So I am joined by several friends from the the city hub community. Please come on up. Thank you Sanjay. We'll have as many people in the panel as we'll, have listening to the panel be very good. We'll get into a two-way conversation in no time.
And, alright, so I have my phone, but that's not a clicker, so let's find that. There we go.
Three.
Perfect. And I think actually you're going to kick us off. Introduce ourselves. That's a great idea. Gail Hodges, executive director of the Open ID Foundation. Go ahead. I'm Elizabeth Garber, I'm the city hub program manager
De company, and I, I wear several hats, but here I'm representing the Secure Identity Alliance.
I'm Nick Mother Shore Chief identity strategist at the Open Identity Exchange.
Sanjay Rad from U-N-H-C-R, working closely with CD Hub and Open ID Foundation.
Mark Hen Open ID Foundation and working hard in City Hub.
You need a mic?
Can I get a mic? And Abby needs a chair.
A chair.
Yeah, you can take mine if you want in the meantime, right? Let me see. So welcome everybody. So my head is actually full of inputs from all the sessions today.
We, we discussed a lot about interesting topics including cross-border interoperability. We talked about, I heard a lot of presentation talking about scaling trust and actually this is what CD hub is about. So we think that to scale trust and to achieve cross border interoperability, we need cooperation. So we need collaboration from all the stakeholders, the major stakeholders that are active today in the digital identity ecosystem. And the clicker doesn't work, I think, I dunno if you can maybe change the slide from there. I don't mind.
If not, I can keep on talking without the slides maybe. Yeah, you
Can.
Yeah, so it's a pity because the slides were a nice way to show you who is involved, which is much easier than me actually stating all the names in one by one, which is impossible, but a sense in essence, CD is a community. So the first thing that you will need to know is that we are, we don't, we are not, we don't have, we are not a legal entity, we are not a standard setting body, we are a community. So it's really like, oh well thank you.
It's a platform where the community, all of us expert in digital identity collaborate to solve this specific problem, which is cross-border interoperability.
And so today I will talk a little bit about what Citi hub. So really a quick intro then we will move on to what we have learned so far, knowing that Citi hub is, is very new. So we started for the first time this, this activity in November last year. Then we will move on to the OECD recommendations around digital identity and the G 20 that is upcoming this year.
And especially, what can we ask, what are our ask as a community to the G 20? Finally a love letter to the USA and I will let you discover what it is later and a little bit of a road ahead and a survey to get your, your feedback. So today when we, we heard a lot of presentations about domestic choices around digital identity implementations. And this is great, right? Like it's very important that this remains sore.
So we will, we know that around the world there will be very different implementations of trust frameworks or technical stack to manage digital identity.
So how do we fix this with the need to build cross border interoperability? And so at Citi we think that we should respect the sovereign choices. So we we're not here to mandate anything to anybody, but we are actually here to solve the problem, to build those pipes that are missing to make sure that we can interoperate. So this is, this is, if you haven't read this white paper is a, is a very nice white paper that is called by two of my colleagues here. So it's human-centric digital identity for governments officials.
And here they've done a study, they've looked at several implementations of digital identity and they've sort of classified them in into two different axis. So either is a centralized approach or a decentralized approach or is public led or private led. So as you can see, a lot of different thinking and if you dig even deeper, even more different thinking.
So this is us, this is the community today. So we really think that to solve that we need to get together.
So together meaning governments, nonprofit organization including standard organization and multilaterals like the un, the World bank and, and Sanjay's representing here U-N-H-C-R. So this is the first, the launch of this initiative. We were humble enough to not presume we know that this is a problem. So we ask actually the community this is a problem and if they wanted to work on it. And so this was the initial discussion in, in Paris last year. And then we move on to, we decided that we needed to meet people where people are.
And so we decided to do something which is a little bit crazy this year, which is five summits around the world. So in all the different continents to meet the people and ask what are their needs?
So what are they building, what are the use cases and how can we work together to make this, you know, to achieve this, this cross border in trope. And so the first of the summits happened to be in Africa.
