General AreaGeneral area |
OIX’s vision is that each of us can have a Digital ID that works seamlessly all over the globe. For this vision to become a reality, Digital IDs will need to interoperate across the regulatory and technical boundaries that are defined in trust frameworks, usually by a government or for a specific geographical area.
To advance this vision, OIX has been running a future looking working group looking at how global interoperability can be achieved. We have undertaken an analysis of the policies of 8 trust frameworks from around the globe to better understand their commonality and differences.
The good news is they do have a set of commonalities: 15 common general policy areas with 75 different characteristics and a common methodology to assess identity assurance. This is the DNA of Digital ID. However, like humans with DNA, the frameworks are not all the same. They have different values for the characteristics: 289 value variations across the 75 characteristics.
The results of our analysis will help frameworks understand their commonality and differences. It might allow them to align on some policy matters. But it is very unlikely that frameworks will align entirely as they are different for a reason. Diversity in policy at the detailed level is to be expected as frameworks are addressing the same policy issues in different ways to meet local variations in approaches to privacy, inclusion, risk, security, technology, and identity assurance. This diversity also means that undertaking many bilateral agreements between frameworks to achieve interoperability is likely to be an endless process; we need a more scalable approach.
We need to enable trust frameworks to interoperate, to communicate their value settings for specific characteristics as policy ‘criteria’ in a consistent way so that interoperability can be resolved, perhaps dynamically. To do this we have created the Open Criteria Exchange Tool (OCET) to allow policy criteria to be expressed and exchanged. OCET allows the communication of 15 areas of general policy rules and specific requirements for identity assurance as criteria: the values acceptable for a particular policy characteristic. OCET can be used in ‘static’ decision processes to explore policy criteria alignment and in ‘dynamic’ decision processes where policy criteria interoperability decisions are made ‘on the fly’.
OCET will enable the creation of ‘roaming wallets’; Smart Wallets that can operate in more than one framework through assessment of their conformance to the policy criteria of the destination framework they have roamed into.
Frameworks generally refer to one or more of 5 ‘golden credentials’ in their identity assurance models: National IDs, Passports, Driving Licenses, Bank Account and Telco account. The proofing processing in their identity assurance models also leverage common methods such as document scanning and selfie cross match, but the detail on how these methods is executed are different within each framework. We have identified several areas of standardization that would enable better interoperability assessment, namely in the areas of credential formats and methods for validation and verification.
OCET enables parties to pose and answer the following four questions to achieve interoperability:
- Does a wallet have this right policy criteria to meet my requirements?
- Does a credential have the right policy criteria to meet my requirements?
- Can a wallet derive an attribute I need? (e.g., Over 18)
- Can a wallet derive a level of assurance I need?
Our creation of the OCET is still at an early stage, but we already see that it could offer enormous value in achieving interoperability of Digital ID on a global scale, enabling OIX’s vision of allowing users to have a reusable Digital ID that works anywhere around the globe.
The OIX working group on global interoperability will continue. We will test the value of OCET with trust frameworks and other parties through desk top examination of the policy criteria requirements for some specific use cases.