Identity Wallets & eIDAS 2.0

Episode 266

State of Identity Podcast


Episode 266

Identity Wallets & eIDAS 2.0

What role will public vs. private institutions play in the rollout of eIDAS 2.0 wallets? On this week’s State of Identity podcast, host Cameron D’Ambrosi is joined by Marcel Wendt, CTO & Founder of Digidentity. The duo discusses the looming impact of eIDAS 2.0 on digital identity globally, how to keep data secure when verifying the identity of individuals and businesses online, and the European Union’s clear vision for where digital identity is headed.


Cameron D'Ambrosi, Managing Director at Liminal


Marcel Wendt, CTO & Founder of Digidentity


Share this episode:

Cameron [00:00:04] Welcome everyone to a State of Identity. I’m your host, Cameron D’Ambrosi joining me this week is Marcel Wendt, CEO and founder of Digidentity. Marcel, welcome to the podcast.


Marcel [00:00:15] Thank you.


Cameron [00:00:16] It’s so exciting to have you here. You know, I think digit entity is at the heart of so many questions that we’re getting from across the space around this intersectionality of, you know, government led identity initiatives, private sector relying parties. So I think it’s a very timely conversation. Really excited to dove in deep with you about some of your thoughts on kind of the current and future state of where we can expect this digital identity market to go, especially on the European continent, which I think is is a hotbed of activity in the space right now. But before we get into all of that, I want to hear a little bit about you, a little bit about your background. You know, for our guests or rather for our listeners who have not been acquainted with you with digital entity, would you mind sharing a little bit about your background, how you came to found a digital entity?


Marcel [00:01:13] Yeah, of course. I founded 14 years ago the company. This is my ninth company and third one that really succeeded. It’s a technical background. I’m an electrical engineer. I’ve built power plants, nuclear power plants, waste incinerators. And after the business, I went to the mobile business for a couple of years. When I sold that company, I founded this one and it was really at that time, my markets were still little. And I thought, OK, if the internet is really becoming important in their life and their identity needs to be protected because it’s it’s in the whole internet design, we know that it’s it’s not perfectly identity protected there, and especially with some social media companies, it’s even getting worse. So I thought, OK, let’s do something good for my kids when they grow up and build a better identity and. Now, a couple of years later, with 100 people in the company, it’s a it’s a it was a big, big success of a small hobby project.


Cameron [00:02:25] That’s amazing, I think in in many regards, you know, some of the best ideas come out of, you know, a passion project as opposed to something that someone has spun up purely to to seize an economic opportunity. That being said, oftentimes they they turn into fantastic economic opportunities as well. But you know, it’s hard to it’s hard to put a dollar value or a price on that passion. Moving to, you know, the digital entity platform itself. Obviously so much to unpack and and looking forward to going deep with you here. But at that high level, at a 15000 foot level, you know, when when you meet someone at a cocktail party back when cocktail parties were a thing and they ask you what you do, you know what’s a quick summary to get folks up to speed who might not be familiar with the platform?


Marcel [00:03:10] That’s the hardest point. And normally because nobody so I tell them, I create a digital you so your your personal or your passport is done a digital passport where you can easily prove yourself online to two other companies. And for most people, it’s completely not interest to have a digital identity, because especially it changes the last couple of years. But in the past it was, yeah, why do I need that? What we do is you create an account with us and we prove it’s it’s you can see it as a self-sovereign identity. So you, you claim who you are. But then we’re going to prove it with with government documents and you get the profile match and you can prove yourself completely online and in our app. And from there, you can use your identity to log in by other companies, government agencies, but also private companies. But you can also sign documents with it. And that’s the interesting, interesting part, especially when COVID came into our lives and document signing a specially qualified document signing becomes very important.


Cameron [00:04:31] Yeah, I mean, it really is. It’s a perfect illustration of all of the myriad applications for digital identity, as well as the critical importance of digital identity. You know, I face many of the same challenges as you. And when you’re, you know, you talked about, the hardest part is that initial explanation of like, OK, digital identity. What do you mean? You know, in some ways, I always like to flip it around on people and say, Well, why don’t you tell me what you do? And I’ll tell you why? Digital identity impacts your life. You know, if they talk about a sales guy, I don’t know. I sell. I sell bicycles. How are you identifying customers that come into your pipeline as leads? How are you tracking them through your CRM? How are you having your customers pay for them? How are you validating the addresses of the people you ship to? How are you executing the contracts that you signed with your suppliers, right? Digital identity kind of underpinning all of those different elements of that lifecycle and in some ways that it helps, you know, break it down into some more digestible bits.


