Let’s talk about digital identity with Rachelle Sellung and Alberto Miranda García, representing the LIGHTest Project.
As the successful three-year LIGHTest project draws to a close, Oscar talks to two key team members – project lead, Rachelle Sellung, also of the IAT University of Stuttgart, and project partner Atos representative, Alberto Miranda García. They discuss the idea behind LIGHTest, what it’s all about, specific use cases of the infrastructure, and the project’s achievements at its completion.
[Scroll down for transcript]
“Are you sure you’re doing the transaction with that person? Is that person a trustworthy counterpart in that transaction?”
LIGHT est = Lightweight Infrastructure for Global Heterogeneous Trust management in support of an open Ecosystem of Stakeholders and Trust schemes.
Rachelle Sellung is a Senior Scientist in the competence team of Identity Management at the IAT University of Stuttgart. Within this interdisciplinary team with an array of skill sets, she provides the Economic perspective for not only Identity Management, but a variety of IT Security related technologies. She contributed a socio-economic perspective in the large-scale EU FP7 project FutureID, which developed an identity management infrastructure for Europe. Currently, she is the lead for the University of Stuttgart in the EU Horizon2020 project, LIGHTest. Find Rachelle on Twitter @rachellesellung and on LinkedIn.
Alberto Miranda García is Senior Business Consultant at Atos. Coming from the financial industry sector (Barclays Bank UK) he joined Atos in the Financial Services of Consulting Division. Later in 2017 Alberto joined the Financial Services sector of the Atos Research and Innovation unit, committed to business consultancy and exploitation management for European level projects, mainly related to Cybersecurity and Identity. Find Alberto on LinkedIn.
This podcast is produced by Ubisecure who, among other respected identity players, has been one of the cooperating partners of the LIGHTest project, in its capacity as a provider of Customer IAM interactions. Ubisecure has contributed by giving insights into current best-of-breed principles in service provisioning in IAM globally; and by reviewing and contributing to the LIGHTest specifications and design from that perspective.
We’ll be continuing this conversation on Twitter using #LTADI – join us @ubisecure!
Go to our YouTube to watch the video transcript for this episode.
Oscar Santolalla: Let’s Talk About Digital Identity, the podcast connecting identity and business. I am your host, Oscar Santolalla.
Hi and thanks for joining. Today you can virtually make business with companies that are from any continent. But how would you know without this face-to-face contact that you can trust the person that is behind this digital service?
Today we are going to hear about a European project that has built a global trust infrastructure and for that today, we have two guests. So let’s introduce you.
My first guest is Rachelle Sellung. She’s a Senior Scientist in the competence team of Identity Management at the IAT University of Stuttgart. Within this interdisciplinary team with an array of skill sets, she provides the Economic perspective for not only Identity Management, but a variety of IT Security related technologies.
She contributed a socio-economic perspective in the large-scale EU FP7 project, FutureID, which developed an identity management infrastructure for Europe. Currently, she is the lead for the University of Stuttgart in the EU Horizon2020 project, LIGHTest.
Rachelle Sellung: Hi. Thank you for having me.
Oscar: And our second guest is Alberto Miranda García. He is a Senior Business Consultant at Atos. Coming from the financial industry sector, such as Barclays Bank in the UK, later in 2017 Alberto joined the Financial Services sector of the Atos Research and Innovation unit, committed to business consultancy and exploitation management for European level projects, mainly related to cybersecurity and identity. Hello Alberto.
Alberto Miranda García: Hello. Hello all.
Oscar: Great to have you both Rachelle and Alberto. Thanks for having your time. I know that it’s the very last days of this project. Everybody in the team is extremely busy. We appreciate that. We would like to know how this project, LIGHTest, was originated. How was the original idea? What was the problem that needed to be solved?
Alberto: Yeah. So initially, the idea behind this project, how it started, it is the issues that we have in our daily life. So the number of transactions that are virtually conducted through the internet are increasing exponentially. So we are impacted on our daily activities with all those huge number of transactions.
