General area |
Across the globe there are major initiatives underway to establish the parameters for the safe interoperability of digital IDs across borders. In individual countries, digital ID providers are undergoing rigorous certification processes. Some countries have already made digital ID a primary option for access to both public and private sector services, either led by the government or taken on by the private sector. Among the organisations that will come to accept and rely on digital ID, the topic is firmly on their radar, with our research showing that 87% of organisations across the globe now assessing it for their operations.
However, our research has also shown that less than half of all organisations that will need to accept digital ID have actually moved further along the path to adoption.
There are still a number of questions, and misconceptions, stopping organisations from moving forward with digital ID adoption, and they need addressing. Will fraud challenges increase? Will the data be safe? What happens there is a data breach? Where will liability lie? Will it make inclusivity issues worse? How will it work? These are some of the most common ones that need clarifying in order to ensure organisations are ready to join the digital ID eco-system that is fast growing around the globe.
Will it increase fraud levels? Will the data be safe?
A key feature of digital ID is that data will be protected by robust authenticators, such as biometrics, which are inherently difficult to copy or reproduce. Furthermore, ID providers are undergoing tough assessments to become certified to global security standards for data access and management, to ensure they are proofing users properly and storing their data securely.
In many countries digital ID works in a decentralised way, so users’ data is not kept in a central database. It’s distributed and kept in a protected format on the user's own device or in a user specific space in the cloud. This makes it less vulnerable to attack.
What happens if there is a fraud? Where will liability lie?
If fraud takes place as a result of an ID provider not following the trust framework rules under which it was certified and operates, in many cases it may be held liable. The provider of the fraudulent digital ID, or specifically the fraudulent credential, will be required to suspend or close the user's ID notify the real end user and all the organisations impacted by the fraudulent use of the stolen ID. Additional ID proofing or authentication may be put in place for when the real user next uses their ID.
Will it make inclusivity issues worse?
If anything, it is placing greater focus on addressing inclusivity issues. Experts have said been saying for years that there are over one billion people in the world who struggle to prove their identity. Our own research has revealed that in the UK alone, there are 12% of people who struggle to prove who they are, because they do not have digitally presentable evidence, such as a driver’s licence or passport.. As digital ID has developed, so have major global and local initiatives to make secondary options available to ensure that everyone who wants a digital ID can get one. This includes our own proposal for a Digital Vouch with Photo capability, for example, which would enable users with no documentation to be included by a voucher acting on their behalf.
How will it work?
Digital ID wallets have emerged as the preferred method of storing, securing and managing digital IDs. Initial thinking from thought leaders on the topic of wallets is that they must be ‘smart’ and help organisations that will come to accept digital IDs work out quickly what information will be accepted in the complex processes and rules they have to follow to proof a person. This will eliminate the need to have to work through the multiple credentials that exist, in constant liaison with the end user (the customers) to get the right ones.
Our view at OIX is that smart wallets must go much further than this. They have to guide the end customer too. They must interpret each organisation’s complex rules on behalf of the end customer and work out which credentials they need. If it means combining information from several credentials to meet data minimised needs, the ‘smart’ digital ID wallet must be able to do that safely and with the user’s consent. And it must help them obtain the credentials they don’t have, all in a structured way and without requiring the user to understand the rules.
This means that trust frameworks and standards must also be designed to support ‘smart’ digital IDs; and as such, we launched OIX’s Guide to Trust Frameworks for Smart Digital ID last year.
Alongside the development of wallets comes questions around how these wallets will be implemented. At OIX, we see two key routes: one where governments issue government credentials into government issued wallets, whilst private sector credentials do the same into private sector wallets. While one can be used to access the other, this route also means that the end user will end up with at least two wallets. This may complicate their ability to effectively combine credentials to meet the specific needs of complex use cases. This would be a key failing in the road to digital ID adoption.
The second route, and the one in our view would ensure fewer barriers to digital ID progress and adoption, is where governments issue credentials into private sector wallets that they trust. This would enable a user to have just one wallet containing all the credentials, which can be combined where required to meet the needs of complex use cases.
Furthermore, most of the complex needs that will need fulfilling will come from the private sector and this in itself will help drive innovation around smart digital ID services that blend trusted ID proofs from government.
The end goal for everyone involved in the developing the digital ID ecosystem has to be to remove barriers to, not create them.
Join us at Identiverse – OIX will be situated in the expo at booth #1536 – drop by and pay us a visit!
You can also hear OIX’s Chief Identity Strategist, Nick Mothershaw, talking at the following sessions:
- Architecture, Standards & Engineering: What is a Smart Wallet and How Might It be Implemented?
- Wednesday, 31st May 2023 - 4.50 pm – 5.15 pm
- Location: Juniper 4
- The Business of Identity Panel: Are Businesses Ready to Accept Digital Identities?
- Thursday, 1st June 2023 - 10:30 am - 11:20 am
- Location: Juniper 4
- Meet & Greet the Open Identity Exchange
- Thursday, 1st June 2023 - 4:30 pm - 5:30 pm
- Location: Copperleaf 9
- Find out more about OIX membership & how being a part of the OIX community can help you and your organisation