Digital wallets are central to self-sovereign identity (SSI). Some have even called for using the wallet as the central point of explaining SSI. If you’re seeking to implement an SSI solution, you have two options:
- Use an existing mobile wallet, like the popular Trinsic Wallet, Connect.Me, or Lissi.
- Develop your own wallet, custom-made for your use case.
Many of the people we talk with prefer option #2, because typically different use cases have different requirements. But there’s a reason there are only a handful of wallet apps out there—building an SSI wallet is complex! At Trinsic we seek to remove as much complexity as possible to empower others to build incredible SSI solutions.
In this post, we’ll help you understand the trade-offs associated with developing a digital wallet for your users.
Decision #1: Edge or Cloud?
Digital wallets are quite complex under the hood. They need to be capable of securely storing verifiable credentials. They need to speak all the right protocols to exchange secure messages in an interoperable fashion. They need to manage cryptographic keys. The software libraries required to perform these functions are quite extensive and can get “heavy.”
Luckily, most people in the developed world carry around a miniature supercomputer in their pockets. Smartphones are easily capable of handling a 100kb wallet application. That’s why most SSI wallets are what we call “edge wallets” (meaning the wallet itself resides on the person’s device). Edge wallets have the added benefit of being a more “pure” solution with individuals owning, controlling, and managing their own wallet and keys without relying on a third-party provider. The Trinsic Wallet is an edge wallet.
The alternative to an edge wallet is a cloud wallet. With cloud wallets, the “heavy” cryptographic libraries are processed on a server in the cloud. This keeps the implementation lightweight and flexible. The subject of the wallet (usually the end-user) can control it via any existing authentication scheme from any platform. For example, a user could view the same wallet via mobile app or through a browser—something that’s not possible with edge wallets. Cloud wallets do require, however, that the user have internet connectivity. Finally, the user should ideally be able to export their wallet out of the cloud and import it into an edge wallet if they so desire—otherwise, it’s really not self-sovereign. Trinsic’s Wallet API provides a cloud wallet solution which can be integrated using our mobile SDK.
Decision #2: Customization & Control
The customization of a wallet can be as varied as the potential use cases to which they can be applied, but not every implementation needs to start from scratch. A few out-of-the-box wallets are available, including Evernym’s Connect.Me and the Trinsic Wallet. Using these wallets is a great option if you don’t need a lot of customization. It’s important to consider the user experience: In the early days, it might feel awkward to direct your users to download a third-party application; but in the long-term, users won’t want to download three or five or more different wallets—for convenience purposes, they’ll probably want just one wallet that stores everything.
If you have an existing application and simply want to integrate SSI capabilities into it, using cloud wallets is a good option. It gives a great deal of flexibility and customization.
If you intend to develop an SSI wallet that primarily serves as an SSI wallet and doesn’t require a large amount of customization, then a white label wallet could be a perfect fit. The cost to white label an existing SSI wallet is much less than the cost of a single developer, while guaranteeing the functionality you need. Learn more about white labeling the Trinsic Wallet here.
If you intend to develop an SSI wallet that needs a large amount of customization, it probably makes sense to build it from scratch. Trinsic open sourced its Xamarin mobile SDK and helps maintain an open source reference mobile application called Aries Mobile Agent Xamarin (AMA-x). This would be a good place to start if you have a strong development team and don’t have a rushed timeline. For faster development time, you could try the Trinsic Mobile Starter Kit, a skeleton application that gets your team over the hardest parts of the development.
Customization and control are generally correlated together, as is cost. The more of each you get, the costlier the solution because of the resources you’ll need to commit to building and maintaining that solution.
Decision #3: Budget
Every organization has its own budget constraints. Some prefer usage-based pricing while others prefer fixed costs. Some have large development resources while others don’t. It’s impossible to tell an organization which direction they should go without diving into the minutia of the situation. However, there are some guiding principles that could help.
- The more customization and control you want, the more development resources you’ll need.
- If you have developers, but they’re constrained by other tasks as well, consider using a cloud wallet or white-labeled solution. This will help you focus on your specialty.
- If you have no developer resources at all, but you do have budget, find a delivery partner that can help you build it out. We’d be happy to connect you with vendors willing to help you.
- If you have no developer resources AND no budget, you’ll need to use an existing SSI wallet product.
Above we’ve listed several SSI wallet solutions that Trinsic can offer. Outlined below are the Mobile Starter Kit, Wallet API, and White-label offerings.
Mobile Starter Kit
The Trinsic Mobile Starter Kit is the best starting place to build a mobile (edge) SSI wallet. It is a skeleton mobile app that includes all the libraries and functions you need to perform basic SSI functionality. Assembly is required, however, to compile the functions correctly to build a useful application.
Best option if:
- You want a wallet owned and built entirely by your team but don’t want to start from scratch.
- You have the development resources necessary to build the application in Xamarin.
- You have some designs in mind that you’d like your developers to implement.
- You prefer an edge agent solution to a cloud agent solution for your use case.
- An SSI wallet is your app’s main function.
- The Mobile Starter Kit source code is licensed from Trinsic via an annual subscription.
- It includes a training to help your team get started and make sure your developers hit the ground running.
- It also includes a dedicated senior engineer on support.
- To productionize your application, a cloud-based “mediator” service is required to route messages, deliver push notifications, and optionally store encrypted wallet backups.
- Trinsic offers a performant and scalable mediator service as an add-on (you can also build your own mediator service).
For more information on the Mobile Starter Kit, contact us.
The Trinsic mobile SDK is a client library to consume the Wallet API (previously called Custodian API), which allows you to control a Trinsic-hosted cloud wallet. We handle all of the complexity on our end, so you don’t have to worry about tying up loose end(point)s 😃. You’ll install a client SDK into your app which is much thinner than the Mobile Starter Kit. This SDK component interacts with the APIs and the cloud wallet. Thus, the wallet is hosted in the cloud but controlled by the mobile SDK.
Best option if:
- You need something quick and scalable.
- Your solution needs to accommodate for a wider variety of smartphones, devices, or otherwise needs to be cross-platform.
- Your development team isn’t capable of maintaining an edge SSI wallet because they’re too busy, don’t have the expertise, or some other reason.
- Your app’s main function is not as an SSI wallet, but you just want to add SSI capabilities to your current app.
- Your app will be connected to the internet when being used to access the API.
The Wallet API cost is simply usage. We charge a small fee based on DIDComm used. Trinsic can support hundreds of thousands of cloud agents (for usage above that, please contact us). This is a great place to start for a proof of concept, pilot, and rapid scaling in production.
Trinsic can white label our wallet with your branding and styling. If you want more than just the core SSI functionality, we offer the following add-on features:
- In-wallet verification
- Offline in-wallet verification
- Cloud backup
- and more
We can also provide the support you need with a dedicated solutions architect that will help gather requirements, a UX designer specializing in SSI, and a senior software engineer to make it all work together.