Marcel [00:05:37] Absolutely. It also depends who’s asking. I always refer back to 18 on alert when Napoleon was here and he invented code Napoleon. And here in Europe, everybody was forced to register on on a ledger, not a blockchain ledger, but a paper ledger. And in these countries, we are Napoleon was was really running the countries there. People are used that they have an identity, what’s registered by the by the state. And that was the first I opener it for myself. Based in the Netherlands, when we were having a big project with the UK government that it was not normally in the UK that people were on the ledger. So it’s also the background is very important, and


Cameron [00:06:31] I think we’re entering one of the most impactful decades in terms of digital identity ever. You know, obviously the march of technology is going to continue forward. But in terms of what is coming down the pike with, you know, Eda’s 2.0, the increased role of issuing authorities in digital identity, I think we’re going to see some rapid rapid changes in terms of how these identities are handled by relying parties, what that relationship is with those relying parties in the sense of the government. You know, I certainly have my thoughts and theories and would love to to share those but don’t want to kind of taint you or or step on some of your thoughts. So at a high level. And obviously, this is going to be the thrust of our con. Asian here. You know, what are your expectations as someone who is is deeply involved in this European digital identity ecosystem? Are you excited about ideas? Are you hopeful for it? Are you concerned that it’s going to present some challenges like, you know, what are we set to see from this impact that a new ideas framework is going to have on this ecosystem?


Marcel [00:07:48] Yeah, I’m really looking forward to it because I think after 14 years being in this space, creating this company, it’s finally going to happen what we try to do for many years now, and we will face a lot of challenges. But yeah, that’s a nice thing of of running such a company. Now it is 1.0. We are one of the notified identity providers in that framework. It’s only used for government and somebody that’s living in the Netherlands is not using his identity by the Italian government. So you’re able to log in there. But yeah, why should I? So this will be a handful people living around the border of of countries that will use it. You are this 2.0, that’s they made. The infrastructure will be completely different. It’s more looking to verifiable credentials to the new W3C standard, but also you can use it in the private sector much more easy. So today, the UK and the Dutch frameworks you can use in the private sector, but with a lot of hurdles and especially with the 2.0 version of this, it’s much more easier to use it in in the private sector space and then. Companies like Amazon, Bolt come the Dutch, Amazon and that kind of companies there will be more interesting to use these identities as well, and that will make complete on a business case in this ecosystem.


Cameron [00:09:26] I think we’ve seen some maybe bifurcation is the wrong word, but a deviance of opinions in terms of what you know, an IDC framework means for a lot of the players in the ecosystem now that currently, you know, are relying on document based scanning or interfacing with kind of physical notions of identity that then become digital identities, you know, what does it mean for the companies that are currently serving to bridge this physical digital divide? If we move to this paradigm where there is a government supported digital native digital identity as it were? What does that mean for the ecosystem? You’re obviously very bullish. You know, is your contention that even though we will not necessarily need this interface layer to do something like scan a passport, scan a driver’s license to turn that into a digital identity that most companies that need to serve as relying parties to ingest these digital identities are going to want a partner like digital entity to handle all of the nuance and relationships across markets that it is going to present, and that they would look to find an interface layer for these digital identities as opposed to building it themselves internally.


Marcel [00:10:48] Yeah, absolutely. So there will be a big change in the ecosystem. So you have a couple of companies that are great in scanning your document, your driving license, passport, identity card or scanning the chip. We even use these companies into into our own ecosystem. But then you need to create a persistent identity and identity wallet. So your credentials, your verified credentials, are living in that wallet. And that wallet can be a blockchain version, but it can still be a centralized one where you only derive credentials from your your base credentials. But it will be a persistent identity. And most companies nowadays using these documents scanning purposes again and again and again and again for every transaction. And that will completely change if everybody in Europe has an identity wallet on their phone or what kind of device, whatever it will be in the near future. Their model needs to be changed rapidly.


