OIX releases full guide to what a global Trust Framework for Smart Digital ID could be
After years of work with thought leaders in digital identity, the Open Identity Exchange (OIX) publishes its first full guide to ‘Trust Frameworks for Smart Digital ID.’ And that is a very careful use of the world ‘smart’ (and ‘guide’).
The overall aim of the OIX is to allow anyone to prove their identity anywhere. To achieve this, Trust Frameworks are needed. These are a set of principles, roles and responsibilities for all involved. The OIX community is not there yet: this is a guide to what that Trust Framework might and should look like. Version 1.0 is now available on the OIX website, as an interactive guide or full 65-page PDF. The team welcomes feedback.
Overall, the guide provides a detailed resource for defining, explaining and presenting what is meant by a digital ID by exploring the mechanisms that underpin it. These are the 30 elements, components and frameworks that the community believes should be used to build a global Trust Framework that will enable a successful and trusted digital ID.
Rules-based, derived and smart for now
The guide explores what is needed for a ‘smart’ digital ID. “The smart ID must be able to help the user through this process and this process is defined by the organization’s rules,” says Nick Mothershaw, chief identity strategist at the OIX during the launch event for the guide.
The ‘smart’ comes from the digital ID – whether as a smart wallet on a device or a cloud-based digital ID – being able to navigate an ID-dependent situation on behalf of a user via sets of rules. The user should not need to know the rules.
It does not yet incorporate AI. “What we’re encouraging here is a capability for the identity to understand rules and process rules on behalf of the user,” says Mothershaw, “An inevitable elevation of that is AI … the rules as we’ve painted them so far are coming in from the direction of the relying party.” For subsequent working groups the community will look at rules going the other way: “What about the rules for the user? AI definitely has a position there in terms of user behavior – for the user.” AI’s role as an agent for the user will also be informed by regulation such as that of the EU on the use of AI.
The system relies on the ID having rules engines which can understand what a relying party wants and provide them from either the user’s existing credentials or a derived credential. The guide explores the creation of derived credentials whether ad hoc for a specific use case or longer-term. An example might be a ‘COVID safe’ assurance being required which would come from a combination of the ID containing records for both a vaccination and a recent negative test.
Rationalized language for digital agnosticism
The guide also includes an extensive glossary of what all its terms are (for signed-in users). This is useful as devising an interoperable global digital ID basis is somewhat complex. There is also a rationale for why the community has chosen certain terms and not others.
The guide is both technology agnostic and ‘paradigm agnostic.’ It accommodates any type of technology architecture such as digital wallet or cloud-based. It is also suggesting components that would allow for a full range of identity systems that the IDs sit within, covering centralized, decentralized, self-sovereign and federated.