By Dan Bachenheimer, Unique Identity Services Global Lead, Accenture
The Identity Week Europe conference and exhibit was conducted in London on June 28 and 29, 2022. The conference had three tracks, Security Documents, Biometrics, and Digital ID with the mission to “… to accelerate the move towards a world where trusted identity solutions enable governments and commercial organizations to provide citizens, employees, customers and consumers with a multitude of opportunities to transact in a seamless, yet secure manner. All the while preventing the efforts of those intent on doing harm.”
The Trust Over IP (ToIP) Foundation was invited to join a panel discussion on the topic of Smart Digital ID Wallets and the Future of Identity moderated by Steve Pannifer, Managing Director, Consult Hyperion. The panelists were: Nick Mothershaw, Chief Identity Strategist, Open Identity Exchange, Daniel Bachenheimer, Contributing member to the Technical Architecture Task Force, Trust Over IP; Arjan Geluk, Lead Principal Advisor, Identity Management & Security, UL; and Kristel Teyras, Chair of the Digital Identity Workgroup, Secure Identity Alliance.
The 20 minute Smart Wallet panel discussion was preceded by a presentation on Smart Digital ID Wallets – Smart Digital Wallets: More than just a collection of Digitised Credentials by Nick Mothershaw and Lee Hughes who laid down the underlying functional elements of Smart Wallets along with use cases and operational considerations.
Our panel discussion began with what is digital identity? and my response was that we need to think about it in two domains: foundational identity, typically imparted by the public sector as a form of legal identity after establishing uniqueness within the target population, and functional identities where identity attributes are typically established by sector-specific relying parties such as: employers, financial institutions, educational institutions – as well as public sector entities for voting, taxes, driving licenses, etc.
The next discussion round was seeking clarity on what exactly are digital identity wallets and what specifically ToIP offers in this domainn. I shared that, beginning with the OIX Smart Wallet discussed in the last session, there are varying capabilities already in (or expected to be in) digital identity wallets – from the OIX rules engine, to the EU Digital Identity Wallet initiative that is to include strong, multi-factor authentication, auditing, and (like the ISO mDL wallet), both online and offline capabilities – among many others.
I explained that the ToIP model was originally inspired by the Hyperledger Aries work on digital identity wallets and agents. The focus has been on secure key pair generation and storage along with secure verifiable credential exchange and storage. However that scope is steadily expanding to be inclusive of other decentralized identity stack architectures and protocols.
I also shared that the ToIP model outlined in the Trust Over IP Introductory document, available at TrustOverIP.org, addresses the technology and governance related to each layer separately. I shared an example from the EU Digital Identity Wallet requirements which says that a “minimum set of person identification data… [must be shared] to identify the user upon … request in those cases where identification of the user is required by law.” How does one ensure that the entity requesting the person identification data, as required by law, is a legitimate relying party and how do we securely share the minimum amount of information that is legally allowed? ToIP governance and technology guidance exists today, in the form of ToIP Governance Specification V1, and is maturing to address these fundamental digital identity capabilities.
Ultimately the panel was very much aligned that decentralized digital identity will be an integral part of establishing one’s identity online, and off. Industry must work together to establish globally interoperable solutions where formats, protocols, and digital signatures defined by governance and trust frameworks are agreed within and between ecosystems.