The guide is designed to provide an expert view on what a Trust Framework to enable Smart Digital ID should look like, by detailing its salient components: the principles, content, roles and responsibilities.
It builds upon the OIX 2017 paper âTrust Frameworks for Identity Systemsâ, which attained worldwide acceptance; becoming a benchmark guide used by global organizations defining rules and standards for trust. This new guide incorporates lessons learnt from existing national and international frameworks including eIDAS in Europe, Verify in the UK, the PCTF in Canada and Aadhaar in India.
OIX provides comprehensive, practitioner informed descriptions along with real-world examples of all the potential components in a trust framework by defining it within the following context:
Additionally, it defines and details the roles and responsibilities within a framework, outlining the functions, input and outputs of each party within the framework. This is critical for potential new entrants to determine how they can participate, contribute to, or derive the most benefit from a trust framework.
The guide is intended to provide a clear guide to trusted identity and Attributes for both users and organizations, in line with the OIX mission to present the human end of identity as opposed to a solely technical viewpoint. To this end, the guide is technology agnostic providing the neutrality to allow providers of trust frameworks to implement frameworks in accordance with their own specific technical needs. The trust framework presented in this guide is suitable for the governance of both decentralised and centralised ID ecosystems, including those supporting federation of IDs.
In the context of this guide a Digital ID could be for:
For all the above scenarios a User controls the Digital ID. Sometimes the user must be involved every time a Digital ID is used. Other times, for example for the Digital ID of a thing, users might only be involved to set up and manage the thing on a more occasional basis with the things Digital ID acting on its behalf the rest of the time.
This guide describes Digital ID in the context of users controlling a Digital ID that is asserted to an organization that consumes the Digital ID for the provision of products and services.
It is recognised that there are Digital ID solutions which create Digital IDs that identify an organization. This allows an organization to assert their âorganizational Digital IDâ so that individuals can trust an organization, enabling them the be sure of the entity they are transacting with.
It will allow regulators to comprehend the relevance of trust frameworks when defining appropriate regulations for areas such as anti-money laundering.
As stated above, this guide draws on previous OIX work on trust frameworks, in particular:
Paper |
Date Published |
Authors |
---|---|---|
Trust Frameworks for Identity Systems |
Jun 2017 |
Esther Makaay â SIDN Tom Smedinghoff - Locke Lord LLP Don Thibeau - Open Identity Exchange |
Establishing a Trusted Digital Identity Ecosystem |
Oct 2019 |
Ewan Villars, Innovate Identity |
The identity community uses a plethora of specialist terminology. In order to try and standardise the vernacular OIX has created a separate Glossary of Identity Terms, including common synonyms.
How is the guide being evolved?
This guide links to further, more detailed, reference guides on the previously mentioned topics. These reference guides will detail what needs to be accomplished in order to deliver the high-level contents and what considerations need to be given to ensure the success and interoperability of any resulting trust framework or scheme.
Full PDF versions of the guide and the glossary can be found by clicking on the link at the top right handside of this page.
The guide will be of use to a broad audience: