Blog article
See all stories »

2023 – the year of the digital ID wallet

Across the globe, we are seeing country after country making digital ID a primary option for consumers (and businesses) to access both public and private sector services. In some countries, it is entirely led by the government, while in others it has been taken on by the private sector.

The ecosystem to allow this is now established in most places and growing at a rapid pace, and digital ID wallets have emerged this year as the preferred method of storing, securing and managing digital IDs. 2023 has very quickly become the ‘year of the wallet’ in the story of digital ID evolution.

Smarter for organisations, smarter for the end users – a user centric approach

As the concept of digital ID wallets takes hold, our view is that they need to do more than simply hold digitised versions of real-world credentials. They must be smart.

Thought leaders on the topic of smart digital ID are talking about smart wallets that will help organisations work out which credentials best meet their needs rather having to work through the various credentials that exist, in constant liaison with the end user (the customers) to get the right ones. A smart digital ID wallet would help organisations work out quickly what information will be accepted in the complex processes and rules they have to follow to proof a person.

At OIX, we believe a smart digital ID needs to go much further than this. The process of working out which credentials, or parts of credentials, are needed for each transaction is even more confusing and painful for the end user. They cannot be expected to understand the ‘rules’ at each turn. A smart digital ID has to guide the end users and make it easier for them too. So, in addition to interpreting each organisation’s complex rules for the end user, a smart digital ID should work out both which credentials the user needs and help them obtain the credentials they don’t have, all in a structured way and without requiring the user to understand the rules. If it means combining information from several credentials to meet data minimised needs, the ‘smart’ digital ID wallet must be able to do that safely and with the user’s consent.

This means that trust frameworks and standards must also be designed to support ‘smart’ digital IDs. Last year we launched OIX’s Trust Framework for Smart Digital ID which shows how a user centric wallet-based digital identity must work for its user to enable them to meet the complex rules that organisations they wish to consume services from must work within.

Leaving organisations and end users to work out what credentials are needed will simply become another major barrier to the adoption and success of digital ID.

Enabling global interoperability - an open policy rules framework

Payment cards and phones continue to work quite easily across international boundaries. When a person travels abroad or does business with someone from another country, the process is fairly seamless. Digital ID wallets must also be able to do the same. For example, when a person flies from the US to Europe, their wallet must dynamically and seamlessly adapt to the policy rules for digital identity in the EU.

For this to happen, there needs to be an ‘open policy rules framework’ that will allow all parties in the identity ecosystem to describe their rules to each other. There are a number of vital activities underway to progress this. OIX, for example, is exploring with its members and partner trust frameworks around the world, how such an open policy rules framework can be defined and might be leveraged across the globe.

Earlier this year, the Open Wallet Foundation was launched to create open source code enabling those wishing to build and issue wallets to users, to do so in a rapid way while leveraging existing global standards.

We would then want to see the open policy rules framework adopted into the components that are published through the Open Wallet Foundation, so that all parties can work in a consistent way to describe, share, and comply with digital identity policy. This will help achieve interoperability among digital wallets.

Fewer apps and fewer wallets

Various forms of wallets are being developed, piloted or rolled out across the globe. In the US, for example, we are seeing the continued rollout of mobile driving licenses state-by-state. These are being issued to citizens and are being carried in the wallets of their smart phone providers. This raises a number of questions that will need addressing long term. For example, will other credentials such as a passport or a national ID also end up in the same smart phone provider-based wallet? Or will they end up in other wallets specific to the purpose of each credential?

The latter will be very confusing for end users, so we hope this will not be the case. While we don’t want to see everything in one super app, we don’t believe that increasing the number of apps on a mobile is the right way forward either. For a digital identity to be effective and easily managed by its owner, the users’ key credentials need to be available to be combined and shared all in one place.

Meanwhile in Europe, a highly transformational series of large-scale pilots for the European Digital Identity Wallet will be kicking-off, exploring interoperability across the EU in various use cases, such as travel, payments, education, account opening and eSignatures.

Bearing in mind the need to make it easy for users and enable them to have their key credentials in one wallet of their choosing, this ambitious program also raises some crucial questions. Will it result in state-based wallets containing only state issue credentials? Will users be left with  separate private sector wallets for private sector issued credentials?

State based wallets versus private sector wallets

The wallets that emerge in 2024 must be smart, and trust frameworks and standards must also be designed to support ‘smart’ digital IDs.

At OIX, we see two key ways wallet may be implemented: one where governments issue government credentials into government issued wallets, whilst private sector credentials are issued into private sector wallets. In this version, the government sector wallets can be used to access private sector services, and vice versa. However, it also means that the end user will have two wallets, at least, and may not be able to effectively combine credentials to meet the specific needs of complex use cases.

The second one is where governments issue credentials into private sector wallets that they trust. The end user then needs only one wallet containing all their credentials, within which credentials can be combined where required to meet the needs of complex use cases.

At OIX, we lean more towards the second option. Digital IDs are very complex. To be useful they need to carry both public and private sector credentials and allow ‘smart’ use of these. Many of the needs that will have to be fulfilled will come from the private sector. As such, innovation around smart digital ID services that blend trusted ID proofs from government, with public and private sector credentials, is more likely to happen easily within the private sector.

The end goal has to be to remove barriers to digital ID progress and adoption, not create them.

9323

Comments: (1)

Andrew Smith
Andrew Smith - RTGS & ClearBank - London 04 April, 2023, 15:57Be the first to give this comment the thumbs up 0 likes

Some of this is over complex. For example, we dont need an open policy framework where my wallet knows what jurisdiction I am in. For identity to work, I need to have an ID that is accepted in the US and an ID that is acceptable in the EU. This doesn't mean its the same ID, rather it could be from a different set of identity credentials i hold, some that can be shared. If we keep things simple, by following a Self-Sovereign Identity (SSI) model and its principles, then most of the challenges are mitigated.

Digital ID should be SSI simply because a) its my identity I should own it, no third party ever does, and only with SSI can I really control it, and b) because it solves so many of the challenges associated if data isn't self sovereign. 

Where governments really need to start looking is at privacy and security of digital ID solutions - and thats not just the wallet, thats the TYPE of credentials that are stored and how capable they are with regards to zero knowledge proofs (ZKP) and selective disclosure. Then if I move between jurisdictions it is a technology thing, if the US supports AnonCreds for example, and the EU does, then all challenges are solved....

A good post here explains the issues with credentials and why we need to ensure that a minimum bar is met with regards to privacy for most identity based solutions. If that bar is consistent, then policy becomes a matter of what types of credentials are trusted and supported primarily. 

A call for trust, a call for privacy, a call for AnonCreds – ID Crypt Global News and Blog

Now hiring