So we, we met in Cape Town last month and here you see in the slides all the different participants. And then the second one happened this week on Monday. So in Berlin and, and here you can see the different participants. What is interesting to note is that in Berlin we have started to build more collaboration with the, with the mo the world of academia. So we think that results are really bring a lot of value in this discussion. And so we are, part of our objective is to federate the academia and the researchers on, on this topic.
So finally what people think, so we always ask what people think after every summit. And so we started in Paris and here is the result of the different survey. The audiences were quite different in between this, this, this summit. So in Berlin you have more, I would say more technical people and less governments. And that was the opposite in, in the previous summit, like in Cape Town for example. So I dunno if that's the explanation of the different reaction, but nevertheless we got super good feedback on Monday, which we are implementing.
So I think it, it underscores the importance of what we do and also the fact that people are engaged and are trying to be helpful to make sure that we are successful in this. So with this being said, this is very light overview of who we are and I will leave it, I will pass it over to Gail. She will get into more details about what exactly we are building. Concretely.
Thank you all, appreciate it very much.
So the, the, the goal that we've started talking about is, you know, beyond achieving the interoperability to really make it incredibly easy, right? So it's as easy to assert one's digital identity as it is to send an email, make a phone call or present our passport. So it's just kind of like a little bit of a metric of success that we can contemplate. But getting there is obviously incredibly challenging.
If we wanna get to kind of outputs where wallets and centralized digital identity implementations are actually interoperable, then we need to have a a mechanism and a kind of manufacturing line. So individual countries are all developing standardized outputs. So here we go. I use my manufacturing plant as a proxy for a technical stack because each of those countries need to have their own technical stack that meets their own requirements with blueprints and with conformance requirements that are, that are lined up to that.
And on the left hand side is a bunch of icons to represent some of the key steps that are necessary before you even start building the stack or trying to modify the stack that you have in place. So we've got policy, we have the conformance criteria, you have the contractual relationships with hooks in the contracts that include one must certify before you're certified for conformance, before you get paid critical step. We have standards, we have scientific best practices, source code, metrics of success, and then ultimately that blueprint that brings everything together.
So an individual country can either take, build their stack from scratch or they can modify their existing country implementation. Also quite important that they're thinking about resourcing and strategy as a part of that recipe.
And again, that they qualify everything is conformant before payments come through. That's probably the only way you would get to interoperable outcomes and not the world that we're in right now, which is that digital identity credentials from Nigeria for example, simply won't work if they were presented in a California or in an EU or in a South Sudan.
You know, you, you pick the country, they're mostly not interoperable, it's more the exception where they will be. So the EU clearly does have a strategy that's top down within Europe. The same for mobile driving licenses.
That is is which is a standard which is designed by default and tested for interoperability. But again, the concern is that's more the the exception than the the rule we're gonna see. So city hub is a community to bring people together, which could be a challenge, which could make it really difficult to get anything done at all. But it can also be a superpower because it allows other people to engage without there being a single entity that is the one deciding and making the decisions. So what we're not is all those things on the right hand side. There are plenty of those other organizations.
We're really trying to bring together those stakeholder groups and so far we're bringing together a lot of the stakeholder groups and many people with healthy skepticism, which is well received in order to help us chart the right course.
So the decision making bodies remain the same multinationals, the OECD, the UN and so forth, the individual governments or the ultimate decision makers on their tech stacks, the non-profit organizations, civil society and the standards bodies, private entities will still develop their products the way they see fit to meet their client's needs.
Academia as Deborah was saying, we need to more closely engage to bring them into bear, bring them into the conversation and help support the applied work that we're doing. And then on the bottom is a set of work streams that came out of the first Paris summit.
It was, we did a bunch of surveys to say what do we need? What are the friction points? What is worthwhile doing with a community group structure? And the output was deciding the champion use cases was a really good place to start. There's no specific country or multinational body that is going to decide use cases.
There's just not an automatic home for that. So what are those first couple of use cases? How can they help us build foundation blocks the minimum requirements for digital identity and profitability?
That's again really tough because you've got these different technical stacks and within each technical stack or country implementation are a bunch of different standards and they're not interoperable. So it's not just one standards body that can solve the problem, it's actually understanding the problems, the requirements and figuring out how to align the technology and close any gaps. Trust framework mapping, really tricky. We'll hear more about that from from Nick in a moment. What the focus is there. And then metrics of success. What does good look like, right?
