The Digital Identity Wallet paradigm refers to a new architecture in Identity and Access Management (IAM) that improves confidentiality and grants complete control and ownership over the personal data by their owner, the User. Thanks to this new paradigm, the IT-Wallet System allows Users to maintain full control in the management and use of their data for access to services provided by Public Entities and Private Entities.
The main difference between this new approach and the traditional IAM infrastructure is that data presentation doesn’t require intermediaries between the Wallet Instance and the Relying Party, while in the SAML2 or OIDC based infrastructure a Digital Identity Provider is always involved, knowing which services the User is accessing to.
Digital Identity Wallet Architectures are significant in the field of data exchange and data governance. This new digital identity paradigm is designed for Users - be they citizens, Public Administrations, or private organizations- who want to access services using their national authentication systems.
The main roles in the Digital Identity Wallet ecosystem are listed as follow:
- Issuers: parties who issue Digital Credentials for Users;
- Verifiers: parties who request Digital Credentials from the User for Authentication and authorization purposes;
- Holders: individuals who own a Wallet Instance and have control over the Digital Credentials they can request, acquire, store, and present to Verifiers;
- Verifiable Data Registries: authorities that publish certificates, attestations, metadata, and schemes needed for allowing the trust establishment between the parties.
In this model, the credential issuer (e.g., an educational institution) provides Digital Credentials to the User, who can store them in their Wallet Instance. The Wallet Instance is typically provided as a mobile application on the User's smartphone.
Other key elements that characterize this new Digital Identity Wallet paradigm include:
- Confidentiality and control: Wallets enable individuals to maintain control over their personal data. They can choose what information to release, to whom, and for what purpose in line with the Self Sovereignty Identity (SSI) approach;
- Security: Wallets leverage cryptographic mechanism to ensure the integrity and security of identity information. It avoids the risk of identity theft, fraud, and unauthorized access since the data remains under the individual's control;
- Interoperability: Wallets promote interoperability by enabling different systems and organizations to recognize and verify identities without relying on a central authority. This allows for seamless and trusted interactions between individuals, organizations, and even across borders;
- Efficiency and cost reduction: individuals can easily manage their own data, avoid the need to manage multiple identity credentials and overcome repetitive identity verification processes. This can streamline administrative procedures, reduce costs, and enhance the User Experience.