Cameron [00:11:58] Yeah, I think that is a great way of putting it. You know, we are in the first inning or, you know, first half pick your your soccer baseball analogy of this game. And I think most enterprises just do not really have a fully cohesive strategy for how they’re looking to to handle these, these seismic shifts, as it were when you’re talking with your customers. I take it that, you know, you shared your excitement about ideas. It seems like it really is a win for everyone across this ecosystem because, you know, businesses right now in many ways, you know, the externalities created by a lack of a fundamental digital identity layer. Those costs are being borne by the relying parties, right? They’re the ones eating the fraud, suffering the losses, allowing, you know, account recovery or account takeover by imposters using forged or or stolen identity documents impacting the customers of these businesses in such a negative manner. Are our customers the feedback that you’re getting from your customers? Are they equally as excited about the shift to this new paradigm?


Marcel [00:13:10] Some, yes, some still don’t understand the ecosystem how it will look like because they just get used to using persistent identity in the first place. So this is already the second iteration of that. But I think more and more people really will understand it, especially. Because of COVID hit our lives with the document signing, did everybody realize, OK, the normal document signing where you reply on an email address is not really legally binding in Europe, so you need qualified signing for it? Our customers realized that if they onboard their client with a qualified signature to sign a document. In the same time, they did the KYC from that customer. And now they’re starting to realize, OK, now I understand why they need the digital identity for them because it’s not only the qualified signature, which you can do your electronic document signing, but it is also directly the KYC to know your customer bits that they are need to do by law. So that will impact their. Whole journey and compliance, what it will make will make them much more easier for them.


Cameron [00:14:28] Yeah, I think that’s that’s a great piece of feedback and you know, I think the other the other facet that maybe goes a little bit underexplored is this notion of digital identity as a competitive moat. You know, if you are the biggest fish in the pond and you have invested, you know, in what’s often, you know, call it a billion plus dollars in building out these customer databases, the ability for your competitors who may be much less well capitalized to immediately be able to onboard just as many people as you. With limited budget facilitated by ID. You know, I can see why that might be a little bit of a cause for alarm among some of these players, because low friction portability of identities in some ways has helped to keep people inside of platforms that they otherwise might leave due to the high cost of switching. Obviously, it’s going to lower those barriers. I think net net obviously a tremendous positive, but I think that does explain why there might be some reticence and in some quarters to the expansion of the ID playing field.


Marcel [00:15:41] Another topic where we really need to take care of when we are going to implement this yard is 2.0 framework is we’ve seen that both in the Netherlands and the U.K., where we bought around 8000 users a day, that people with a thin file so they don’t have a document from government are not able to get a digital identity as well. So. Inclusion, inclusiveness, we really need to take care how we take everybody into the to the digital space.


Cameron [00:16:14] So you know what is next for digital entity in terms of this path forward, in terms of whether it’s technologies, verticals you know, would love to hear your thoughts on and what is exciting to you and and where you think there is still, you know, opportunity to be had in the digital identity space more broadly.


Marcel [00:16:34] Yeah. So we are very exciting that we we have some new big relying parties in India, in the U.K. and, for example, pension dashboard that’s going to use our identities. And our next step is really to look to these ecosystems in the housing area, but also in pension insurance industry to combine different relying parties together so that they’re going to re-use this identity in their ecosystem. Certainly not if you buy a house. For example, if you sell a house, you need to prove your identity to different verticals in that ecosystem. The challenge for us is that really, these parties are going to re-use these identities. We already have an I.D. wallet. And what are we going to do now? What what the challenge for us is, is to be. One of the front runners in the yard is 2.0 framework, because we have already onboarded millions of users in our ecosystem and we want to give them an air, does 2.0 wallet assume are the specs are available and that will be our challenge. And for the rest to make Kiwis disqualified? Electronic signatures much easier to consume in third party apps as well. So we’ve built and complete SDK. We’ve just signed a contract with a big bank outside of the Netherlands that’s going to use qualified signatures in their app. And the challenge for us is to be compliant in every area and to make it as much as easy for the consumer to consume because it’s very difficult technology underneath it, and we need to make it as simple as possible for the end user.