Is this a sustainable development goal for digital identity? What are the more minute KPIs we should be working towards? And then governance both within C hub, between Citi hub and its various partners that it's working with and perhaps most crucially the challenges that sit outside of existing governance structures where there's not a natural way to resolve it.
Talk about that in a little bit. So the overall plan, very ambitious plan was to have five summits in five continents within the year. So kind of going from zero to 60 incredibly fast.
We had the Paris summit, which would've been before this year. Then there is Africa, we just met in Cape Town as you heard from Deborah. We had the summit earlier this week here in Berlin. We'll meet again in DC for North America and then later in the year we'll be in Tokyo October 25th and then in Latin America in Rio alongside the G 20. And when we say the G 20, we actually, we do mean it and we'll come back to this later. So they're meeting in Rio middle of of November and I was asked to represent city hub in a G 20 preparation meeting in two weeks time.
So when I asked for your feedback, I really genuinely would like to have your feedback before that, that session happens.
Quick, quick thoughts on champion use cases. So the champion use case process that we're going through and we got some really good constructive feedback earlier this week is yes, it's good to kind of start out with what are all the sources? Like what have the, what is the EU designed as their use cases? They have 11 use cases.
What has the EU and the US agreed in their bilateral trade agreement, our areas of interest, what have the city hub stakeholders fed back and what did the W three C come up with when they were doing their, their verifiable credentials list? All of those sources of information are super important, but we're also getting feedback.
We gotta make sure we're listening to everyone globally at the same time as we need to identify specific use cases that we can start to drill down into more of the specifics 'cause we stayed too wide for too long then it just feels like a talk shop as opposed to a do shop.
And we wanna be the kind of place where real work is gonna happen. So we wanna try and use our work streams to synthesize, do proper criteria and analysis and come up with a few champion use cases that we can then do field research on.
We can do interoperability events, we can have deep economic analysis on them and we can get to a place that those use cases can then feed into real detailed trust framework analysis across jurisdictions and the minimum requirements required to deliver them across jurisdictions. So, you know, easy problem, no trouble here. Here's the list of use cases that we've gathered so far from our last, from our desk research as well as from the, the, the feedback sessions that we've had in multiple different jurisdictions. So there's, there's a whole lot here, right? A lot of really good ideas.
On Tuesday we paused and had a very long two-way conversation on the use cases. Feel free to to to take note if you see anything that's missing. We'd be very happily take your comments towards the end or in your, the survey that we're gonna put up later. But we're not gonna dwell on that one list time so we can get to some other feedback points. So with this I will pass back to some combination of Deborah and Mark Mark's up.
So hi everybody. I'm gonna keep this relatively brief, but from a engineering perspective, we're thinking about this problem space as a network of networks.
We don't believe that there's any sense thank you in remotely trying to tell national implementations what they should do inside their own nation. That would be kind of insane approach. So we think about this at a abstracted layer above jurisdictional implementation details. There are gonna be clearly a wide range of, of architectures and implementations around the world for some time to come. Maybe one day in the far distant future we will have a coherent solution end to end. But that's, that's quite a long way off.
And there's every possibility that the, you know, the societal business legal environment in those countries will lead to a technology solution that is different for each country. So, you know, there's no, there's definitely no certainty that we're gonna ever get to a care here end-to-end solution internationally. We had a really interesting interactive session on Monday where we looked at these archetypes, they were kind of intentionally open-ended and Ill-defined in order that everybody who participated had something to say and, and a lot of very good communication went on.
There was a, a serious amount of conversation for about an hour during the workshop. We split into three teams to break down the, the nine types of interaction that I've displayed in the diagram here.
And yeah, so the, the bolts reference here is a call out to Scott. David, thank you very much. My brain power is running low, it's been a long few weeks and that we need to incorporate the business, operational, legal and societal factors into a technical solution. And those are determined not only by the source and destination environments that the, the identity comes from but is being sent to, but also the use case particulars as well.
