The organization that is ready to onboard pre-verified customers should pay attention to global identity networks.
The organization that is ready to provision, authenticate, authorize their employees, contractors, suppliers, etc. remotely and based on credentials verified by trusted service providers should pay attention to global identity networks.
The organization that is ready to manage identities with data minimization built into credential sharing, and transparent audit trails to check the validity of those credentials should pay attention to global identity networks.
Global identity networks propose a different way of identity management, one that operates on shared standards so that organizations don’t need to repeat onboarding and verification with the same individuals, and one with verification built in so that organizations don’t need to rely on trust. But this post isn’t to explain global identity networks; if you’re curious about that, this white paper is a great place to start.
The question to ask is how to leverage them? The short answer is to get involved: participate in any number of the organizations that are designing the technical and governance architectures. Contribute to the conversation, join a PoC or a pilot where it fits your requirements. Join the cause as long as it also helps achieve your identity management or digital transformation goals. Collaborate, because we all have something to gain.
Where to Begin
Knowing where to start can be difficult, but understanding a bit of the context in which global identity networks are developing is a good place to begin. As is typical with a blog post, this is an oversimplified explanation, but the regulatory environment in Europe could soon make big waves in the identity community and beyond, complimented by the long-standing action from numerous organizations.
For those of you that European-based, you certainly are aware of eIDAS. For those who are not, the EU Regulation No 910/2014 on electronic identification and trust services for electronic transactions in the internal market (most commonly referred to as eIDAS) sets out a common interoperability framework for Member States to accept the national eIDs and trust services (like electronic signatures) of other Member States to authenticate citizens when accessing public services. It may sound pretty dry, but it was a very clear attempt to facilitate a regional identity network, where identities could be issued by different identity providers and accepted by cross-border public services. In other words, eIDAS tried to facilitate a portable, reusable identity.
The Revision
Unfortunately, tried is an important word here. The uptake of eIDAS (facilitating cross-border acceptance of eIDs) is low relative to the technical capacity of states; only 15 of the 27 Member States able to fulfil the regulation’s requirements of accepting the eIDs of other Member States for public services.
The EU Commission did reflect on the effectiveness of the regulation in its Impact Assessment, and is developing a revision of it. There are multiple revision options being discussed, but thus far, the preferred option would establish a framework that provides citizens with optional use of a personal digital wallet. This could be used to access public and private services across EU borders. Provision of cross-border trust services is also part of the revision, but is out of scope for this post.
The Collaborative Action
Upping their digital identity game between 2014 up to the present (freshly 2022), EU Member States may now need to provide not only a digital identity to each of their citizens and residents, but also a personal digital wallet with which the individual can present to the public services of any other EU Member State. Why does a digital wallet make that big of a difference, and what does that have to do with you and global identity networks?
This could be a catalyst for reusable, portable identities in private industry, not just for public services. For consumer-facing businesses, that could mean inheriting a digital identity for a consumer at increasingly high assurance levels with even faster onboarding times and less responsibility for managing consumer data. It also means that onboarding your workforce digitally, and enabling other methods of high assurance authentication is available to more organizations. And it’s possible, even likely, that the basis of both consumer and workforce credentials would be based in an eID.
A digital identity wallet plays a big role in enabling the same individual to use their digital identity for multiple purposes. Instead of creating numerous accounts and being bound by usernames and passwords for each consumer and/or employee service, digital wallets put identity credentials that have been issued and verified by trusted parties into the hands of the individual to share as they please.
This concept starts to edge on decentralized identity, sometimes called self-sovereign identity (SSI). Digital wallets have been part of the decentralized identity conversation since the early days. But digital wallets are not exclusively the domain of decentralized identity, and benefits from the cooperation of many initiatives, organizations, and foundations that are globally working to promote interoperable, secure, privacy-centric, and functional identity standards for personal and enterprise use.
The following is just one example of how these identity networks and organizations are interconnected and support each other. There are many other projects besides identity wallets that tie these networks together. The order in which these organization are mentioned is arbitrary, and doesn’t denote any formal hierarchy.
