Global Interoperability
Combined Session
Thursday, June 06, 2024 14:30—15:30
Location: B 09
Thursday, June 06, 2024 14:30—15:30
Location: B 09
OIX has analysed eight Digital ID trust frameworks: US, Canada, EU, UK, Singapore, Thailand, MOSIP and Bank ID Sweden. The goal was to see if their policies could be expressed in a consistent way to enable interoperability of IDs across these eco-systems. The analysis found they share 75 common policy rule characteristics with 283 possible values. This is the DNA of Digital ID: trust frameworks are the same species but address the policy issues using a varied characteristics to meet local approaches to privacy, risk, security, and identity assurance. Our conclusion is that convergence of frameworks to a common set of policy criteria is unlikely, as they are necessarily different. Therefore, we have created a tool to allow policy criteria to be expressed and exchanged between trust frameworks and other parties.
This session will share:
- An overview of our analysis of the eight trust frameworks
- The contents of the DNA of Digital ID open criteria exchange framework
- How the policy criteria will be used in a mixture of ‘static’ and ‘dynamic’ decision processes to enable roaming wallets
- How dynamic level of assurance assessments can be made.
- A demo of a wallet adapting as it roams from framework to framework.
As more governments promote online access and issue digital identity credentials for their populations, questions arise regarding just how portable those credentials are from one country to the next. While the EU has the benefit of eIDAS 2.0, other countries and regions still struggle with how to take advantage of digital identity credentials issued outside their borders. The challenges go beyond technical standards: it's not just about the structure of the data, it's also about how that data is verified, what level of assurance is offered, privacy considerations, and more.
Making digital identity globally interoperable is a fundamental necessity for everything from education to finance and trade. It is the basis for social and financial inclusion as humans move around the world This session will review where efforts are underway to improve the global interoperability of identity and where there are still gaps, both in policy and technology, that need attention.
SAML and OpenID started with a simple model of bilateral trust. Relying Parties register with Identity Providers and exchange trust information so that the RP can know that they are talking to Microsoft, Google, Facebook etc. We have also had Smart Cards (PIV/CAC) for authentication based on a certificate signed by someone that chains back to a known trusted root. The smart card approach avoids the RP needing to register but has significant user privacy issues. The research and education communities have long understood the scalability issues with these approaches. This led to the development of SAML2 and SAML metadata being used to represent more complicated trust relationships, where a single RP may allow identities from hundreds of Identity providers without needing to set up bilateral relationships.
We are now entering a new world of Identity Wallets that look a lot more like multilateral federations than a simple one-to-one relationship. For these sorts of credentials to be scalable, we need to represent how a RP/Verifier can be part of perhaps hundreds of overlapping trust groupings. While it might be practical in just the EU to issue special TLS certificates to RP so that they can ask for credentials, that quickly breaks down if multiple countries outside the EU decide that is a good model.
This presentation will look at proposed trust models and explore how a number of implementations are using OpenID Federation to address these scalability issues.