So there's a whole lot of contextual information that needs to be taken into account when we look at the integr, the integration for a specific use case and there was feedback that we received that federated and API based could potentially be collapsed.
There was a kind of final shortish discussion 'cause we were running on time about policy metadata and this idea that splitting out the data definition for representing policy and trust framework characteristics, which Nick is going to tell us more about I think in a minute from the transport mechanism for said entity metadata and policy constraints is another important split that we probably want to investigate going forward. And I think it's next turn.
It is. Thank you. I'll be very quick.
So on the trust framework mapping and analysis and comparison, we've already analyzed eight different frameworks from around the globe. Eight very different frameworks deliberately chosen for the, the different styles and maturity of the frameworks. So some very mature, some centralized, some moving to decentralized like the EU one. And what we discovered
W was what we termed the digital ID of DNA, which is that they all have the, the same common characteristics but they have different values for those characteristics.
And what we're doing now is exploring how do we enable roaming wallets to be created so that when I move from the UK to the US in this example, that my wallet still works.
Not all the credentials in it will work, but some of the key ones, what we're calling the golden credentials that are built to international standards that are from recognized issuers such as passports, driving licenses, bank accounts, telco accounts, or my national ID card if I have one, will be recognized and will be valid in the country that I land in and then can be used to formulate levels of assurance within that country to the local rules. So that's the process we're working through at the moment.
So next we're going to openly publish the analysis that should be done by the end of summer along with a tool that enables us to then allow more frameworks to self-analyze and contribute to the overall analysis. So we're going to be looking at working with it with the, some of the team in Japan around owning that to the analysis of Brazil, New Zealand, Australia conversations we've had this week and ultimately to the, you know, completing the G 20 set of countries. And then beyond, we're looking at, you know, within that what does the comparison tool look like?
It might just look like a very big spreadsheet with lots of ticks. So you can see where the, the commonalities and differences are. It might have a bit of filtering in it, but one of the things we're interested in is how does this become a metadata exchange model so that policy can be communicated between parties electronically and so that wallets can adapt and decisions can be made around not just technical elements but policy elements as wallets roam around the globe.
So, and
I'll note that Nick did a much more extensive presentation of this in the first session of this track this afternoon. So I encourage people to watch that.
Yes I did. Thank you Mike. If you wish to watch that back for that I hand over to back to Gail, is that with you? It's got your name on it.
Alright,
I've only got 10 minutes so I'm not gonna talk too much about this, this concept other than bring it on the next page, which is that the definition of D digital public infrastructure is still kind of awaiting maybe a formal description from the G 20 this year. But it essentially includes not just digital identity but open data, open finance, faster payments, civil registry systems and digital government services.
So in our kind of sphere we tend to see the first areas in blue and less so on the left hand side, but all those kind of organizations on the left have a material role to play in the global south in trying to invest in and deliver different parts of the digital public infrastructure. So it's important we translate what we're trying to accomplish in as implementers in digital identity within the context of how government stakeholders are thinking about it. Elizabeth?
Alright.
Yeah, so I definitely think we wanna get to audience participation. So this is not really here for you to read, it's here as a demonstration. This is the recommendations from the OECD which came out not too long ago.
ga, you got the clicker. I think we can move along. So we all agreed as a group that the OEC recommendations were extremely comprehensive and a very valuable tool. Last year Mark and I documented a, wrote a paper called Human-Centric Digital Identity for Governments. And the recommendations that were in that paper are really, they form the basis for a lot of the work that's happening at City Hub and they're grouped into these four categories. So first of all, ensuring that everything is based on human rights.
And if you were in my session yesterday, you heard us talking with UNDP and U-N-H-C-R and others about how we thread the needle between human rights and ethical mapping.
Ethical tensions through to how do we design governance systems and tools and then products and and technologies and standards. So that's really the foundation of all this work we're doing on global interoperability. Building upon that, ensuring that we have real tools, ensuring privacy and security by design and then ultimately this work will lead to, to new open standards internationally recognized.
If we move on, I'm gonna take this, I'm taking this. Okay, so the OECD has some key messages for Brazil. Gail definitely made this slide so I am backing up so I can read it.