There is a need for assistance from authorities to certificate those electronic identities in the transactions. The question that we have in mind is when you are conducting one of those transactions with a third party, you have a counterpart there. Are you sure that you are doing the transaction with that person? And even if you answered that question, is that person a trustworthy counterpart in the transaction?
So this is the aim of the project. The idea was to build a global trust infrastructure. Global because it is beyond the European Union. At least it was the initial idea, based on enhancing the existing internet domain name system, the DNS. So just some tips about how it was initiated.
Oscar: And this came from a previous European project. Is it the continuation of another?
Rachelle: I could say that there are many people who are working on the project that have been working together in other aspects of LIGHTest to be put together. But it’s not a direct successor of a previous project to my understanding.
Alberto: There are some related projects – that is not effectively an extension of a previous one. So the foreground of the project came from a related one. So that is not a second part, let’s say.
Oscar: Right. OK. Please tell us what is LIGHTest all about.
Rachelle: Well, basically these last three years we’ve had the goal of developing a tool that would help to [automate] the verification and translation of different trust schemes and other trust services components. I wanted to make sure, like Alberto already said, that it could be used globally, which is part of the reason why we chose to incorporate the DNS.
However, the DNS is basically only used as a search function. So don’t worry so much, security people out there. We’re not storing anything on the DNS. Basically a search function to find these different trust schemes or components, our trust lists to be able to verify or translate these documents. From a more general perspective, it’s basically a tool that helps verify certified documents that are under a new trust scheme format.
Oscar: So it’s a tool in the sense that end users can use but it’s also an infrastructure that has to be maintained by some- by a number of organisations, correct?
Rachelle: The goal of the project was to basically come up with two different pilots or prototypes to how this kind of infrastructure could work, which we have successfully done. That’s always an achievement of a research project.
However, the integration of the tool is largely used from the backend to make these kind of verification processes more efficient and to be able to have more options of trust schemes, because right now there’s not another tool that is automatically verifying these trust schemes.
From the front end, it largely depends on which way it’s integrated. We have one pilot that has a user interface but the other pilot is being integrated into an already existing infrastructure called Peppol.
Oscar: Right. It can have a direct user interface so it can be integrated with other existing services. Could you give us a couple of concrete use cases to illustrate how it works?
Rachelle: Basically LIGHTest is ultimately going to be very important for cross-border trust services – the cross-border trust services market so to say – especially in relation to cross-border banking, cross-border health or education. One of the most interesting use cases, at least from my perspective or that I’ve been fortunate enough to work with, is the education use case where we were contacted by the UNHCR to kind of help them create a demonstrator to how they could help refugees in getting into schools.
So basically, how LIGHTest is incorporated into this use case is that they always get these refugees who come and they have their documents and of course they’re coming from very complicated situations or maybe they’re not able to get the notaries that we could get in our everyday life as easily.
But the UNHCR, they have more knowledge about it to really accept these documents and if they accept these documents and put them in the trust scheme, then this could help universities to be able to accept this document that was already checked by the UNHCR saying, “Hey, I trust that the UNHCR did a good job on checking this document and we might not have all of the information ourselves. But we trust this document. Therefore, we will accept them into this programme,” if they have all the other requirements of course. That’s one of my favourite use cases that we’ve actually created or demonstrated for.
Oscar: So what is the institution? Sorry, is there a Red Cross?
Rachelle: UNHCR. So United Nations for Refugees.
Alberto: Yeah, it’s the Refugees Agency.
Oscar: OK, OK, great. Yeah, it’s definitely an excellent use case and this is very clear that it can be applied globally.
Rachelle: For sure and our other use cases related to cross-border banking or cross-border health. So banking. I’m from the US but now I’m living in Germany. So I had to go and prove all these different things about me from the US. But of course in Germany, they have different standards to how to approve of these documents so I had to go get a handful of different notaries in the US to be able to prove my identity here or my history, my credit history, to be able to open up certain bank accounts. Or also when I studied here in Germany, I had to get four different notaries to prove that my university degree was actually a real degree. That’s just coming from the US to Germany where you have really good relations and yeah, it’s still very complex. So LIGHTest could help simplify this process quite a bit by being like “OK, so we accept all documents that are certified or underneath the US Department of Education accredited list”.
