eID Forum Partners
Meet our Speaker: Ignacio Alamillo Domingo (Dr.)
Ignacio is a subject matter expert, with more than 20 years of experience, working in the fields of electronic identification and trust services, and their application in the digital transformation of electronic processes, maintaining their full legal and evidential value.
He’s a Doctor in Law (UMU), with an Administrative Law PhD thesis devoted to the legal aspects of electronic identification and trust services, as regulated by the relevant EU eIDAS Regulation and some national laws.
He also holds a Degree in Law (UNED), a Diploma of Advanced Studies (UAB), and a Master in introduction to administrative law research (UAB). He also is a Certified Information Systems Auditor, CISA (ISACA), a Certified Information Security Manager, CISM (ISACA), and he’s Certified in COBIT5 Foundations (APMG) and Certified in ITIL V3 Foundations (EXIN).
Currently, he is a practising lawyer at Reus Bar, an external researcher at iDerTec, University of Murcia, managing partner at Astrea La Infopista Jurídica SL and CISO at Logalty Servicios de Tercero de Confianza SL.
He is involved in standardization activities, including EESSI SG, NIS SG, ETSI ESI and ISO TC 307, and has authored/co-authored more than 75 publications and has delivered more than 400 conferences and courses related to his practice areas.
eTalk: Anchoring trust in Self-Sovereign Identity Systems, aligned with eIDAS Regulation
Compared to previous identity management systems (centralized, based in PKI, federated and user-centric), Self-Sovereign Identity Management Systems (SSI) introduces key benefits: 1) As identity information, and especially credentials, are not stored by a central Identity Provider, SSI reduces the risk of massive identity theft; 2) The SSI “Identity Provider” (the claim/credential issuer) does not intervene in the authentication process, and therefore has no information about the online user activity, reducing the “big brother” risk and GDPR compliance costs; 3) SSI allows the user to decide which identity data to share, with whom, and with which limits and constraints for third parties, even using zero-knowledge proofs; and 4) even if SSI allows revocation of credentials, the base identity (the Decentralized ID or ID) cannot be suspended nor revoked except by the user, ending with “digital feudalism” business models, aligning identity management with GDPR principles. But we still need to identify the “real identity” of a DID subject, in a trustworthy manner, both to issue credentials and to consume them. Thus, we need to define governance frameworks for the usage of SSI in legally binding transactions, where social trust frameworks may not be acceptable in terms of liability or regulatory compliance (e.g. in KYC/AML environments), including the level of the verifiable credential, the DID level, the key management level and the DLT (Blockchain) level. In this discussion, trust anchors, well defined in identity trust frameworks, may be really helpful. Especially when based in a well-defined and tech-neutral Law… such as eIDAS Regulation.
Main goals of this speech:
The role of trust frameworks and trust anchors in Self-Sovereign Identity systems.
Using eIDAS identification means and qualified certificates to create verifiable claims.
Using SSI VC as an eIDAS identification means.