On September 13, the Linux Foundation (LF) announced its intent to form the Open Wallet Foundation (OWF) at its Open Source Summit Europe in Dublin. The OWF aims to develop open source software, key building blocks, and best practices that anyone can use as a starting point to build multi-platform, highly secure, privacy-protecting digital wallets. In addition, the OWF will advocate for the wide adoption of open source wallets that can be used to support a wide variety of applications, from payments to digital identities.
The LF was originally founded in 2000 as the Open Source Development Labs to help set the standards for the Linux operating system and support its continued development and commercial adoption. It grew over the years and assumed its current name, Linux Foundation, in 2007. Over the past decade, the LF has undergone a major expansion beyond its original Linux mission. It now has over 1,260 company members and supports hundreds of open source projects. Some of the projects are focused on technology horizontals, - e.g., AI, blockchain, security, cloud, - and others on industry verticals, including energy, automative, government, and health care.
Let me attempt to explain the importance of this announcement by addressing three key questions: what is a digital wallet?; what are digital identities?; and why do we need standard-based, open source digital wallets?
What is a digital wallet?
Digital wallets are generally defined as an app in our mobile devices where we store the digital versions of the items that we carry in our physical wallets. These include digital credit and debit cards and other financial information that enable us to make contactless payments with our mobile devices. They are also used to store and organize a variety of widely used everyday items, including merchants’ loyalty cards, plane tickets, hotel reservations, driver’s license, vaccine information, and event admission tickets, as well as digital versions of physical keys that can be used to get into our cars, homes, workplace, and hotel rooms.
Digital wallet apps are offered by a number of vendors, including Apple, Google, and Samsung for their respective mobile platforms, as well as payment companies like PayPal, Venmo, and Zelle. A secure multi-purpose open source software engine would provide a common open source code base as a starting point for anyone striving to develop interoperable, secure, wallets that include state-of-the-art wallet technologies as well as the standard interfaces needed to develop a wide variety of wallet-based applications.
But, beyond their current applications, digital wallets are increasingly being used to authenticate our individual digital identities and other important personal credentials. As a result, universal digital wallets will play a critical role in enabling us to carry our digital identity from place to place in the digital world. And, over time, they will be supported by all the personal devices that we use to interact with the digital world, including smartphones, laptops, desktop computers, wearable technologies, and IoT devices embedded in physical objects like our cars and homes.
What are digital identities?
Identity plays a major role in everyday life. Think of going to an office, getting on a plane, logging in to a website or making an online purchase. Identity is the key that determines the particular transactions in which we can rightfully participate as well as the information we’re entitled to access. But, we generally don’t pay much attention to the management of our identity credentials unless something goes seriously wrong.
For much of history, our identity systems have been based on face-to-face interactions and on physical documents and processes. But, the transition to a digital economy requires radically different identity systems. In a world that’s increasingly governed by digital transactions and data, our existing methods for managing security and privacy have not worked so well. Data breaches, large-scale fraud, and identity theft are becoming more common. In addition, a significant portion of the world’s population lacks the credentials needed to safely participate in the digital economy. Our existing methods for managing digital identities have been far from adequate.
As explained in A Blueprint for Digital Identity, a 2016 report by the World Economic Forum, identity is essentially a collection of information or attributes associated with a specific individual. These attributes fall into three main categories: inherent - attributes intrinsic to an individual, - e.g., age, height, date of birth, fingerprints; assigned - attributes attached to but not intrinsic to the individual - e.g., e-mail address, telephone numbers, social security, drivers license; and accumulated - attributes gathered or developed over time - e.g., job history, home addresses, schools attended.
Better Identity in America, a 2018 report by the Better Identity Coalition, noted that “the ability to offer high-value transactions and services online is being tested more than ever, due in large part to the challenges of proving identity online. The lack of an easy, secure, reliable way for entities to verify identities or attributes of people they are dealing with online creates friction in commerce, leads to increased fraud and theft, degrades privacy, and hinders the availability of many services online.” Such incidents have significantly increased in the past few years given the accelerated digitalization of economies and societies since the advent of Covid.
Why do we need standards-based, open source digital wallets?
Not surprisingly, safeguarding our individual digital identities is one of the top objectives in the continuing evolution of the internet over the next decade. This evolution is increasingly referred to as Web3, with Web1 being the original internet of the 1990s and early 2000s, followed by Web2 in the mid-2000s, which over the years became highly centralized and dominated by a small number of global superstar companies.
“In the Web 2 paradigm, third parties like banks, social media companies, and digital conglomerates give us our identities and allow us to access their services,” wrote Alex Tapscott in his recently published book Digital Asset Revolution. Web 2’s Faustian bargain was signing our own data over to these intermediaries (via their terms of use and service). We gave them rights to use our data for their own gain, and they undermined our privacy in the process. We never get to own our identity. Rather, we simply rent it in the walled gardens.”
There is general agreement that this is a serious issue to the future of the internet. As a result, self-sovereign identities have emerged as one of the top Web3 requirement. “Anonymous single-sign-on will allow one username and authentication method across all web sites and accounts, rather than individual logins for each site,” wrote IBM Fellow Jerry Cuomo in Think Blockchain. “This login would not require you to relinquish control of sensitive personal data.”
In our present service centric system, an individual’s identity is tightly bound to the particular service, website or application they wish to access, thus requiring a separate user ID and password for each of them. But in a self-sovereign system, individuals own their self-sovereign identities, which they would carry around in their personal digital wallets across all their devices. And, only they get to decide who is allowed see their identity credentials and what information the service providers are entitled to see. This enables individuals to access services over the internet in a highly secure manner while maintaining control over the information associated with their identity.
As part of the launch of the Open Wallet Foundation at the Dublin meeting, OWF leader Daniel Goldscheider held a roundtable with representatives of companies and standards organizations that have already committed to be part of OWF. Companies included MasterCard, Visa, Microsoft, and Accenture, and standards organizations included the OpenID Foundation, the Trust over IP Foundation, the Open Identity Exchange, and Ping Identity. They all pretty much said that they joined the OWF because open wallets are necessary as the key platforms on which to build universal digital identities. But, since using cryptographic-based self-sovereign identities are likely to be quite complex for the vast majority of users, it will be up to our digital wallet software to carefully manage these complexities and hide them from the users.
Let me conclude with my personal view of the role that universal open wallets are likely to play in the history of the internet. Let’s remember that the internet is a network of networks, originally composed of different networks that in the 1980s agreed to adopt a common set of TCP/IP protocols and other standards overseen by the Internet Engineering Task Force (IETF). Then during the so-called browser wars of the 1990s, different companies were developing their own browsers, whose incompatible features threatened to fracture the fast growing World Wide Web, until all browser developers agreed to the standards set by the World Wide Web Consortium (W3C).
As we now move toward Web3 and the promise of a secure, privacy-protecting internet, open wallets and universal digital credentials will join open, standards-based TCP/IP and Web protocols as major milestones in the history of the internet.
Comments