Governments and other organisations around the world are developing Trust Frameworks, which are vital for governing digital ID eco-systems and facilitating trusted identity transactions. But will digital ID be interoperable across these different frameworks?
It’s a global challenge with many questions to be answered. For example, how is an organisation in Indonesia going to know if it can trust a digital ID issued in Sweden? How was the user proofed? Does this meet Indonesian standards? Are the authenticators being used robust? Is it a fraudulent ID? Is anyone liable if it is? Equally, can the Swedish ID provider release data to the Indonesian organisation? Who are they? What are their data handling and management responsibilities?
They’re not technical questions. They’re questions of trust.
Compatibility is also key. If common credentials (i.e. COVID-19 certificate) from different issuers have data in different formats or if different credentials carry the same data (i.e. address) but in different formats, this causes problems. Without an agreed data format across an ID ecosystem, the problem of interpretation, translation, and data normalisation falls on the receiving organisation. This will be a major barrier to both digital ID adoption and interoperability.
Trust Frameworks will play a crucial role and must be designed to enable interoperability. At present, interoperability is the missing element in existing Trust Frameworks, as most programmes are in-country focused. Even eIDAS, which is arguably world-leading in terms of in-region interoperability, does not address international interoperability.
Through its research and work with its members, OIX has highlighted three ways interoperability can be achieved. The first is through bilateral agreements between frameworks to mutually recognise the trust that they ensure. The second is through parties, such as identity providers or credential issuers, becoming compliant with more than one framework.
And thirdly, the most efficient way of achieving mass interoperability between frameworks, however, may be through a virtual common framework approach, where a common framework enables many frameworks to trust each other through independently assessing their alignment and compatibility. It requires each framework to understand its relative position within a set of commonly agreed rules, essentially creating an overarching Trust Framework or a ‘framework of frameworks’. Each framework can then decide how it fills the gaps between its own requirements and those of another framework.
Interoperability is a key goal for the GAIN (Global Assured Identity Network) initiative, supported through OIX’s Global Interoperability Working Group, where the ‘framework of frameworks’ approach is being explored. GAIN is leading the mission to bring financial institutions together with those from other sectors so that we can achieve the global reach required to establish digital ID trust and success.
This editorial was first published in our Financial Crime and Fraud Report 2022, which showcases the innovation and development of the best practices and instruments used by financial institutions in their fraud prevention activities, to improve the digital onboarding process of their customers while fighting against financial crime.
About Nick Mothershaw
Nick Mothershaw is Chief Identity Strategist at OIX. Previously Director of ID and Fraud at Experian, he led the launch of IDaaS in the UK.
About OIX
Open Identity Exchange (OIX) is a non-profit trade organisation on a mission to create a world where everyone can prove their identity and eligibility anywhere.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now