Following Up: Further information regarding the Proposed Working Groups
Following the Economics of Identity Conference in collaboration with techUK, four working groups are now in the process of being set up:
(1) Interoperability and standards (including biometrics)
One of the major challenges is aligning with global standards and making the identity ecosystem widely interoperable.
- Interoperability: although eIDAS came into force a year ago, it is not instantly interoperable and local adaptation may be required to further uptake. The requirements heard from some of the relying partners at the meeting (such as the DWP and IAG) was that they want to be able to trust users’ assertions without having to hold or manage the data which should be securely managed elsewhere.
- Standards: the updated GPG45 is a good framework to build on in reaching across vertical sectors. One of our challenges is balancing the sharing of verified proofs/claims against compound levels of assurance. One thing is clear: relying parties do not want to be standards experts which is what they are having to be today to fill the gaps in existing identity schemes.
- Biometrics: despite being heralded as the long-time panacea for identity proofing and/or authentication, it’s not yet clear where biometrics fit in the overall picture and whether legislation and regulation support their use.
(2) Inclusion (thin file)
As was evidenced by the DWP and the Tower Hamlets project, not every citizen is in a position, for one reason or another, to get through an online process, and there is a need for alternative methods to support them, one of which may be vouching
(3) Liability and trust models
Critically, whichever approach is adopted, relying parties and users have to be able to have confidence in the ecosystem, which demands a high level of transparency, usability and trustworthiness. In addition, there are potential known and unknown gaps in identity-related legislation and practices that are at best ambiguous when it comes to assigning liability in the case of, for example, a data breach or a man in the middle attack.
(4) Alternative architectures for ID
There are several architectural approaches to building large scale, secure, distributed identity systems among which are federated identity management, self-sovereign identities (with or without distribute ledger technologies) and dynamic attribute exchange. Each one has its strengths and weaknesses, its pros and cons. The objective of this working group is to analyse each approach in terms of its viability and interoperability.
The three areas identified but not covered by the above groups are:
(1) Verify 2020 onwards: this will be addressed in collaboration with GDS via their Engagement Committee
(2) Government data: OIX is working on a whitepaper that will partly cover this: ‘Economic Value of DCS in the private sector and technical delivery options’. Access to broader government data can be part of the Inclusion workgroup.
(3) Competent authority: OIX is working on a whitepaper that will take an initial look at this: ‘Establishing an interoperable digital identity ecosystem in the UK. Is there a need for signals, certification and an independent authority?’. A peer review group will be convened to have input into this whitepaper.
techUK and OIX will form a Steering Group, with the participation of Government (and other major sector bodies), to help working groups achieve concrete results.
In addition to the whitepapers, the steering group will provide workshops to kickstart the working groups and later to progress action.
The next Economics of Identity Conference is proposed in early 2020 to examine the outcomes of these working groups.
Volunteers both to lead and to participate in each of the four above working groups are needed, so please email:
firstname.lastname@example.org if you’d like to get involved.
(Please indicate which working group you’d be willing and able to participate in.)
OIX Executive Director