1 of 10

Open Wallet Foundation (OWF) �Wallet Safety

June 6, 2024

Daniel Bachenheimer �Digital Innovations Technical Lead, Accenture

Juliana Cafik �Principal Identity Standards, Microsoft

2 of 10

Agenda

  1. Why Do We Need Safe Wallets?
  2. Safe Wallet Special Interest Group (SIG)
  3. Key Pillars of a Safe Wallet
  4. Discussion

3 of 10

Why Do We Need Safe Wallets?

Hostile �Environment

4 of 10

OWF Safe Wallet Special Interest Group (SIG)��

Community of Interest

Providing Guidance

Focused on 4 Key Pillars

Privacy

Security

Supporting Functions

Governance

Independent of architecture

& use case

Focused on High-Level safety considerations for wallet developers and product managers

5 of 10

OWF Safe Wallet (SIG)

Primary Contributors

  • Andrew Tobin, Digital Wallet Strategy & Innovation, Gen Digital [OWF Safe Wallet SIG Lead]
  • Daniel Bachenheimer, Digital Innovations Technical Lead, Accenture
  • Juliana Cafik, Principal Identity Standards, Microsoft
  • Drummond Reed, Director Trust Services, Gen Digital
  • Tim Bloomfield, Lead Technology Architect, Province of Ontario Digital Service
  • Keith Kowal, Director of Product Management, Swirlds Labs
  • Jorge Flores, Entidad, CO-founder & CTO
  • Sebastian Elfors, Senior Architect, IDnow
  • Stavros Kounis, Enterprise Architect, European Commission
  • Juan Fransisco Tavira, Senior Blockchain Architect, Banco Santander
  • Lal Chandran, Co-Founder & CTO, iGrant.io

External Reviewers

  • OWF Government Advisory Council
  • Digital Identity & Authentication Council of �Canada (DIACC)
  • Consult Hyperion (CHYP)
  • INNOPAY
  • Canadian Jurisdiction (Provincial) Digital Credential Practitioners

6 of 10

Privacy

Holder protection from unwanted observation, tracking and correlation

  • Unique Identifiers: To enhance privacy and security, identifiers that are not tied to individual holders & are shared with explicit consent
  • Issuer/Verifier Collusion: Ensure that Issuers and verifiers are not able to track VC usage (i.e. to avoid building user profiles)
  • Privacy Enhanced Transactions: Support Selective Disclosure & Zero Knowledge Proofs
  • Notice & Consent: Present clear notice to enable auditable and informed consent with Trusted Issuers, Verifiers & Relying Parties

7 of 10

Security Considerations:

  • Security by Design
  • Secure by Default
  • Software Security Controls (i.e. NIST 800-53 & OWASP Mobile Application Security Verification Standard/MASVS)
  • Software Bill of Material (SBOM)
  • Software Development Best Practices and Software Assurance Models (i.e. NIST 800-218 & OWASP Software Assurance Maturity Model /SAMM)

Security

The practice of implementing measures to safeguard

against harm

8 of 10

Supporting Functions

Mechanisms specific to the wallet that enable,

or support, external party processes such as:

  • Holder Binding
  • Wallet locking & Unlocking
  • Back-up and Restore
  • Credential Management
  • Presentation Protocols
  • Key Management
  • Authentication

9 of 10

Governance

  • Regulatory Compliance
  • Auditability
  • Accountability
  • Attestation / Certification

Technical and standards-based implementation(s) to solve Regulatory, Policy, Compliance & Risk-Based Challenges

Wallets sit at the confluence between Counterparties who engage in transactions & Relying Parties who depend on digital identity information from trusted sources to provide services.

They may be subject to multiple requirements from both for:

10 of 10

We want your feedback!