## Taiwan Digital Identity Wallet (TWDIW) [W3C CCG (Credentials Community Group)](https://www.w3.org/events/meetings/b3ffe790-4b51-43f7-91fb-14c6d0ef3f5c/20250513T120000/) Denken Chen (experience since [W3C TPAC 2024 breakout session](https://www.w3.org/events/meetings/14174caa-7eee-414c-bafa-ef7053e32b39/)) --- ## Disclaimer - This presentation is based on collaborative effort. - Opinions are on my own. --- ## Denken Chen - Mobile app developer for over a decade - InfoSec consultant for a while - My first time to be a technical staff and advisor - Producing W3C Monthly Report and co-working on holding Technical Advisory Meeting - Connect with me: https://denkeni.org --- ## Special considerations for Taiwan - Driving License: no digital version available - Existing Government PKI cards or services: MOEACA and XCA (legal entity), MOICA and TW FidO (natural person), HCA (National Health Insurance) - [Suspended New eID rollout](https://www.ey.gov.tw/Page/9277F759E41CCD91/e80e55a2-0102-4031-b6d3-a7c40f4cac6a) (2021) --- ## The Ministry of Digital Affairs (moda) - Responsible for driving Taiwan's digital development, established in 2022 - Early research on decentralized tech (late 2023): - Decentralized Identifier (DID) - Decentralized Autonomous Organization (DAO) - Retroactive Public Goods Funding (RPGF) --- ## Taiwan DID - https://github.com/moda-gov-tw/tw-did - Early research and proof of concept - Bridges TW FidO (existing X.509 certificate for natural person) to Ethereum Address and Semaphore Identity via DID and VC - Read more [analysis](https://yurenju.blog/posts/2024-02-04_taiwan-digital-id-privacy-first) from the developer - Led to the current spec of TWDIW --- ## TWDIW Spec - W3C Decentralized Identifiers v1.0 - W3C Verifiable Credentials Data Model v1.1 - IETF Selective Disclosure for JWTs (SD-JWT) - OpenID for Verifiable Credential Issuance (OpenID4VCI) - OpenID for Verifiable Presentations (OpenID4VP) - W3C Bitstring Status List --- ## DID Method - did:key - NIST P-256 - Use secure enclave/element on the mobile phone --- ## Software Components - Issuer: docker image - Holder: mobile apps on iOS & Android - No wallet agent or [holder service](https://w3c-ccg.github.io/vc-api/#holder-service) - Supports QR code; NFC expected - Maintains VP history - Verifier: docker image SDKs will be provided for the trust triangle. --- ## Selective Disclosure over ZKP - Easier to implement for engineers - Easier to explain to citizens, lawers, and officials - Relatively mature standards --- ## ZKP Exploration - Based on zkID, Ying Tong and Privacy & Scaling Explorations - Since [[MINUTES] Data Integrity 2025-04-18](https://lists.w3.org/Archives/Public/public-credentials/2025Apr/0041.html) - Deriving a ZKP from SD-JWT, without changing to the issuer process --- ## Verifiable Data Registry: Issuer - Issuer's public keys and schemas (from gov) - Onchain: public ledger; EVM-Compatible blockchains expected - Ensures resistance & availability - Enables permissionless verification and an open ecosystem --- ## Identity Assurance Level (IAL) - NIST SP 800-63 Digital Identity Guidelines - IAL as an optional VC field declared by the issuer - Helps verifiers decide which VC to request - Challenges: reissuance and renewal - DID key rotation or phone replacement --- ## Verifiable Data Registry: Verifier (still under discussion) - Verifier's public keys and schemas (requested VC fields) - did:web and domain name registration? - Verifier Contact: right to access, to be forgotten - Registry governance? --- ## Electronic Signature - Not a digital signature under law (e.g., not a QES, Qualified Electronic Signature, under EU law) - Could we treat VP as an authorization electronic document with an electronic signature (indicating user consent)? --- ## Other Challenges - NFC with selective disclosure - Present QR Code (holder-initiated interaction) --- ## Unlocking Scenarios Only Possible with DIW For example: - Car rental with just a mobile phone - Driver license & International Driving Permit - Cross-border recognition - More...? --- ## Open Source Schedule - Starting from 2025/08 to 2025/11 - Basically covering all software components --- ## Sandbox Environment - Testing environment (not regulatory sandbox) - Access testing version of the TWDIW app and demo scenarios: https://demo.wallet.gov.tw - Create VCs and VPs on the sandbox website - Send an email to apply for an account: https://www.wallet.gov.tw/applyAccount.html