So as long as you would have a document, electronic document that has this kind of signature or attribute, then this would be automatically approved, that this would be a real document, instead of going through the chain of notaries.
Oscar: So the process today is still quite manual.
Rachelle: Oh, for sure. I mean at least my experience here in Germany and what a lot of people have told me. The next big thing was to get my grades translated from the US to Germany, where in the US if you have like a 3.8 or what not, that’s pretty good because 4.0 is the highest grade you can get. But in Germany, it’s an inverted scale so 4.0 is almost failing. They have to of course manually do this. So there’s like a university in Germany that takes on this task of translating all of the grades individually for each course and this of course takes quite a bit of time. There are even databases existing that could make this quicker. But they’re just not used efficiently. Hopefully in the future LIGHTest could help them.
Oscar: Yeah, sounds good. So you already have illustrated some examples and combining several countries, what can be achieved, what are trust or identity documents in that case as well. What would be needed in every country for LIGHTest to succeed?
Rachelle: I would say that a lot of – at least from a governmental point of view – there are already a lot of governmental trust schemes like eIDAS or [unclear]. I guess it would just be to bring up the awareness for other companies, or on a private level, to be able to have this kind of standardised way to do these kinds of transactions. Alberto, do you have anything to add to that?
Alberto: I agree with that, yes. Awareness creation – so part of the project has invested a lot of effort doing dissemination and communication activities, participating in a lot of workshops and forums. We have been approached by interested end users, private and public, related to the benefits that LIGHTest can provide them once implemented or once they are using the infrastructure.
Oscar: But for instance eIDAS, to my understanding it’s only in the European Union scope.
Rachelle: Yeah, eIDAS is part of the EU or the member states. But there are actually a lot of people who are interested in making sure that there are certificates or already valid documents are up to the eIDAS standards especially when working with Europe. There’s a lot of potential there.
Oscar: Countries that are also outside of the European Union?
Rachelle: For sure, yeah. We’re living in a global society and a globalised world at the moment. Europe definitely plays a large role and not just within Europe but also the US, China…
Oscar: Also related to this, I’m trying to think of what are the – let’s say the obstacles or the things that still need to be built beside awareness as you said. And the other countries – like how many countries are in the world? Like almost 200? It depends how you count them. How many countries have you managed to get some collaboration in this project?
Alberto: You mean participants in the project?
Oscar: Yes, some – not necessarily very active but some – well, the specific use cases. How many countries have you touched in total?
Rachelle: So another fun thing about LIGHTest is that we’ve had an international forum which is basically underneath our initiative to go global, right? So that was one of our main goals of the project, to make sure that we always have this global insight to this very European project.
So the international forum is basically a workshop that we held periodically throughout the project that was all around the world. So in the US, in Singapore, all over the EU of course, but also Azerbaijan and Egypt. We didn’t manage in Egypt but we did present there. But just to get an insight from experts from all these different regions of the world, from both people from the governments or from the public sector and private to make sure that we were able to incorporate the insights outside of the EU.
I’m not sure if that has helped you. So I can’t give you a direct number of how many countries we worked with. But I would say that we have done a pretty good job for our resources and of course the scope of the project, trying to make sure that we incorporate multiple regions of the world at least.
Oscar: Yeah. Sounds like an excellent job you have been doing. If you could tell me in these three years the project is ending, to my understanding, now in November.
Oscar: After these three years, what are the main achievements that the project has had?
Alberto: Yeah. As you say, we are almost there. We have to submit our last documents by the end of November. The aim of LIGHTest, as we mentioned at the very beginning, it was to have a direct impact at the global states. So it’s not only here in Europe but globally.
But also – and I think this is also quite important to mention. It is part of the project aim to have a direct impact or to transfer to the society, not only at the big institutions or big companies, but also to the small and medium enterprises that at the end of the day, they’re the ones that suffer the most the lack of this trustworthiness issues that we are having in the day-to-day transaction in the internet.
