---
robots: noindex, nofollow
---
# Swiss e-ID Workshop Proposal
This proposal details a series of six online workshops and one two-day in-person workshop to support the continued development of Swiss e-ID, focused on a transition from SD-JWT to a more user-oriented and privacy-focused data minimization system.
> **Executive Summary:** The Swiss e-ID team's current proposal for batch SD-JWT issuance addresses immediate deployment needs but creates long-term technical debt. eiDAS 2.0 has already gone this way, with its support for SD-JWT and OpenID4VC, but on June 19, 2024, cryptographers reported: "We do not see a way to fix the proposed solution to meet all the privacy features as required by the regulation." Long-term, we need a better solution for Swiss e-ID. This workshop series will offer that solution by equipping the Swiss e-ID team with the knowledge to evaluate data minimization solutions and to plan migration to architectures that better support true privacy.
## The Core of Data Minimization
Data is dangerous, identity data doubly so. It allows for unintended disclosure: you can release more info than actually needed. It can enable unexpected correlation: what happens when your mental healthcare records get correlated to your employment applications? It can have undesired secondary use: we recently learned that Urban VPN harvested and sold 8 million AI conversations, which was never the intent of the information.
To resolve these issues requires selective disclosure, which is the ability to selectively release only some of the data within an identity, credential, or other data packet. This must be a fundamental part of any digital identity model, especially ones that claim to be self-sovereign and user-focused: users have to be able to elide (delete) sensitive data so that they're only transmitting what is specifically needed.
But not all data minimization is equal. Some data-minimization models only allow elision by the original issuer of the data. To offer true autonomy, a data minimization system must allow the holder (user) of the data to make all choices about what data to disclose, to whom, and when. Any system that instead requires the issuer to either create or validate data minimization choices ultimately leaves holders in a subservient role to the issuer, with rights that could be snatched away at any time.
Only once we have this can we build other technologies such as signature anti-correlation: they're a part of the solution, but data minimization is the foundation.
## The Issues with SD-JWT
There are existing solutions that get us part way there. SD-JWT has received the most attention. It offers a good first step toward data minimization and the enabling of user autonomy, but it is not a full data minimization regime, precisely because the issuer must create all desired variants of minimized data. Not only could this be a logistical nightmare, which grows exponentially with the size of the data, but it also means that the holder has no true autonomy: they can only minimize data in ways that the issuer has allowed.
There are also other issues with SD-JWT and its privacy support, as demonstrated by a group of cryptographers who reported on eiDAS on June 19, 2024. Among the biggest problems are:
- **Permanent tracking identifier**: Every SD-JWT presentation contains the same issuer signature, enabling correlation.
- **Malicious issuer tracking**: Issuers can embed holder-specific URLs that track usage through metadata fetches.
- **Array size leakage**: The number of elements in an identity is visible even when content is hidden.
- **No granular control**: Nested objects must be disclosed all-or-nothing unless pre-structured.
- **Limited to simple disclosure**: SD-JWT cannot support advanced features such as predicate proofs.
- **No post-quantum readiness**: SD-JWT relies on traditional signatures that are vulnerable to quantum attacks.
These issues could create ever-growing cracks in any digital identity standard if they're not quickly resolved. These workshops are intended to educate implementers, regulators, and other persons involved with Swiss e-ID on the problems and potential solutions.
## The Workshops
I have successfully produced or supported approximately two dozen workshops over the last decade, focused on hands-on work with decentralized, identity, privacy, and related topics, mainly through the Blockchain Commons and Rebooting the Web of Trust organizations. About half have been virtual, about half in-person, with the in-person workshops lasting up to four-and-a-half days. These have included:
* **Rebooting the Web of Trust Workshops** that focused on decentralized identity and led to the standardization of Decentralized Identifiers (DIDs) and Verifiable Credentials (VCs).
* **FROST Workshops** that alternatively supported implementers and developers in advancing the technology.
* **Silicon Salons** that brought together chip manufacturers with cryptography companies to help support cryptographic needs in silicon.
* **Revisiting Self-Sovereign Identity Workshops** that are currently ongoing and intended to collaboratively revise self-sovereign identity principles ten years after my original definitions.
* Other workshops on **Smart Custody** and **Token Ethics**.
The digital identity workshops would build on this expertise through my facilitation of six online workshops, leading up to an in-person summit in Geneva. Each workshop would include domain experts to maximize the experience. Though they will include set presentations, they will also include participatory exercises, which has been a hallmark of my workshop designs.
The six online workshops would each be a half-day, and would likely run monthly from March to August.
Planned discussion topics would be:
1. **March: Understanding the Problem.** The importance of data minimization and the limitations of SD-JWT.
* *Output:* Problem definition document.
2. **April: BBS+ and Proven Alternatives.** Other existing solutions such as AnonCreds, BBS+ signatures, W3C Data Integrity.
* *Output:* BBS+ evaluation report.
3. **May: Next Generation Architectures.** Upcoming solutions such as Gordian Envelope, JSON Web Proofs, and ACDC.
* *Output:* Architecture comparison matrix.
4. **June: Implementation Deep Dives.** Technical workshop with code examples.
* *Output*: Proof-of-concept implementations.
5. **July: Regulatory and Policy Landscape.** SOG-IS, Swiss DPA, GDPR, and other governmental models.
* *Output:* Regulatory compliance roadmap.
6. **August: Strategic Planning.** Migration strategies from SD-JWT, including recommendations.
* *Ouput:* Strategic recommendations
The in-person Geneva Summit is intended to piggyback on the Global Digital Collaboration Conference 2026, on September 1-3. A rough schedule would include:
**Day 1: Synthesis and Demonstration**
- Morning: Executive briefing on findings
- Afternoon: Live demonstrations of alternatives
- Expert panel with international cryptographers
- Swiss stakeholder feedback session
**Day 2: Decision and Roadmap**
- Morning: Comparative analysis workshop
- Afternoon: Strategic roadmap development
- Commitment to next steps
- International collaboration agreements
***Final Output:*** Final architecture decision and implementation plan.
(Obviously, all of topics are subject to variation, largely ased on specific needs that may arise from participants over the course of the workshops.)
## The Budget
We are seeking €140,000 to organize and run this sequence of workshops. That would include:
* €120,000 for the workshops
* €20,000 for travel and per diem for the in-person event
This includes our time and efforts for facilitating the physical conference and reporting out afterward, but not costs for the physical event planning (e.g., location rental and breakfast and luch for participants). Our model presumes that those costs would be absorbed as part of the Global Digital Collaboration Conference 2026, with the Global Digital Collaboration Conference organizing event rooms and participant meals during the event. If that can't be accomodated, then we'd otherwise need a Swiss partner and funds for the physical event management.
We are also seeking other international partners, both to better finance the project (allowing for more and/or better advertised meetings with more notable experts) and to increase the power of our collaboration by inviting in other viewpoints who have other expertise.
## Conclusion
We need to build a 20-year architecture, not a 2-year MVP. My intent is that these meetings consolidate the architectural thinking necessary for the implementers and planners of Swiss e-ID to be able to evolve the system in such a way that it strengthens individual autonomy and Swiss democratic sovereignty, rather than weakening it.
--
# Taiwan Workshop Proposal
This proposal details a series of six online workshops and one two-day in-person workshop to support the continued development of digital ID, with a focus on the advantages and disadvantages of many systems already extant and coming into usage, starting with SD-JWT.
> **Executive Summary:** Digital identities are coming into increased usage at a state level. Europe is working on eIDAS and Switzerland has authorized the use of Swiss e-ID. There are more initiatives across the world. Unfortunately, many of these solutions do not respect their users' privacy, creating long-term problems for the entire ecosystem. We need solutions that offer user-oriented, privacy-focused data minimization, and they need to be comprehensive solutions, not partial ones such as SD-JWT.
## The Core of Data Minimization
Data is dangerous, identity data doubly so. It allows for unintended disclosure: you can release more info than actually needed. It can enable unexpected correlation: what happens when your mental healthcare records get correlated to your employment applications? It can have undesired secondary use: we recently learned that Urban VPN harvested and sold 8 million AI conversations, which was never the intent of the information.
To resolve these issues requires selective disclosure, which is the ability to selectively release only some of the data within an identity, credential, or other data packet. This must be a fundamental part of any digital identity model, especially ones that claim to be self-sovereign and user-focused: users have to be able to elide (delete) sensitive data so that they're only transmitting what is specifically needed.
But not all data minimization is equal. Some data-minimization models only allow elision by the original issuer of the data. To offer true autonomy, a data minimization system must allow the holder (user) of the data to make all choices about what data to disclose, to whom, and when. Any system that instead requires the issuer to either create or validate data minimization choices ultimately leaves holders in a subservient role to the issuer, with rights that could be snatched away at any time.
Only once we have this can we build other technologies such as signature anti-correlation: they're a part of the solution, but data minimization is the foundation.
## The Issues with SD-JWT
There are existing solutions that get us part way there. SD-JWT has received the most attention. It offers a good first step toward data minimization and the enabling of user autonomy, but it is not a full data minimization regime, precisely because the issuer must create all desired variants of minimized data. Not only could this be a logistical nightmare, which grows exponentially with the size of the data, but it also means that the holder has no true autonomy: they can only minimize data in ways that the issuer has allowed.
