2023 looks like it will be another year of enormous transformation for digital identity across the globe. We are seeing country after country offering citizens options to use digital IDs to access services within the public and private sector. Many of these digital ID ecosystems are government led. Others are led by the private sector.
In the UK, we have the new digital identity and attributes trust framework. At the time of writing, we have 32 certified parties who can supply identity services as part of that framework. Currently, the focus is largely on the employment vetting market place, but in 2023, we will see an expansion of the use of digital identity into many more areas, such as finance, property buying and selling, property rentals and age assurance. As part of our drive for digital identity adoption and our commitment to support our members, OIX will be focusing on educating the acceptors of digital ID - relying parties - on the vast and specific benefits of digital identity to them, as well as addressing their concerns and challenges.
The biggest milestone for digital ID in 2023, however, will be the wallet.
In the US, we are seeing the continued rollout of mobile driving licenses state-by-state. These are being issued to citizens and are being carried in the wallets of their smart phone providers. The questions that are being raised include: ‘Will my other credentials such as my passport or my national ID also end up in the same smart phone provider-based wallet? Or will they end up in other wallets specific to the purpose of each credential?’
The latter will be very confusing for the users, so we hope this will not be the case. We need less apps on our phones, not more. Our view is not that we need everything in one super app. For a digital identity to be effective and easily managed by its owner, however, it does need to have the users’ key credentials available to be combined and shared all in one place.
In Europe, we will see the large-scale pilots for the EUDI wallet kick-off alongside the delivery of the EU model wallet. These will explore interoperability across the EU in various use cases, such as travel, payments, education, account opening and eSignatures. This is a highly ambitious program, and a highly transformational one for the countries that are members of the union. But this also raises further questions. Will it result in state-based wallets containing only state issue credentials? Will users be left with having to have separate private sector wallets for private sector issued credentials? Again, we need to make it easy for users and enable them to have their key credentials in one place - in one wallet - of their choosing. Perhaps the EU should focus on issuing government assured credentials into trust framework approved private sector wallets, rather than requiring members states to issue wallets themselves.
Simultaneously, we will see the launch of the Open Wallet Foundation, which will create open source code to enable those wishing to build and issue wallets to users, to be able to do so in a rapid way while leveraging existing global standards. Our view is that the Open Wallet Foundation will complete another part of the highly complex identity puzzle. As such, our plans are to support the Open Wallet Foundation as an associate member so that we can collectively solve that puzzle.
In January 2022, OIX launched its Trust Framework for Smart Digital ID which shows how a user centric wallet-based digital identity must work for its user to enable them to meet the often complex rules that organisations they wish to consume services from must work within. The wallets that we are seeing emerge in 2024 must be smart; they must work on behalf of the user to interpret the rules of the trust framework that is prevailing and the rules of the relying party with whom the user is interacting.
Wallets must also be able to work across international boundaries. When a person flies from the US to Europe, their wallet must dynamically and seamlessly adapt to the policy rules for digital identity in the EU.
The OIX global interoperability working group is exploring how an open policy rules framework will allow all parties in the identity ecosystem to describe their rules to each other; be that the rules:
- for the use of an individual credential, as specified by its issuer
- for digital identity within a particular geography or use case, as specified by a trust framework
- or of a particular relying party, often dictated by its regulator.
In 2023, OIX will explore, in conjunction with partner trust frameworks and OIX members around the world, how such an open policy rules framework can be defined and might be leveraged across the globe. We would then want to see the open policy rules framework adopted into the components that are published through the Open Wallet Foundation, so that all parties can work in a consistent way to describe, share, and comply with digital identity policy.
We will also seek to bring clarity in the evolution and positioning of centralised, federated, and decentralised (or distributed) identity ecosystem implementations. At OIX we see a shift from centralised implementations to decentralised implementations, but where there is more than one identity provider in a market where a federation will still be required. This means that federations will not go away with decentralisation, they, and the trust frameworks required to support them, will continue to be part of the ecosystem.
So, 2023 will be a year of massive change. Welcome to the year of the wallet.
Here at OIX, we will be continuing to influence those who define trust frameworks and their surrounding ecosystem to ensure digital identities around the globe are safe, secure, user centric and interoperable. If you’re not already an OIX member, come and join us on this journey, and help us ensure this complex puzzle is solved in a way that works for everyone involved in it.
Nick Mothershaw, Chief Identity Strategist, OIX