Image source: OIX
The Open Identity Exchange (OIX) has called for a global adoption of comprehensive data standards to support the interoperability of digital identities.
It has published a paper on the issue, Data Standards for Digital ID Interoperability, that brings together a series of recommendations it has been formulating over the past year.
OIX, a not-for-profit membership organisation focused on the development of trusted digital identities, said its analysis has found there are many bodies that address some elements of the necessary standards but none that are looking at the whole picture.
Existing data standards around individuals’ personal details, common evidence types and associated proofing techniques are inconsistent and mixed, which provides a major barrier to interoperability and the wider adoption of digital identities.
The paper outlines how standards might be implemented from the data item level upwards, revealing a layered requirement that will enable many granular for individual data items of evidence to be brought together consistently.
The organisation said this will be vital to the interoperability of digital identities in federations within an ID ecosystem and across different jurisdictions.
Recommendations
The paper makes a series of recommendations, including the creation of a single protocol independent data standard based on the OIDC for Identity Assurance standards. Existing standards from the International Standards Organisation and the International Civil Aviation Organization should be used for core ID claims as far as possible.
In addition, a per claim level of trust and period of validity construct should be considered, and where specific standards existing for evidence types – such as for passports and driving licences – they should be used for those types of evidence.
Nick Mothershaw, chief identity strategist at OIX, said: “There are too many scenarios where the lack of comprehensive standards is creating significant difficulties for organisations trying to confirm a user’s identity. For example, where there is a local federation of ID providers issuing the same verified core ID information or where digital IDs are used across international boundaries to prove who a user is in a new country, all requiring consistent communication of evidence, proofing and ID assurance approaches.
“Relying parties are receiving the same data in different formats from different digital ID providers. Having to assess the data themselves, and code differently to accommodate for the differences, is creating problems around interpretation, translation and data normalisation. This is forming a barrier to digital ID Adoption. If we want relying parties to embrace and consume digital ID, we must make it easier for them to do so.”