There are also other issues with SD-JWT and its privacy support, as demonstrated by a group of cryptographers who reported on eiDAS on June 19, 2024. Among the biggest problems are:
- **Permanent tracking identifier**: Every SD-JWT presentation contains the same issuer signature, enabling correlation.
- **Malicious issuer tracking**: Issuers can embed holder-specific URLs that track usage through metadata fetches.
- **Array size leakage**: The number of elements in an identity is visible even when content is hidden.
- **No granular control**: Nested objects must be disclosed all-or-nothing unless pre-structured.
- **Limited to simple disclosure**: SD-JWT cannot support advanced features such as predicate proofs.
- **No post-quantum readiness**: SD-JWT relies on traditional signatures that are vulnerable to quantum attacks.
These issues could create ever-growing cracks in any digital identity standard if they're not quickly resolved. These workshops are intended to educate implementers, regulators, and other persons involved with government-supported digital IDs on the problems and potential solutions.
## The Workshops
I have successfully produced or supported approximately two dozen workshops over the last decade, focused on hands-on work with decentralized, identity, privacy, and related topics, mainly through the Blockchain Commons and Rebooting the Web of Trust organizations. About half have been virtual, about half in-person, with the in-person workshops lasting up to four-and-a-half days. These have included:
* **Rebooting the Web of Trust Workshops** that focused on decentralized identity and led to the standardization of Decentralized Identifiers (DIDs) and Verifiable Credentials (VCs).
* **FROST Workshops** that alternatively supported implementers and developers in advancing the technology.
* **Silicon Salons** that brought together chip manufacturers with cryptography companies to help support cryptographic needs in silicon.
* **Revisiting Self-Sovereign Identity Workshops** that are currently ongoing and intended to collaboratively revise self-sovereign identity principles ten years after my original definitions.
* Other workshops on **Smart Custody** and **Token Ethics**.
The digital identity workshops would build on this expertise through my facilitation of six online workshops, leading up to an in-person summit in Geneva. Each workshop would include domain experts to maximize the experience. Though they will include set presentations, they will also include participatory exercises, which has been a hallmark of my workshop designs.
The six online workshops would each be a half-day, and would likely run monthly from March to August.
Planned discussion topics would be:
1. **March: Understanding the Problem.** The importance of data minimization and the limitations of SD-JWT.
* *Output:* Problem definition document.
2. **April: BBS+ and Proven Alternatives.** Other existing solutions such as AnonCreds, BBS+ signatures, W3C Data Integrity.
* *Output:* BBS+ evaluation report.
3. **May: Next Generation Architectures.** Upcoming solutions such as Gordian Envelope, JSON Web Proofs, and ACDC.
* *Output:* Architecture comparison matrix.
4. **June: Implementation Deep Dives.** Technical workshop with code examples.
* *Output*: Proof-of-concept implementations.
5. **July: Regulatory and Policy Landscape.** SOG-IS, Swiss DPA, GDPR, and other governmental models.
* *Output:* Regulatory compliance roadmap.
6. **August: Strategic Planning.** Migration strategies from SD-JWT, including recommendations.
* *Ouput:* Strategic recommendations
Switzerland's authorization of Swiss e-ID was one of the inciting events leading to this workshop series, and it'll be one of several topics we focus on. (Switzerland is another of the sponsors of this series.) As a result, the workshop series will culminate at an in-person Geneva Summit, intended to piggyback on the Global Digital Collaboration Conference 2026, on September 1-3. A rough schedule would include:
**Day 1: Synthesis and Demonstration**
- Morning: Executive briefing on findings
- Afternoon: Live demonstrations of alternatives
- Expert panel with international cryptographers
- Government stakeholder feedback session
**Day 2: Decision and Roadmap**
- Morning: Comparative analysis workshop
- Afternoon: Strategic roadmap development
- Commitment to next steps
- International collaboration agreements
***Final Output:*** Final architecture decision and implementation plan.
(Obviously, all of topics are subject to variation, largely ased on specific needs that may arise from participants over the course of the workshops.)
## The Budget
We are seeking NT$5 million New Taiwan dollars to support the organization and facilitation of this sequence of workshops.
This includes our time and efforts for facilitating the physical conference and reporting out afterward, but not costs for the physical event planning (e.g., location rental and breakfast and luch for participants), which we hope to share with an organization in Switzerland.
We are also seeking other international partners, both to better finance the project (allowing for more and/or better advertised meetings with more notable experts) and to increase the power of our collaboration by inviting in other viewpoints who have other expertise.
## Conclusion
We need to build a 20-year architecture, not a 2-year MVP. My intent is that these meetings consolidate the architectural thinking necessary for the implementers and planners of government-supported digital IDs to be able to evolve the system in such a way that it strengthens individual autonomy and democratic sovereignty, rather than weakening it.
Sign in with Wallet
Connect another wallet