Area

OIX Response

Governance

OIX is calling for regulator and the governing body to be separate entities.

OIX is also calling for a public-private governance partnership.

Scope of Governance Body

The scope should include:

• Promotion and comms of Trustmark to users, promotion to industry
• Interoperability
• Management of Trustmark abuse

Framework Fees

Should be levied in arrears or transactionally to prevent upfront barriers to investment

Schemes

OIX is supportive of the scheme construct, but more clarity needed on the role of a scheme. For instance, can a Scheme owner also play other roles in the framework?

Escalation Points

There needs to be an independent Digital Identity Ombudsman

Fraud

Consideration of framework wide fraud controls and information sharing (shared signals) is required

Inclusion

An IdP ‘exclusion report’ is not practical. The governance model should instead focus on who IdPs are Including then the delta is the excluded population.

Access to government data

Y/N APIs are not ideal. Richer APIs are required for many use cases. User consented release of data as verifiable credentials should be considered. Onward transfer of government data from IdPs to other parties should be allow with the user's consent.

Validity of Digital IDs

Digital IDs should be equivalent to a passport or driving license if they are GPG45 Medium.