Known Traveller Digital Identity Specifications Guidance March 2020 White Paper In collaboration with AccentureWorld Economic Forum 91-93 route de la Capite CH-1223 Cologny/Geneva Switzerland Tel.: +41 (0)22 869 1212 Fax: +41 (0)22 786 2744 Email: contactweforum weforum © 2020 World Economic Forum. All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means, including photocopying and recording, or by any information storage and retrieval system. This white paper has been published by the World Economic Forum as a contribution to a project, insight area or interaction. The findings, interpretations and conclusions expressed herein are a re- sult of a collaborative process facilitated and endorsed by the World Economic Forum, but whose results do not necessarily represent the views of the World Economic Forum, nor the entirety of its Members, Partners or other stakeholders.3 Contents 1. Foreword2. Executive summary3. Introduction3.1 Background3.2 Purpose and scope3.3 KTDI principles and core technologies4. KTDI: Solution overview5. KTDI solution components: Capabilities and standards5.1 Layer 1: DID networks5.2 Wallets and agents5.3 IT Infrastructure and supporting technologies6. Pilot technology6.1 Technology developments7. Conclusion8. Contributors9. Endnotes 4 5 7 7 8 8 10 14 14 16 22 23 23 24 25 264 1. Foreword In January 2018, the World Economic Forum introduced its Known Traveller Digital Identity (KTDI) concept, an initiative co-designed by public- and private-sector partners that aims to anticipate the challenges, and take advantage of the immense opportunities, that emerging technologies will present in the cross-border movement of people. The KTDI concept seeks to address the changing behaviours and expectations of travellers, the growing volume of global travellers, and the increasing focus on risk-based security to promote more seamless and secure travel. The KTDI concept relies upon a trusted, decentralized and interoperable identity platform enabled through technologies including blockchain, biometrics, mobile devices and cryptography. The Forum and its partners are currently piloting components of the KTDI concept in a real-life, cross-border context between the Netherlands and Canada. The pilot is testing various elements of the KTDI concepts policies, processes and technologies to further enhance the concept and inform future pilots and the development of best practices and standards in collaboration with international regulatory and standards-setting bodies and industry. In future iterations, multiple pilots can run potentially in parallel and with different use cases, partners, technologies and geographies to enrich the outcome and scalability of the KTDI concept. As the pilot is under way, this White Paper documents the standards, open specifications and industry best practices that have shaped the initial pilot and that provide guiding principles for the KTDI concept and any related future pilots towards the end-state vision of global interoperability. The document references applicable standards, capabilities and functionalities that comparable solutions should consider in order to interoperate with the KTDI concept. This paper is the result of collaboration between the World Economic Forum, Accenture and our partners to inspire active multistakeholder action in this fast-moving landscape. It serves two aims: first, to inform ongoing initiatives and pilots to advance the convergence and harmonization of global developments and, second, as a tool to compare and align KTDI and other complementary approaches and technologies with the ambition to secure maximum interoperability and global adoption. The Forum welcomes engagement from other organizations advancing secure and seamless travel, and looks forward to further collaboration on this subject. Christine Leong, Global Blockchain Identity Lead and Managing Director, Accenture, Ireland Christoph Wolff, Head of Mobility Industries, World Economic Forum LLC5 manage digital identity attributes that are attested to and provided by issuing authorities (both public and private) so the individual may share them through selective disclosure. This paper focuses on describing the various layers of the decentralized identity model and the capabilities, standards and specifications that apply to each and that have been leveraged to build the KTDI solution. The layers are divided into two categories of trust (cryptographic and human) as follows (this paper does not cover layer 4): In January 2018, the World Economic Forums Platform for Shaping the Future of Mobility introduced its Known Traveller Digital Identity (KTDI) concept, an initiative co-designed by public- and private-sector partners that seeks to anticipate the changing behaviours and expectations of travellers, the growing volume of global travellers, and the increasing focus on risk- based security to promote more seamless and secure travel. The Forum and its partners are currently piloting components of the KTDI concept in a real-life, cross-border context between the Netherlands and Canada. The pilots lessons will help to further enhance the KTDI concept and to inform future pilots and the development of best practices and standards in collaboration with international regulatory and standards-setting bodies and industry. In future iterations, multiple pilots can run potentially in parallel and with different use cases, partners, technologies and geographies to enrich the outcome and scalability of the KTDI concept. This White Paper describes the technical foundation of the KTDI concept and documents the standards, open specifications and industry best practices that have shaped the initial pilot and that provide guiding principles for the KTDI concept and any related future pilots. The KTDI concept was designed to adhere to the values and principles of decentralized identity, including ownership and control of identity attributes, privacy and disintermediation. As such, the KTDI solution is built upon the decentralized identity model, leveraging the emerging World Wide Web Consortium (W3C) verifiable credentials (VC) and decentralized identifier (DID) standards. This model allows travellers to self- 2. Executive summary Cryptographic trust Layer 1: DID Networks Layer 2: DID Communication Protocol Human trust Layer 3: Credential Exchange Layer 4: Governance Frameworks The intended audience for this paper includes teams supporting chief information or technology officers of organizations interested in exploring the adoption of the KTDI concept or complementary solutions. This paper is not intended to cover specific details, lessons or outcomes from the KTDI pilot that is currently under implementation. As emerging decentralized identity strategies and technologies continue to develop, it is important to consider alternative or complementary technologies and approaches that may also support KTDIs core principles. The expected advantages and disadvantages of every technological choice must be thoroughly assessed on a use case basis, considering legal, national security, certification, risk and other requirements.6 This paper outlines the ambition for KTDI to provide the foundations for a globally accepted decentralized identity ecosystem. Further development and wider adoption