One of the key aspects of LIGHTest has been the focus on transferring these developments and these impacts to the market and then focus on the SMEs. We can say that we finished the project with a high level of maturity now we’re in the components we committed to develop. I don’t know if all of them, majority of them– at least the key ones are all ready to go to production environment.
They are based on open source approach. So they are on the Apache license. That means that technically anybody can use those results using the user manuals we are providing in the internet. There is also a cookbook about high level explanations on the technical stuff just to see the benefits of LIGHTest.
In theory, anybody can use all the developments of the project on their own. They need some technical knowledge base in their organisations but there is no need for them to have a heavy financial impact in their balances to get the developments of the project.
This is on one side and on the other one, talking about the global impact, we can say now that one of the action lines that we were working and Rachelle mentioned before, it was related to the Azerbaijan Ministry of Transport and Communication and High Technologies. They are part of the advisory board of the project and they just confirmed us a few weeks ago that they are going to deploy one of the components in their systems.
They have a data processing centre in Azerbaijan and they are going to use part of the technology of LIGHTest to enhance the capabilities. This will address the global impact that we aim. We think this is part of the achievements that we have done during these three years that materialises specifically in some specific topics.
Rachelle: For sure and I think also we’ve had some very fruitful collaboration during the project. We worked with a German research project, Industrial Data Space, to create – demonstrated how LIGHTest could be incorporated also in industry 4.0, use cases and predictive maintenance and then of course also the demonstrator that we’ve built, proof of concept for the DAFI programme, the scholarship programme for refugees with UNHCR. I think we’ve definitely done a lot for three years. It’s nice.
Oscar: Yeah, excellent. I think this example from Azerbaijan says a lot here. It’s an achievement and an impact in a country outside the European Union where all of you, the creators of this project have been working. What will come next now that the project is finishing? What will come next?
Alberto: OK. Just to make it short because there are quite a few things going here and there. In our last general assembly in Stuttgart a month ago, that question was on the table. What are we doing now? We just close things and that’s it, or we are going to extend the impact in the trust ecosystem? Majority of partners have a commitment to continue with the activities that we are doing. Not in the same way because obviously the project has finished. There is no budget behind and the organisations have their own interest and they have to invest it therefore in different things.
There is an intention to continue with the activities we have been doing during the project. For example, some partners will continue attending workshops and providing information and communication and disseminating the benefits of LIGHTest in the workshops they attend.
There will be a single point of contact for any end user or any person interested that would ask about LIGHTest developments. How can they use it? Who can help them? This spokesman or this single point of contact will redistribute to the rest of the partners that want to continue with their activities those questions and they will be addressed at some point. For example, if someone needs to deploy one of the components, it would be referred to the consulting partners or to the technical ones that can provide support at that moment.
There will be a [unclear] to continue with the activities and to prove the impacts of the development. So all those things will be extended for a limited time beyond the project then, one, two years, depending on the commitment of the partners.
Alongside with that, the extension of the activities of the project, there are some action lines initiated during the project not finished, but we will be willing to continue investigating and providing support. As Rachelle mentioned, the UNHCR for refugees programme, it is ongoing. If there is any need for extension or for analysis or for technical support partners will be there to continue with that.
Alongside with this, there is another initiative in the Haiti identity- (Haiti is the country in the Caribbean) identity initiative that one of our advisory board members bring to us that some faith-based organisations are interested in providing. Again trust verification to the refugees in that specific community in Haiti. It is just initiated, the engagement and the questions. But as I mentioned, we will continue providing support on that.
Of course – and it is also important to remind the two pilots we have. It is related to the emailing post and the e-procurement that have been deployed during the project. They have been financially audited in the project. So they are viable from a financial point of view. And the developments of LIGHTest can be implemented in the business as usual of those organisations. There will be a direct impact on what they are providing to their customers because LIGHTest enhanced their functionalities. Even the project won’t be directly involved in that, the results will be extended in time. I think those tips just can give you an idea of how we can extend after we finish in three weeks.
Oscar: Yeah. You have lots of examples. It sounds like a real business, a real service.
Alberto: Yeah, yeah, absolutely. Yeah.