And we, we are building upon those 'cause we're working really closely with the OECD and that's one of the real differentiators between this work and past iterations of global interoperability exercises is that we're working really closely with organizations like the OECD, like the World Bank, like the United Nations and really having the opportunity to present key asks, quote unquote to or to the G seven and the G 20.
And the ones that we are looking to add right now are encouraging existing leaders in digital identity to converge towards cross-border interoperability.
To put that on the agenda very clearly. Combination of policy, open standards, conformance requirements, certification requirements and best practices, public private partnership and collaboration. Continue continuing down those lines.
And then, you know, as we're having a conversation with you in the room, I think we're gonna open the floor and say is there anything else that you think we should be putting on the agenda to achieve this goal of cross-border interoperability? Do you wanna pause for comment here?
Yeah,
Hear me?
Don't hear anything.
Okay, moving on. Click We can come back. We can come back to it and do so at the end. Let's skip this for sure. This is Nick.
You wanna talk about the timeline Nick?
Or Yes, yes, sorry,
Sorry, I thought it was done. So, so roadmaps are getting, getting things done as we're working through from 2023. We're now in quarter two. We've been to various different conferences. Moving on to quarter three, we've got the aligning with the G 20 support, two other summits coming up and then moving into quarter four as we're get into, you know, deeper workshops that the summits over in Asia and in Washington DC in September and then wrapping up with the G 20 in Brazil.
I think one of the things to, to emphasize, we've had a lot of summits and we've got a lot of summits and as we go through the summer we'll be doing a lot more in the working, working groups and work streams. So we're gonna need at that point, your contribution to, to come to those work streams on, on a weekly basis to help us with our thinking and refine that as we move forward and move forward at pace.
Yeah,
And it's back to me
And we, we, we built this slide this morning. Oh wonderful.
Look, it's here now too. We built this slide this morning 'cause we, we've been working so hard as we've had in the last couple of weeks, major summits in Cape Town South Africa and earlier this week in Berlin. But we wanted to make sure that it was clear to this audience what the long-term goals of this work are.
So we are intending to do real field research on champion use cases that we identify in partnership with the global community and in particular the government officials from all over the world who are engaging in this work with some strong economic analysis underpinning those use cases. When we look to minimum requirements for digital interoperability, the technical side of things, Mark's grinning and he is holding his microphone like he wants to say something, but I have the floor right now. Right? You can add to it. You can add to it.
We are looking to get those minimum requirements included in internationally recognized standards bodies and get profiling tests and certification. Mark add your point.
Yeah, we need to circle back on the minimum requirements based on the use cases that we select as well was 30 point.
Absolutely, yes. Absolute really important point. So we are gonna be working to define minimum requirements and use cases in parallel and then iterating when we, as we learn more and more about the use cases trust framework mapping.
The idea is that the outputs of that can be translated into important standards that can be leveraged by different technical stacks and protocols and also in the metrics of success work stream, which amongst which we want to ensure that folks who are providing funding for implementations around the world can use it in their requirements that, that those implementations are certified and conformant to standards. And of course in terms of governance, we will like to ensure that, that all the big rocks are removed. There are some major, major challenges that we're working through as a group.
Martin's standing up, so, so I'll give him the
Floor. When Martin's standing up as a moderator, it's usually a signal, so the soft signal. So if I then approaching you, then it's, that's fine. Really been your overtime. It's like
Donald Trump approaching Hillary
Once I start, start standing up, it's just a signal we are coming to the close of, to, to the end of the time. Sure. So I think this was very insightful and I noted down that I should look at it slide deck again after EICA bit more in detail because I think there are some interesting things i, I need to think about here.
I, I would would say to the use case, I definitely would add this loan
Micro lending types,
The, the, the one I had in the opening keynote requesting a loan at a bank, which is much bigger than just opening a bank account and, and much more powerful. But I follow up with this later on after the conference. Very insightful and thank you very much all, we don't have questions from the audience, so, so I'll take, we are running out of time.
Sorry, I'll take
The last word if I may. Martin, very short, we missed this slide, which is we need your help. Okay. There's a bunch of work streams that are going on and we want to have contribution from the, the community at large. That's probably the key point here.
Yeah. Okay. Thank you very much.
