By Nick Mothershaw, Chief Identity Strategist at the Open Identity Exchange (OIX), a non-profit trade organisation on a mission to create a world where everyone can prove their identity and eligibility anywhere through a universally trusted ID.
The digital ID eco-system is growing rapidly. So is identity fraud. In this new world, organisations have to know with complete confidence who they are dealing with and consumers must be able to provide trust in their identity to all organisations so they can access the services they are entitled to.
Trust Frameworks will play a crucial role in making sure that these identity transactions can take place safely. Their role will be to provide the rules and guidelines needed to govern the collection, verification, storage, exchange, authentication and reliance on credentials about an individual person, a legal entity, device, or digital object.
But they need to do much more than that if we are to ensure that the vast potential and benefits promised by digital ID can be delivered. And, they must encompass the needs of everyone involved.
A more person-centric approach
In the design of a detailed Trust Framework, the needs of the parties it aims to serve must be met first. That is, the end consumers and the organisations who want to get trusted information from those consumers. However, many Trust Frameworks around the world have started with the needs of the parties developing those frameworks. While their needs are important and should not be compromised, there needs to be a far better balance. We believe that this vital for any Trust Framework to be successful.
Enabling smart digital ID
The processes and rules that organisations have to follow to proof people differ from sector to sector, be it financial services, retail, education or travel. They differ further between borders. And, they are complex to say the least. At the moment, a digital ID is primarily a digitised real-world credential. The end consumer is expected to understand all the processes and rules, work out what is needed and fulfil the criteria for each transaction. All too often, the experience for the consumer is painful, and this then becomes a barrier for them.
Digital ID, therefore, needs to be smart. It needs to help consumers through the processes, without requiring them to understand the complexities surrounding them. For the consumer, it should just be a case of seeing what information they have been asked to get. The detail behind the request should be down to the smart ID to figure out. This is when all the parties involved in a digital transaction will start to see the real benefits of digital ID. Trust Frameworks will need to be developed to facilitate this.
Enabling global interoperability
Another major challenge for the global adoption of digital ID is interoperability. There are many questions that need to be addressed around compatibility. Without agreement on how common credentials or the same data from different credentials are presented, organisations on the receiving end are left trying to interpret the data.
There are also many questions around trust, What are the rules for a bank in one country wanting to release a bank ID to an organisation in another? How well ‘proofed’ is the individual in question? What are the data management rules and obligations in each country? What if something goes wrong? Who is liable?
Through our work at OIX, we have been exploring the idea of a ‘meta’ framework that will enable translation between one framework and another, enabling many frameworks to trust each other through independently assessing their alignment and compatibility. We believe that it could be the most efficient way of achieving mass interoperability between frameworks.
Continuing to evolve
Trust Frameworks will play a vital role in ensuring future global digital ID success for everyone involved. From our work over the years and, recently, from our evaluation and comparison of existing Trust Frameworks around the world, we have identified a number of components that need to be considered for any Trust Framework to work well, and to work for everyone that it seeks to serve.
While the specific needs for each country will differ, the key concepts that must be embraced will be the same everywhere. Placing the end consumer at the centre of their evolution and ensuring they can facilitate the development of smart digital ID and interoperability, are at the heart of our recommendations for successful Trust Frameworks.