Rachelle: We definitely try to make sure that we have a lot of different venues progressing because I mean it’s not just like in research. We want to be able to ensure that there’s this future for LIGHTest that’s not just in research but also in a more applied sense and across sectors. So in the private sector, public sector and also non-governmental.
Oscar: Just also to know what you completed in these three years. There’s a lot of components in the technical side. Alberto mentioned there’s open source components that are ready, that people can – are using them. What about in the legal side? There were supposed to be legal instruments that become – enforceable law in some countries or that was not the objective?
Rachelle: So LIGHTest, it doesn’t really deal so much with the legal aspect of it only because like that is up to the user using LIGHTest. However, during the project, we do have a legal partner, Time-Lex, where they have created some tools and guides for users of LIGHTest to try to help get them aware of what to consider and what to think about. While we don’t accept any liability or responsibility for the legal side, we have tried to help prepare users.
Oscar: Excellent. Anything else you would like to highlight about the project?
Rachelle: I think that this project has achieved a lot in its time, especially being such a large project. There’s so many different partners from all over Europe with different backgrounds, different disciplines, private, public sector, the legal side, the tech side. I think that everyone has harmonised in a really nice way and I think that it’s coming to a really good end that everybody can be proud of. I know this is probably very American of me to say but I think we did well.
Alberto: Yeah. At the end of the day, what really makes the difference is how all partners interact between them in the project because you can be an expert that if you are dependent on another party and they are not responding, things don’t work. What I really think is that we have then this interaction between partners in the best way we could do it because at the end of the day, the results are there.
So the components are up and running and we have, let’s say, officially no delays because everything is ready to go before the end. I fully agree with Rachelle that the interaction between partners is the key aspect of the success of the project.
Oscar: Great. I would like to ask a final question I ask to all our guests, to give us a tip for anybody to protect our digital identities. What would you say?
Alberto: OK. So just to make it very easy, probably you already received that answer before, that typical case that all of us are doing on a daily basis. In our internet browser, when you try to access a webpage, one of the basic things you can do is to verify that the service provider is a legitimate one. You can check the certificate if it’s an HTTPS or a trusted authority just to verify the authenticity of the source you are connecting.
This is for the individuals and also for the organisations. When we are – a story now where identity in service provider. We need to know that it is a trustworthy third party. There should be legal mechanisms to request those providers to prevent the leak of our data. So there are some legal restrictions and legal bindings for them to fulfil some characteristics or it has to prevent the leakage of the information stored in their systems.
Rachelle: From my side, I would just say beware of who you trust and value your ability to make trust decisions regarding your digital identity.
Oscar: So always take some extra second and think twice.
Alberto: Yeah, and read it.
Rachelle: Exactly, yeah. And to value that you have a decision and to make sure that you keep it.
Oscar: OK. Thanks, thanks for that. Thanks for your tips also. It’s great to hear. I have this good feeling that the project has finished successfully and will still continue. There are entities across the world that are gradually knowing about it and getting in contact. So please let us know how – anybody who can be listening to this podcast either now, next year, how they can be in touch. The best way to get in touch with LIGHTest.
Rachelle: We have two websites. So one of them is www.lightest-community.[org] and then the other one is lightest.eu I believe. If you look up “EU LIGHTest research project”, you will find those two websites. We also have a Twitter and we’re on LinkedIn. We’re trying to be connected.
Alberto: Those two websites will be up and running after the project ends. So if anybody wants to contact, those are the main channels or this is one at least.
Rachelle: We have a correction. It’s lightest-community.org. Sorry.
Oscar: OK, excellent. So there are ways to get in touch with LIGHTest now and in the future. So again, congratulations for your achievements, to you and to everybody in this large team that has been working. Thanks a lot and all the best.
Rachelle: Thank you for having us and giving us this opportunity to get some more dissemination and it’s definitely good to reach out to the identity world through your podcast. So thank you.
Alberto: Thank you Oscar.
Oscar: Thanks for listening to this episode of Let’s Talk About Digital Identity, produced by Ubisecure. Stay up to date with episodes at ubisecure.com/podcast or join us on Twitter @Ubisecure and use #LTADI. Until next time.
[End of transcript]