Cameron [00:18:34] When we see these end users coming into these systems, I think we’ve had a big debate in this country around the use of technologies like biometrics, whether it’s one to one or one to end biometrics. You know, what are your thoughts on what we can expect to see in terms of the technologies that are going to secure these next generation IDs and and where and how they should be deployed? I think in the the dialog in the U.S., one of the consistent refrains against the adoption of, you know, more centralized, if you will, digital identity system with officially issued digital identity credentials that can be tied back to a source database. Ah, you know this notion of, oh, you’re creating a honeypot, you’re putting all your eggs in one basket? I think there’s plenty of arguments to refute those statements, but without going into all that, you know, what are you seeing in terms of which technologies are going to be deployed to to serve as authentication mechanisms that go beyond, you know, kind of legacy username and password technology to keep these IDs safe and secure?


Marcel [00:19:45] Yeah. So I think it will be a mix between different identity providers. First of all, there is a need of different identity providers with different technologies, and this should not be one big honeypot. See, does a bank you trust your bank to store your money, but you have a choice between different banks and there need to be a choice between different identity providers. It shouldn’t be one big ditch identity that that having billions of of users in there, it should be a marketplace. Second, it will not be. I like blockchain, but I’m not a real fan of blockchain only identities because we’ve seen also a lot of fraud. And every year we see around a couple of 10000 users trying to commit fraud, and we can see that because it’s centralized. If a decentralized, you can track this fraud. So you need to have measures in place where you can detect that it will be mixing technology between blockchain and centralized to keep it really safe for everybody. So it will be a mixed landscape and also mixed technology there.


Cameron [00:21:04] Do you have specific thoughts or or feelings either way about the the use of technologies like biometrics for these applications? I think my perspective is there are justified concerns around accessibility and making sure that all you know, this is a government deployed system. You need to make sure that all government citizens have the opportunity to access these platforms, even if they maybe don’t have the smartphone required, for example. But my concerns are primarily around accessibility and equity, as opposed to fundamental suspicion around, you know, the use of biometrics itself, but would love to hear your thoughts.


Marcel [00:21:52] Yeah, it’s how you how you use the biometrics. We use it during the onboarding and then forget everything from you after onboarding. Besides things we need to to store, of course, because we need to prove to the auditors that we’ve done a good job there. So I think biometrics and it’s also biometrics on a phone or an iPhone or Android phone are not really biometrics or it’s it’s convenient because you don’t see on the fingerprint who it is. You can only connect it to to and a foul or to a record to. It is but the fingerprint itself, you can’t use it out of the iPhone, for example. So you need to to put on our biometrics in place for onboarding. And we do that, but don’t store that profile of of your Face ID to date in into databases. So the next time you prove yourself, you do it with a PIN code, for example. We find that more and more safe than than using your face and storing your face again. There will be also for everybody because it’s a government deployed and we need to be multiple identity providers so other identity providers will jump into different niche markets than than we are. We are really focused on the mobile phone, remote onboarding. We are the only one in Europe that’s notified and allowed to do a remote onboarding on the ice level. We can do that in five minutes and there will be be different companies who do a whole manual process to help elderly people to onboard as well.


Cameron [00:23:32] Yeah, I think that’s exactly right. Like in addition to those, you know, constraints around equity, just making sure that, you know, people from all age cohorts are able to use these technologies, this is a key consideration as well. And I do, you know, being in Europe, I think the benefits of the very robust, you know, GDPR regulations around personal data storage are a nice, you know, guard guardrail to to have in place as well. You know, here in the U.S., we don’t necessarily have as aggressively stringent data privacy regulations, which I think make people more concerned around, you know, modalities like biometrics being used now. So we are coming up on time here, but I did want to save a little time to ask you. My signature question, which is to take out your magic crystal ball and make some predictions for the future. You know, what do you see coming down the pike here in the next one to two years in the digital identity space and would love to hear you put a marker down?


Marcel [00:24:36] That’s a difficult question. I’ve invented a cloud based qualified signing 10 years ago, and it’s going to use me today, so that took 10 years. Um, I think the next two years, we’re really going into VR, this wallet structure. It’s going very rapidly because some of the technology’s already used today in the cove with QR codes that’s used in Europe and the same technologies already used there. So I think that will be. Going very rabbit, how that E.R. does what is it going to to deploy it in different member states? Another exciting thing what I sees coming up. I’m also involved in the gang initiative from OKC’s and there will be a connection between gain and the ideas wallet. So there will be interoperability between Europe and the U.S., Canada and Australia, of course. So I think. In two years time, we are making a big jump forward. We are we already waiting for for the last 10 years. It’s really going to happen now. That’s my feeling.