The eIDAS Bridge project which is supported by the European Commission and the European Self-Sovereign Identity Framework (ESSIF) is striving to make eIDAS available as a trust framework in the decentralized identity ecosystem. This means that there are now efforts from both sides of the spectrum: eIDAS may be revised to accept personal identity wallets and technological mechanisms such as zero-knowledge proofs and Verifiable Credentials. The European decentralized identity scene is also actively working to integrate eIDAS by enabling issuers to issue a VC “through” the eIDAS bridge to add additional trust to the credential.
European Blockchain Services Infrastructure (EBSI), also supported by the European Commission, Member States and Lichtenstein and Norway are aiming to establish a blockchain infrastructure for cross-border public services, and to enable information verification and trustworthy transactions. ESSIF and identity are a critical part of the first major pilot, which is to issue and exchange credentials between universities.
IDUnion is also on the scene. It is a consortium of decentralized identity vendors and other influential partners, funded by the German Federal Ministry for Economic Affairs and Energy (BMWi) and private investment. It is providing an open-source infrastructure to issue credentials, identify legal entities/natural persons/devices, and authenticate user and relying party. It aims to be available globally, but with governance remaining primarily European. It is designing its structure to align with the eIDAS revision, is compatible with GAIA-X (a European-based secure data infrastructure project), and is working to improve interoperability with EBSI.
GLEIF is also a part of this as a non-for-profit organization to manage the organizations who issue Legal Entity Identifiers (LEIs). LEIs provide a unique identification for legal entities. It was establish to facilitate improved financial governance, but with potential for many other uses like authentication of relying parties, as is likely required in the eIDAS revision. GLEIF is part of Trust Over IP (ToIP), and uses ToIP’s governance framework and technology stack.
Trust Over IP is an independent project hosted at the Linux Foundation and lays out the governance model and a trust framework to provide Internet-wide digital trust. The main use cases they address with this trust framework are passwordless authentication, long-term private digital connections, and verifiable origins. This is a governance stack to complement the (often decentralized) technology solutions that are being developed.
The Decentralized Identity Foundation (DIF) aims to and ensure an open ecosystem and interoperability for decentralized identity. DIF has contributed DIDs, DID authentication, and many other standards, wallet security, and much more related to implementing decentralized identity. They and ToIP both support the Decentralized Identifiers (DIDs) 1.0 specification being advanced to an official W3C Recommendation.
The World Wide Web Consortium (W3C) develops technical specifications and guidelines, of which the DID specification is a proposed recommendation. W3C carries the influence and respect to propose decentralized identity standards to the web community at large.
Though this took a turn into the decentralized world, the cooperation of other non-decentralized organizations are critical to test the interoperability and standards that are being developed. The Global Assured Identities Network (GAIN) proposes a federated identity network that would allow any organization to utilize verified identity attributes. It utilizes the international collaboration of financial institutions to leverage the trusted identities that are issued by those financial institutions for reuse in any industry. This project is in close collaboration with OpenID, Open Identity Exchange, the Cloud Signature Consortium, and GLEIF. While this is still in early stages of launch and development, GAIN may emerge as a parallel effort along with decentralized identity. Achieving interoperability can be achieved between such decentralized and federated global identity networks will be a monumental leap forward in enabling a verified, reusable identity for consumer, citizen, and workforce identity management.
The Cloud Signature Consortium is working to establish a standard for secure and open cloud signatures, motivated in part by eIDAS goals to create a single digital EU market for trust services.
This is a very brief and simplified map of some of the most active organizations working for global identity networks. This is a space remarkably focused on collaboration and first enabling interoperability before striving for market share. Each organization has their own individual goals which dovetail with many of the goals of others, and even provide a critical technology or governance frameworks that help other organizations to achieve theirs.
Continue the conversation with us at the European Identity and Cloud Conference, May 2022 in Berlin.