depend on maximizing data exchange interoperability and federated trust, for which the best use of international standards, open specifications and industry best practices are essential. Success will rest upon cooperation between world governments, regulators, the aviation industry, technology providers and other players to establish global standards and specifications for compliance by all stakeholders. As the leading global platform for public- private cooperation, the Forum is committed to strengthening the kind of multistakeholder collaboration needed to achieve interoperability in the new identity paradigm that continues to unfold. The Forum invites interested stakeholders to provide feedback and proposals for new pilots or approaches to enhance or complement the KTDI concept and further this goal.7 The Known Traveller: Unlocking the potential of digital identity for secure and seamless travel report describes the KTDI concept and outlines a set of recommendations (Table 1) that serve as the basis for this White Paper: 1 One of the recommendations was to pilot the KTDI prototype policies, processes and technologies and adapt them iteratively while balancing development with ongoing technological breakthroughs and convergence with other initiatives and models. To this end, in 2018 the Forum convened a Pilot Group to develop the first pilot of the KTDI concept. Pilot Group members include: The World Economic Forum The Governments of the Netherlands and Canada, including their respective departments and agencies The airlines KLM Royal Dutch Airlines and Air Canada The airports Amsterdam Airport Schiphol, Greater Toronto Airport Authority and Aéroports de Montréal Accenture Vision Box Idemia 3.1 Background For decades the cross-border movement of legitimate travellers has enabled and sustained international trade, tourism-driven economic growth and increased tolerance across cultural and social divides. However, global travel systems are under greater pressure from the growing number of travellers, infrastructure capacity limits and ever-increasing risk and security requirements. These pressures hinder a secure and seamless cross-border traveller journey and cause various pain points for governments, businesses and travellers. Experts predict that a combination of these pressures on the international travel experience will reach a tipping point, putting the growth of the industry at risk. The Known Traveller Digital Identity (KTDI) concept aims to leverage advances in emerging technologies, such as blockchain and decentralized key management systems, to simultaneously enhance the security capabilities in the travel continuum while improving the passenger experience. 3. Introduction 1. Act now Pilot and develop iteratively Ensure inclusivity to drive scalability Continuously monitor new developments 2. Build momentum Focus on traveller-centric requirements to accelerate adoption Explore new business models Pilot new use case scenarios to build communities of trust and connect them 3. Sustain a supportive policy framework Uphold standards and recommended practices Develop advanced risk profiling to expedite the security process Prioritize privacy and security Table 1: KTDI concept paper recommendations8 standards and specifications listed in this paper come from various working groups aligned with different organizations and may change over time. That said, these working groups often have a similar membership and many groups are making efforts to collaborate. Care should be taken to evaluate each standard and specification, and identify any areas that are not complementary. Further information on the KTDI concept is available from the KTDI website 2and concept report. 3.3 KTDI principles and core technologies The KTDI concept was designed to adhere to the values and principles of decentralized identity, including ownership and control of identity attributes, privacy and disintermediation. The core enabling technologies selected for KTDI support these values and are currently being tested by the Pilot Group. Decentralized identity is commonly referred to as self-sovereign identity (SSI), a term used to describe “the digital movement that recognizes an individual should own and control their identity without the intervening administrative authorities”. 3Although it is an industry-accepted term (also adopted by the European Union, 4among others), some maintain that self-managed identity is a more appropriate term because a self-issued identity claim has little value to many relying parties. In the KTDI concept, the core verifiable claim that will be used by travellers is based on a government-issued credential derived from the passport. As such, for the purposes of this document, SSI refers to a decentralized identity that is self-managed and that is based on a government-issued verifiable credential. As explained in Section 6 in more detail, a blockchain-based platform was selected as the key enabling technology for the KTDI concept and pilot with the goal of better understanding integration requirements between multiple stakeholders in this industry. However, decentralized identity management solutions could be non-blockchain based and other approaches could also be used. The Pilot Group is working collaboratively to test critical elements of the KTDI concept (i.e. governance, privacy and security frameworks and the technology) in a cross-border, real-life environment. The pilots lessons will help mature the KTDI concept and assess the potential for its use by additional stakeholders, such as other governments, airlines and airports as well as hotels, car rental companies, and other players in the travel and tourism sector. In future iterations of the KTDI concept, multiple pilots can be run potentially in parallel and with different technologies to enrich its outcome and scalability. 3.2 Purpose and scope From the outset, the KTDI concept was designed with global interoperability as a core design principle, with a view to maximizing the use of open source technologies, open standards and industry best practices (e.g. for security and privacy) and avoiding vendor lock-in. This paper presents a first step in efforts to continue building upon the recommendations outlined in the concept paper and to promote increased multistakeholder collaboration and dialogue on the path towards global interoperability. Moreover, since 2018, the International Air Transport Association (IATA) has advanced its learnings on the One ID concept, and the International Civil Aviation Organization (ICAO), which is responsible for setting international standards for aviation, including passport issuance, has been developing specifications for digital travel credentials. Through close observance of and engagement with these organizations, the KTDI concept continues to evolve, such that this guidance document aims to contribute to ongoing discussions for the development, use and exchange of digital travel credentials and interoperability. This White Paper catalogues the most important and relevant standards, technologies, specifications and best practices that have been leveraged to build the KTDI solution. Some of the 9 As emerging decentralized identity strategies and technologies continue to develop, it is important to co