In September of 2022, the Linux Foundation (LF) announced its intent to launch the Open Wallet Foundation (OWF), — a new collaborative effort to develop open source software that anyone can use to build interoperable wallets supporting a wide range of wallet use cases. After working with a number of enterprises, nonprofits, academic institutions and government entities to organize the effort, the Linux Foundation Europe announced the official formation of the OWF on February 23, 2023.
“The OWF will not publish a wallet itself, nor offer credentials or create new standards,” said the announcement. “Instead, its open source software engine aims to become the core that other organizations and companies leverage to develop their own digital wallets. The wallets will seek feature parity with the best available wallets and interoperability with major cross-border projects such as the EU’s Digital Identity Wallet.”
At the same time, the OWF in partnership with LF Research released a new report, “Why the World Needs an Open Source Digital Wallet Right Now.”
“As our world becomes increasingly digitized, the same holds true for everyday assets,” said Daniel Goldscheider, Founder of the OpenWallet Foundation, in the report’s Foreword. “From money to credentials for identity, academic achievements or your driver’s license, information is manifesting itself as digital tokens requiring secure and interoperable infrastructure as never before.”
“Digital wallets will permeate all facets of society, at the government, enterprise, and peer to peer level,” he added. “Institutions of all kinds will face the need to issue, secure, trade, and store emerging classes of digital assets, including Central Bank Digital Currency (CBDC), securities, health and academic credentials and other types of cryptoassets, with an aim to creating trusted digital marketplaces and increasingly trusted institutions. The digital wallet could become the most important tool ever for asserting control and engendering trust in our digital lives.”
Digital wallets are generally defined as an app in our mobile devices where we store the digital versions of the items that we carry in our physical wallets. The basic idea of a digital wallet is pretty simple: “a thing where we put our stuff.” But while seemingly simple, digital wallets are in fact quite complex, poorly understood, and raise a number of important questions: what precisely is that thing; what stuff do we put into it; what do we do with it; how does it work?
According to the report, a digital wallet is a container where we can store and access various kinds of useful digital assets. At a minimum, a digital wallet should support three main kinds of functions:
- Making payments: debit, credit, and gift cards; Apple Pay, Google Pay, Alipay; Central Bank Digital Currencies; cryptocurrencies; …
- Identity credentials: driver’s license, passport, birth certificate, work badge, health cards, loyalty cards, …
- Access to important items: passwords, tickets, receipts, health records, keys, warranties, academic credentials, crypto assets, NFTs, …
The wallet should include a set of software components, called agents, to securely manage its digital assets on our behalf. Agent services include processing the items in the wallet, putting them in and taking them out, exchanging messages, encrypting/decrypting information, and providing easy-to-use interfaces to its users. “While the wallet is the container, the agent is the mover and shaker.”
Hundreds of digital wallets are already in existence. While they each took thought and effort to create, they generally suffer from a number of drawbacks.
Vendor lock-in with no interoperability. Nearly all existing digital wallets only work with one specific institution, such as a payment system, a merchant, a bank, a currency exchange, or a company. A lack of open standards means that the information in our wallet is effectively held hostage because we won’t be able to move it around. “This is a textbook example of vendor lock-in. When we can’t move our data, we can’t choose between competing products. And without any interoperability, we need a separate wallet for every function.”
Questionable security. Hackers use a number of methods to attack digital wallets. “When they win, everyone else loses — wallet holders, merchants, banks, and insurers.” The report cites two sobering statistics: e-commerce fraud, — much of it committed against digital wallets, — was over $40 billion in 2022 and is expected to continue rising in the years ahead; and cryptocurrency crime involving digital wallets was $14 billion in 2021. Wallet developers need to work hard to stay ahead of cybercriminals.
Intrusive business models. Wallets collect valuable data on our consumer behavior, potentially compromising our privacy. We need assurance that our digital wallet isn’t sending our personal data to an entity that we haven’t agreed to share it with. In addition, wallets can extract hidden fees from transactions without our knowledge.
Black-box design. “Hundreds of wallets have been coded by someone, somewhere, but we don’t know exactly who or where; … if you can’t see how a product works, you can’t tell how good it is or whether you can trust it.”
Limited capabilities. And, because nearly all wallets perform just one function, we can’t do much with most digital wallets. We need a separate wallet for each of our payments, for each of our identity credentials, and for each of our digital items. And that means that we have to learn how to deal with several different wallets that don’t talk to one another and have different user interfaces.
“Digital wallets are becoming the interface to our entire digital lives,” notes the report. “But today’s early-stage wallets are incompatible and non-standardized.” The report reminds us that this was the case with early stage browsers during the so called browser wars of the 1990s, when browsers from different vendors were similarly incompatible and non-standardized and threatened to fracture the fast growing World Wide Web. The threat brought everyone to the table under the auspices of the World Wide Web Consortium (W3C), where they adopted a core set of standards that ensured interoperability.
“Yesterday, we made the right choice,” adds the report. “Many organizations worked together to unleash a monumental wave of innovation on the web. Today, we must do that again. Many organizations must work together to unleash a new wave of innovation in digital wallets.”
While it’s too early to define the specifics components that should be part of a wallet stack, — e.g., agents, plug-ins, functional modules, — there is general agreement on the design principles that should guide the development of an OWF software engine. These include:
- Portability: “Users can freely move assets, credentials, documents, and any other data between any wallets based on the OWF engine”;
- High security: “User assets, credentials, and all other data are protected against malware and hackers, and updated quickly as criminals come up with new tactics”;
- Privacy-preserving: “User’s digital identities are only selectively disclosed as needed”;
- Standards-based: “OWF supports all relevant standards for all layers of the wallet stack”;
- Interoperability: “Any wallets based on the OWF engine can quickly and securely exchange data”; and
- Multi-function: “Developers create proprietary plug-ins and interfaces on top of the OWF engine.”
“Open source – driven by collaboration among for-profits large and small, non-profits, and government leaders – is a great role model for infrastructure that is vital for digital societies and benefits everyone,” said OWF founder Daniel Goldscheider. “With open source at the core of wallets, like it is at the core of web browsers, anyone can build a digital wallet that works with others and gives consumers the freedom to maintain their identity and verifiable credentials and share relevant data when, where, and with whom they choose.”
Comments