The Safe Wallet Special Interest Group (SIG) was established to create, distribute, and promote a comprehensive reference for the safety of digital wallets. The SIG embarked on a mission to define the Four Pillars—Privacy, Security, Trusted Processes, and Governance—that are essential for the development of secure digital wallets. This open collaboration actively involved the Open Wallet Foundation (OWF) and the wider technology community to document considerations for safe wallets.
I do wonder though if the early developers of browsers would have made different decisions if they knew how things like cookies would be used in the future.
– Tim Bloomfield
Lead Technology Architect, Province of Ontario Digital Service
As an open source community, the Safe Wallet SIG contributors include independent technologists, innovative startups, technology leaders in government and representatives of some of the largest tech companies in the world. For the last year, this group of experts gathered to discuss and document answers to the question, “what could make a safe digital wallet now and in the future?” These contributors worked together to identify the challenges and issues faced by both public and private sector organizations in developing safe digital wallets and recommendations to mitigate them. Some came to the effort with a security lens, others focused on privacy while still others brought their experience with governance to the table.
As digital wallets go mainstream and become an important tool in our lives, it has become even more vital to be informed about what makes a “good” or “safe” wallet. If designed well, digital wallets will transform our online lives and keep us more secure and safe. If not designed well, they will allow others to track our online interactions in ways never before possible.
– Andrew Tobin
Digital Wallet Strategy & Innovation, Gen Digital
The first deliverable developed by the Safe Wallet SIG is the Safe Wallet Guide, which can be found here on GitHub (https://github.com/openwallet-foundation/safe-wallet-sig/blob/main/docs/wallet-safety-guide.md) or downloaded as a PDF (https://github.com/openwallet-foundation/safe-wallet-sig/releases/download/v2.0/wallet-safety-guide.pdf). At 18 pages, the guide intends to translate the deep knowledge of experts in the digital wallet space into something digestible by non-experts, journalists, product designers, policy-makers and the general public. The guide sets a high bar for what makes a “safe” wallet, provides resources for learning more and details the safety considerations that will serve users in the best possible way and keep them private and secure online. These materials are a deliverable of the OWF community. If you have concerns or suggestions regarding the content, please file a pull request on GitHub.
The Safe Wallet Guide provides guidance independent of architecture or use case across four pillars:
- Privacy
- Holder protection from unwanted observation, tracking and correlation. This pillar includes unique identifiers, issuer/verifier collusion, privacy enhanced transactions, notice and consent.
- Security
- The practice of implementing measures to safeguard against harm, including Security by Design, Secure by Default, Software Security Controls
- Supporting Functions
- Mechanisms specific to the wallet that enable or support external party processes such as Holder Binding, Wallet locking & Unlocking, Back-up and Restore, Credential Management, Presentation Protocols, Key Management, Authentication
- Governance
- Technical and standards-based implementation(s) to solve Regulatory, Policy, Compliance & Risk-Based Challenges. Wallets sit at the confluence between Counterparties who engage in transactions & Relying Parties who depend on digital identity information from trusted sources to provide services. They may be subject to multiple requirements from both for regulatory compliance, auditability, accountability, and attestation/certification
My work on the Safe Wallet Guide addresses the urgent need to enhance digital wallet security, fostering trust and driving adoption. By championing a Zero Trust model and robust controls, we safeguard transactions and privacy, aligning with global Trust Frameworks to support the secure growth of digital wallets across platforms.
– Juliana Cafik
Principal Program Manager | Identity Standards Architect
The OWF’s launch of the Safe Wallet Guide will be accompanied by an ask me anything session (“AMA”) on Tuesday October 1, 2024, and will share the work with the wider wallet, open source, and identity communities. The work continues as the SIG prepares to focus on the goals and objectives for its next phase of evolution.
The Safe Wallet SIG is a collective effort by experts in the field. The OpenWallet Foundation community absolutely appreciates the efforts of the contributors in putting together the Safe Wallet Guide, but would especially like to recognize Andrew Tobin, Digital Wallet Strategy & Innovation, Gen Digital and Chair of the Safe Wallet SIG for his tireless leadership in organizing and driving the development of V2 of the Safe Wallet Guide.
In addition, we appreciate the contributors and external reviewers who helped bring this work to life:
- Daniel Bachenheimer, Digital Identity Innovations Technical Lead, Accenture
- Juliana Cafik, Principal Identity Standards, Microsoft
- Drummond Reed, Director Trust Services, Gen Digital
- Tim Bloomfield, Lead Technology Architect, Province of Ontario Digital Service
- Keith Kowal, Director of Product Management, Swirlds Labs
- Jorge Flores, Entidad, CO-founder & CTO
- Sebastian Elfors, Senior Architect, IDnow
- Stavros Kounis, Enterprise Architect, under contract with the European Commission
- Juan Fransisco Tavira, Senior Blockchain Architect, Banco Santander
- Lal Chandran, Co-Founder & CTO, iGrant.io
These materials are a deliverable of the OWF community. If you have concerns or suggestions regarding the content, please file a pull request.
We need your help! Efforts like the Safe Wallet SIG only happen with the contribution of passionate individuals working in the open to make this technology work for everyone. We need your use cases, concerns, implementations and solutions to grow this community and its important work. To get involved:
- The Safe Wallet SIG meets every Tuesday at 7am PT, 10am ET, 4pm CET. You can find out more on the OWF Calendar.
- You can add your comments/insights to the V2 of the Safe Wallet Guide