Prime Discount
expires in
Register Now


Global Interoperability

Global Interoperability

Combined Session
Thursday, June 06, 2024 14:30—15:30

The DNA of Digital ID – Enabling Roaming Wallets

OIX has analysed eight Digital ID trust frameworks: US, Canada, EU, UK, Singapore, Thailand, MOSIP and Bank ID Sweden. The goal was to see if their policies could be expressed in a consistent way to enable interoperability of IDs across these eco-systems. The analysis found they share 75 common policy rule characteristics with 283 possible values. This is the DNA of Digital ID: trust frameworks are the same species but address the policy issues using a varied characteristics to meet local approaches to privacy, risk, security, and identity assurance. Our conclusion is that convergence of frameworks to a common set of policy criteria is unlikely, as they are necessarily different. Therefore, we have created a tool to allow policy criteria to be expressed and exchanged between trust frameworks and other parties.

This session will share:

  • An overview of our analysis of the eight trust frameworks
  • The contents of the DNA of Digital ID open criteria exchange framework
  • How the policy criteria will be used in a mixture of ‘static’ and ‘dynamic’ decision
  • processes to enable roaming wallets
  • How dynamic level of assurance assessments can be made.
  • A demo of a wallet adapting as it roams from framework to framework.
Nick Mothershaw
Chief Identity Strategist
The Open Identity Exchange
Nick is Chief Identity Strategist at the Open Identity Exchange, a community for all those involved in the ID sector to connect and collaborate. Together we develop the guidance needed for...
The Global Interoperability of Digital Identity

As more governments promote online access and issue digital identity credentials for their populations, questions arise regarding just how portable those credentials are from one country to the next. While the EU has the benefit of eIDAS 2.0, other countries and regions still struggle with how to take advantage of digital identity credentials issued outside their borders. The challenges go beyond technical standards: it's not just about the structure of the data, it's also about how that data is verified, what level of assurance is offered, privacy considerations, and more.

Making digital identity globally interoperable is a fundamental necessity for everything from education to finance and trade. It is the basis for social and financial inclusion as humans move around the world This session will review where efforts are underway to improve the global interoperability of identity and where there are still gaps, both in policy and technology, that need attention.

Heather Flanagan
Spherical Cow Consulting
Heather Flanagan, Principal at Spherical Cow Consulting, comes from a position that the Internet is led by people, powered by words, and inspired by technology. She has been involved in leadership...
Multilateral Federation: The Solution to the Problem that Identity Wallets Don’t yet Understand They Have

SAML and OpenID started with a simple model of bilateral trust. Relying Parties register with Identity Providers and exchange trust information so that the RP can know that they are talking to Microsoft, Google, Facebook etc. We have also had Smart Cards (PIV/CAC) for authentication based on a certificate signed by someone that chains back to a known trusted root. The smart card approach avoids the RP needing to register but has significant user privacy issues. The research and education communities have long understood the scalability issues with these approaches. This led to the development of SAML2 and SAML metadata being used to represent more complicated trust relationships, where a single RP may allow identities from hundreds of Identity providers without needing to set up bilateral relationships. 

We are now entering a new world of Identity Wallets that look a lot more like multilateral federations than a simple one-to-one relationship. For these sorts of credentials to be scalable, we need to represent how a RP/Verifier can be part of perhaps hundreds of overlapping trust groupings. While it might be practical in just the EU to issue special TLS certificates to RP so that they can ask for credentials, that quickly breaks down if multiple countries outside the EU decide that is a good model.

This presentation will look at proposed trust models and explore how a number of implementations are using OpenID Federation to address these scalability issues.

John Bradley
Distinguished Architect
Mr. Bradley is an Identity Management subject matter expert and IT professional with a diverse background. Mr. Bradley has over 15 years experience in the information technology and identity...
Secure your ticket
Be quick before the Prime Discount expires in
00d 00h 00m 00 s
Get a ticket
Almost Ready to Join EIC 2024?
Reach out to our team with any remaining questions
Get in touch