The Open Identity Exchange (OIX) has launched a critical new paper – Digital ID DNA – Interoperability across Trust Frameworks – that will be crucial to understanding and navigating the different digital ID trust frameworks around the globe, and achieving interoperability.
One of the biggest challenges driving significant debate as digital ID progresses around the world is the ability for trust frameworks with different policy criteria to interoperate. Digital ID must be able to interoperate safely and securely across the different regulatory and technical boundaries that are defined in trust frameworks, usually by a government or for a specific geographical area.
The work of the non-profit global organisation, OIX, has been focused on ensuring that digital ID works well for anyone that wants it and that it works seamlessly all over the globe.
To achieve this, the OIX carried out unique and extensive analysis of the policies of eight very different digital ID trust frameworks across the globe. The goal was to explore how these frameworks and other parties could express their policy position in a consistent way, so that interoperability of IDs across these eco-systems could be achieved.
The new report, launched on Wednesday October 25th by OIX, reveals for the first time their commonality and differences. It found that they share common policy rule characteristics – specifically 15 common general policy areas with 75 different characteristics – and a common approach to assessing identity assurance.
According to the OIX, this is the digital ID DNA. OIX also found that they have different values for the characteristics – 289 variations across the 75 characteristics.
Nick Mothershaw, Chief Identity Strategist at OIX, said: “In the same way that humans are the same species, but with different characteristics that make them unique, trust frameworks address the same policy issue in different ways to meet local variations in approaches to privacy, inclusion, risk, security, technology, and identity assurance.
“This difference in approach is unlikely to change, so they will need to co-exist within the context of interoperability. Each approach is valid and our conclusion is that convergence of trust frameworks to a common set of policy criteria is not the way forward. While there may be some alignment, it is very unlikely that frameworks will align entirely.
“Instead, we have created an approach that will allow policy criteria to be expressed and exchanged between trust frameworks and other parties. Our ongoing testing of this approach is so far is revealing enormous value towards achieving interoperability of digital ID on a global scale.”
The new approach outlined in the OIX paper is an Open Criteria Exchange Tool (OCET). It allows the communication of value settings for the 79 policy characteristics and specific requirements for identity assurance, so that interoperability assessment and agreement between frameworks (and other parties) can take place.
The unique OCET has been created so that it can be used in both ‘static’ decision processes to explore policy alignment, but also in ‘dynamic’ decision processes where policy is assessed and interoperability decisions made ‘on the fly’.
Crucially, however, OCET will enable the creation of ‘roaming’ digital ID wallets. These are ‘smart’ digital ID wallets that can operate in more than one framework through assessment of their compliance with the policy criteria of the destination framework they have roamed into.