work together and can be free
exchange of VC with each other for now we have been talking to DGatra I
don't know if you know about this so DJatra is basically digital travel
that's been in India.
Anand Acharya: So we have been talking with the DGAR team team in which we
can share this passport with each other and then a p person having this
wallet do not have to go through all those physical onboarding process and
they can just smoothly travel have air travel at least within India and
Bhutan since we are neighbors and this is I think a bit old figure yeah so
the total on boarding right now shows 300
Anand Acharya: 300,000 of course Bhutan is a small country so our total
adult profess population is 600,000 I think 800,000 in total but of course
the others are not adults so on May it was 310,000 but on the last count
that we had was we have 43,000 relatively which is I think if you look into
the 600,000 that adult that is supposed to have this identity. So it's
quite a good outreach for us now.
Anand Acharya: So I think that was very quick because I didn't know the
kind of audience I'm going to have.
Will Abramson: This is great.
Anand Acharya: So I took it very general and…
Will Abramson: Very interesting.
Anand Acharya:
Anand Acharya: something very informatic. Yes. William.
Will Abramson: I don't realize it was right at the end, but really great
presentation and I really appreciate learning what you guys have been up
to. Right. my question was if you just go back a clip yeah it's about these
last few sites in general is the goal of that this Bhutan NDI the digital
identity aspect is it going to be mandatory are you imagining some of the
services you talked about it looked like maybe the only way to sign up was
through the NDI wallet it right and…
Anand Acharya: Okay. One.
00:45:00
Will Abramson: having those foundational ID credentials.
Will Abramson: I mean, one of the reasons I ask is because I'm based in the
UK, and we've recently had a proposal to, roll out a national ID program
and to make it mandatory for specific use cases.
Anand Acharya: Okay. Yes,…
Anand Acharya: I read.
Will Abramson: And in the UK at least, whenever you say, this is going to
be mandatory, …
Anand Acharya: Okay. okay.
Will Abramson: everybody's going to need one, there's huge push back. I
think four million people signed a petition saying, "No, please don't do
that." So I just wondered how you guys are thinking about that mandatory
versus having other pathways as well.
Anand Acharya: So William like I mentioned in 2023 when we started of
course so there's two aspect here from government and let's say I'll
categorize this. So we have this government all those things information
system of the government part and then there's a corporation part right
which has of course the private sector and public sector so for the
government part they were the first one because they were the major
stakeholders so first what we did together with them was when we launched
it two years back for one year…
Will Abramson: Mhm.
Anand Acharya: what we had was we had this two part in You could either
login or do it through put an NDI and then other one was something like
login through Google or you just put in your username and password. So we
did some check on which so there was a time in motion study also. So after
one year we found that most of the user are now more comfortable with NDI
and then slowly they have phased out the other login part.
Anand Acharya: So now for government portal mostly it's NDI only…
Will Abramson: Interesting. And on the government part,…
Anand Acharya: but then there are still few which on request we have kept
it as a alternative login also but slowly for the government it's going to
phased out and it's only going to be put on NDI for the corporate part they
still have both the option where you can login through NDI or…
Will Abramson: right? are there other non-digital path pathways to do to
complete those government requirements right there are okay
Anand Acharya:
Anand Acharya: do your transition through DI or the conventional method
that they have always been doing. Yes. Yeah. they still have so within that
also they have categorized certain section in which they feel that only
through NDI should be enough. There are certain other section which still
has both the option in which you can either go in through or…
Will Abramson: Sure.
Anand Acharya: have it login it through the thing but then the long-term
goal is always to have it fully only NDI…
Will Abramson: So, yeah, anyone else feel free to raise your hands and
we'll take as many questions as you have.
Anand Acharya: but there's not a specific timeline right
Will Abramson: Otto
Otto Mora: Yeah. No, great. And I just want to congratulate you on the
progress so far. super cool to see that you can store several types u of
credentials on the wallet.
Otto Mora: I think that's great progress and showing that interoperability
across the banks and the other entities. also exciting to see that you're
thinking even about international right by going to neighboring countries.
Anand Acharya: Yeah. yes yes yes yes.
Otto Mora: I think that sort of interoperability is great. I was curious if
you could tell us a little more about I know you are using the credible
platform right that you mentioned and…
Anand Acharya: Yes.
Otto Mora: I believe that go ahead
Anand Acharya: So we are using the credible platform which of course has
its main origin code base from credo. and then we have used the open source
of credo platform and we have done in certain changes with regard to
because we still needed some customization on di for bhutan ndi.