Cameron [00:25:57] I hope that we can bring about the change we want to see in the world and usher in this new era of digital centric identity. So thank you so much for your time. Really excited to have had this conversation with you and looking forward to staying in touch and and hopefully circling back with you as Ida’s 2.0 kind of makes its way through the European Commission and, you know, becomes force of law and and check back in on some of these impacted set to have.


Marcel [00:26:24] You’re welcome. Was nice talking to you.

Explore The Podcast Library

Episode 343

In the latest State of Identity podcast, hosted by Cameron D’Ambrosi, we’re joined by Laura Spiekerman, co-founder and president of Alloy, a global identity risk solution for financial services and a Liminal 2023 Company to Watch. We’ll discuss its pioneering role in the orchestration-centric approach to Digital Identity in Fintech. Spiekerman delves into the challenges Alloy addresses in the fintech space, where compliance and fraud often hinder innovation. Join us to explore the evolving landscape of digital identity in Fintech, trends in fraud prevention, and the critical intersection of customer experience and security.

Episode 342

In the latest episode of the State of Identity podcast series, we delve into the ever-evolving world of customer identity and access management (CIAM). Join host Cameron D’Ambrosi from Liminal as he sits down with Brian Pontarelli, the founder and CEO of FusionAuth, to explore the exciting developments and challenges in the realm of passwordless authentication, user data management, and the quest for seamless transitions in the digital landscape. Bryan shares his expertise and unique perspective, shedding light on the fascinating journey of FusionAuth and its pivotal role in this dynamic landscape. Tune in for a thought-provoking discussion that promises to expand your understanding of CIAM and its critical role in the modern enterprise.

Episode 341

Tune in to the latest episode of the State of Identity podcast series, where Data Security expert Shane Curran, Founder and CEO of Evervault, dives deep with host Cameron D’Ambrosi into the intricacies of data security. Discover why basic encryption methods aren’t enough, understand innovative data security strategies that ensure functionality, learn how encryption safeguards AI model training without compromising customer data, and grasp the significance of prioritizing current cybersecurity threats over quantum computing concerns.

Episode 340

In the latest episode of the State of Identity podcast, host Cameron D’Ambrosi is joined by Gadalia Montoya Weinberg O’Bryan, an ex-NSA crypto mathematician and the Founder and CEO of Dapple Security. Learn about Gadalia’s remarkable journey from the National Security Agency to the forefront of identity-focused cybersecurity. Learn about the limitations of current passwordless approaches, particularly in scenarios involving lost or stolen devices, and delve into the crucial distinction between authenticating the user behind the device rather than the device itself. Gadalia introduces Dapple Security’s unique solution, which involves generating an on-demand passkey using a user’s fingerprint—emphasizing the company’s commitment to user privacy by avoiding the storage of biometrics on the device or in the cloud—and how this approach is a key element in enhancing overall security posture.

Episode 339

In this episode of the State of Identity podcast, host Cameron D’Ambrosi talks with Eric Olden, the co-founder and CEO of Strata Identity. Join us as they discuss the challenges faced by today’s multi-vendor/multi-cloud enterprise technology landscape and how forward-looking executives view identity as an opportunity, not a cost center. They also delve into the importance of moving towards passwordless authentication and the role of identity orchestration in addressing these challenges.

Episode 338

In this episode of the State of Identity podcast, Liminal host Cameron D’Ambrosi and Justin McCarthy, the co-founder and CTO of StrongDM explore the dynamic landscape of digital identity and access management, addressing the challenges and trends that shape the industry. They talk about what it means to move towards a “credential-less” world and discuss the complexities of authentication, authorization, and the role of proxies in bridging old and new technologies. McCarthy highlights the imperative for convergence among various tools, including the essential role of AI, providing a unified approach to access control, governance, and policy enforcement.

Filter by Content Type
Select all
Case Study
Filter by Category
Select all
Customer Onboarding
Fraud and Risk
Growth Strategy
Identity Management
Market Intelligence
Transaction Services