ConnectID 2019

Federation and Other Trust Models for Cross Vertical Digital Identity Acceptance

Over the past year, digital identity solutions have both matured and newly emerged. Several of the Self Sovereign Identity (SSID) solutions that were first commercially introduced last year, have now made it into pilots. Others solutions are using a metered approach to build a solid credential structure to address a specific vertical use case. Still others are blending these concepts to provide support for both government led digital credential standardization as well as sector specific use cases. Each of these capabilities was presented and widely discussed recently at connect:ID 2019 in Washington, DC.

As all of the solution sets have developed support for valuable identity based processes, there are still a number of challenges for use of any of these credentials across verticals or industries. Most of these SSID solutions are commercial efforts that were instantiated as pilots to address requirements specific to an industry – examples include:

  • Self enrollment & electronic health record sharing, derived from a specific health insurer’s customer base
  • Mobile driving license generation & utilization
  • Seamless traveler initiatives leveraging the Digital Travel Credential (DTC) being defined through an ICAO and ISO partnership for use throughout the travel continuum (booking – airport check-in – baggage drop – security screening – airport vendor services – boarding – arrival – customs – hotel check-in – return trip)
  • Concepts extending the DTC concept from the traveler journey to Visa request, work permit, & law enforcement record verification processes
  • Solutions providing a digital identity to the extremely large population of people without paper identity documents
  • Digital consortium solutions for banking

As can be imagined, each of these capabilities has been implemented using varying technologies and security frameworks. All of the programs describe their offerings as being built with extensive security measures in the generation and protection of the digital credential, and just as importantly, with a Privacy By Design approach. Some of the digital credentials are built through the derivation of data from a physical document (after the performance of automated identity document authentication – often in combination with facial recognition matching of the end-user against the authenticated source document), while others use identity repositories as the data source for the digital credential. As the DTC is a token which leverages the Document Security Object from an ePassport, the initial delivery mechanism of this token to the end user is meant to be managed by the document issuer.

Security of the token also varies. The DTC imposes requirements to perform the same level of authentication for the token as for the document itself, meaning that it needs to be cryptographically assessed to determine its authenticity by the relying party. Other solutions are leverage block chain implementations to both protect and distribute the user data to support access decision processes for both physical and logical access capabilities.

The key to the evolution of a broader, frictionless identity ecosystem is going to be the development of an interoperable security framework that will allow the digital credential from one ecosystem to be fully leveraged by another. While brand loyalty drives many of these initial capabilities, use of a single credential for many disparate functions is what will drive consumer adoption globally. While it seems naive to think that a global, federated trust fabric will be deployed to support any and all of these disparate programs, perhaps the answer is an interoperable identity wallet that understands the protocols required to authenticate an end user to all points within the ecosystem using the appropriate digital credential – without any specific user action other than authentication to the device containing the digital credentials.

 

Ozone e-Passport PKI