Anand Acharya: So yeah, so we have used the credto platform for that and if
you would want more details on this yes we have used the credible platform
which of course has this credo ts framework and…
Otto Mora: Mhm.
Anand Acharya: and it has this Aries framework also which mainly uses this
ascar wallet for encryption storage yeah so that's the main core engine of
course for as a issuer and all those issuer verifier we have this bhutan
India specific we have this other internal system called motor which of
course talks to this credible platform and does all the computing which is
with regard to putan specific use cases
00:50:00
Otto Mora: Got it. and did polygon method, That's a DA method that you're
using at the moment.
Anand Acharya: Yes. Yes. we use did polygon method and…
Anand Acharya: recently when we integrated with ethereum we used ether
method.
Otto Mora:
Otto Mora: So maybe that's why there's this push now to move to Ethereum
mainet…
Will Abramson: Next. Yeah,…
Otto Mora: because you're also supporting the ether.
Anand Acharya: Yes. Yes.
Will Abramson: that is next.
Anand Acharya: Yes. Yeah.
Otto Mora: Super interesting.
Anand Acharya: Yeah. I see a lot of hands.
Otto Mora: All right.
Anand Acharya: So please maybe…
Otto Mora: Yes. Go ahead.
Anand Acharya: then yeah.
Dan Yamamoto: Yeah, Thank you for your great work and presentation. Yeah,
it's really exciting. And I'd like to know about the revocation part. You
mentioned your MDI wallet already support revocation and…
Anand Acharya: Okay. Yes.
Dan Yamamoto: I'm wondering that if there are lots of revocation scheme, So
there is a non versus anonymous revocation scheme and…
Anand Acharya: Yes. Okay.
Dan Yamamoto: privacy preserving revocation schemes. So yeah my question is
what kind of revocation scheme do your identity ecosystem support at this
moment? Yeah.
Anand Acharya: So I'll just go through how the revocation works for us
right now. Obviously I would have liked to show you the whole system
architecture but I didn't get the clearance for that. So I'll just try to
talk you through that. So basically whenever a VC is issued let's say for
example I'll go with the driving license VC since it's common for everyone.
So let's say I get my driving license.
Anand Acharya: So whenever the VC for my driving license is issued at the
same time a revocation ID is generated for that VC. So that revocation ID
is sent to we have a system called revocation service which is within the
Bhutan India system. So that revocation ID is sent to that revocation
services and then we We also send another VC which is hidden on your wallet
as a revocation VC. this revocation ID and VC is linked with your driving
license VC that's already given to So now this revocation ID and the VC
linked is also stored in the original organization's system.
Anand Acharya: And then let's say if it needs to be revoked then they just
go to the VC of that person and say that we are going to revoke this VC and
when we do that it's automatically triggered to that revocation service
that we have that now this revocation VC that was issued with this DPR
needs to be revoked. So then we send a notification to the wallet and then
with that revocation VC which is linked to your driving license internally
it revokes that I don't know…
Will Abramson: Thanks. Janine
Anand Acharya: if I could explain more technically yeah so that's how we
have maintained the revocation Just kidding.
Dan Yamamoto: Mhm. Okay.
Dan Yamamoto: Yeah. Got it. Thank you.
Yen-Lin Huang: Yeah, thank you and it's a amazing project. I am curious
about what's the main reason that the Bhutani shift from the anon to the
polygon or even ethereum mannet. This is the first questions and the second
questions is that what is the exact data that's stored on chain because in
Taiwan we are really concerned of the personal data on chain because in the
future maybe the cryptography will be cracked and…
Yen-Lin Huang: the personal data will leak. So I'm curious about the use
cases in Bhutan. Thank you.
Anand Acharya: Okay. okay.
Anand Acharya: I'll go through the first question. So the hyperledger why
we changed was that earlier when we started the project of course we used
hyper laser and then the portal actually was not credible at that time. We
had used I forgot because before I joined the project. we were using
another platform which of course unfortunately was sunsetting the
developers were not maintaining that anymore.
00:55:00
Anand Acharya: So that's why we had to move to credible and then when we
moved to credible we felt that polygon was right at that time because in
Bhutan I think it's also a bit linked with our policy also in Bhutan most
of the colleges and universities here are working with polygon. So what we
thought was if we move to polygon the future students or people who are
going to maintain this system would be more comfortable working with the
polygon blockchain because the university here blockchain on the system is
been developed on polygon here.
Anand Acharya: So that was one of the main reason actually why we moved to
polygon because of course the credible could still work with hyperledger
indie but our policy maker thought that as a long-term work if the students
who is passing out of colleges are already comfortable with making smart
contracts within the polygon and all those things. We thought that the
future would be in more secure hands. So that was one of the thinking
behind Polygon and for the Ethereum of course Polygon being a side chain
and L2 of Ethereum and there was a thinking that maybe Ethereum with its
what then we thought was that the node maintainer of the polygon is
concentrated in one geographical location and we thought although we are
not abandoning polygon though what we are saying is that it would be
Anand Acharya: if we integrate with the main blockchain Ethereum as option.
So right now what we are doing is whenever we are integrating with the
organization we are giving them two option. Do you want to use polygon as
your blockchain or do you want to use Ethereum as your blockchain going
forward? Because all the VC given through Ethereum is also readable through
any system or issuer that is working on polygon and any VC given to you
through the polygon is also usable on the Ethereum. So we have made it
interoperatable between those blockchain also.
Anand Acharya: So therefore it's not I only going to be either going to be
polygon or Ethereum. It's going to be both for us. So that I hope I
answered that question. and then for the next questions you are talking
about the privacy concern in the blockchain. So actually we don't actually
keep any of the user information on the blockchain.
Anand Acharya: So if you go inside I'll try to show some other slide if I
can just okay okay I'll try to explain through this slide.
Will Abramson: Yes.
Anand Acharya: Can you see So, this is the main slide that I'll try to
explain it through. So, what we do here is of course we don't store any
information of that individual on the registry saying which is a
blockchain. What we do is whenever the issuer gives your information to
you, what the issuer does is that it has that issuer's own public key and
private key. Right? So any information sent to you is encrypted through its
private key digitally signed through its private key and then sent to you
and it also has a did which is going to locate the public key that this
user is going to put in the registry.
Anand Acharya: So what happens is that it has this metadata about its
organization name and all those information along with the public key is
written on the registry let's say if it's road safety authority it's going
to give it has its own public key and private key pair so its public key
will be in the decentralized distributed PKI so it will be sent in this
blockchain and then Whatever information it's sending to you as a user,
let's say your name and your date of birth and ID, it's of course going to
be sent, but then it's going to be digitally signed So what happens is now
on that VC there's going to be a digitally signed information about you
along with the deed where you can find the public key of whoever is the
issuer here. So when the issuer send this information to a verifier, let's
say you store those information to police.
01:00:00
Anand Acharya: police what's going to give is whenever you get this VC on
your site it also have the D locator right so what it's going to do is it's
going to locate your public key in this registry so this public key now
whatever digitally signed has been done now they are going to do all this
digital signature protocol and algorithm and then they are going to compare
whether the information that was sent by the user in I think it's going to
be hash comparison so is it the information sent by the real issuer or not.
So in that way I said we are using the digital signature algorithm and
everything. So that's why there is no actual private data of a user going
to this blockchain. It will always remain within the user's wallet. That's
why we say the locus of control is within the user. So maybe I can drop you
a further details on this.
Anand Acharya: Of course I can give further information about. So if you
want I can give my email id or might be there somewhere. So I can send you
further information on this…
Anand Acharya: if you still want to know how actually we can.
Yen-Lin Huang: Yeah, thank you so much
Anand Acharya: This is my email ID.
Will Abramson: Great. Yeah.
Will Abramson: Thanks.
Anand Acharya: So you can just drop me an email…
Will Abramson: Perfect.
Anand Acharya: if you have further questions.
Will Abramson: Thanks so much, Anan, for coming on. Really fascinating work
you guys are doing over there. and thanks everybody for joining us. So we
are at time a bit over but it was a very interesting session. I hope some
of you at least will join us next week where we have folks from Indonesia
talking about microcredentiing in the Indonesian context. great have a
wonderful day or…
Anand Acharya: Okay.
Will Abramson: evening or whatever time it is for you guys.
Anand Acharya: Thank you Will.
Will Abramson: Yeah,…
Anand Acharya: Thank you Dan and Sorry, I would have gone more in detail
but yeah I thought it would keep it more general generic so that everybody
understands most of the things here.
Will Abramson: this is wonderful.
Anand Acharya: So I've dropped my email.
Anand Acharya: would also be welcoming to anyone…
Will Abramson: Great.
Anand Acharya: who is doing any national ID or digital IT that you want to
integrate with us because we are looking forward to an interoperable system
pretty soon.
Otto Mora: Great work.
Otto Mora: Thank you.
Dan Yamamoto: Cheers.
Anand Acharya: Thank you everyone. Cheers. Have a good day. Bye.
Meeting ended after 01:15:22 👋
*This editable transcript was computer generated and might contain errors.
People can also change the text after it was created.*
Received on Wednesday, 15 October 2025 22:13:49 UTC