Policymakers, technologists, and privacy advocates are invited to offer their feedback on the new white paper, “Government-issued Digital Credentials and the Privacy Landscape.” This paper, published in part by the OpenID Foundation, Kantara Initiative, and the Secure Identity Alliance, and including contributions from several individuals, seeks to engage and inspire thought leaders from government, civil society, and standards and technology. You are encouraged to come together to discuss how to close the policy and protocol gaps between today’s disparate solutions and services and the vision of a privacy-preserving, globally viable privacy landscape.
The paper is a result of six months of due diligence that started with public listening sessions at Authenticate, the November 2022 OIDF workshop, and IIW IIWXXXV, and many interviews with active people in this space.
We start by examining a few of the influential regulations and standards in the privacy and digital credential space and a few areas in the works where government-issued digital credentials play a significant role in society. It continues by reviewing the core technologies that are in use by these credential systems.
The Gaps and Risks section highlights those uncomfortable limitations of the regulations and current technologies. Privacy-enhancing services require laws and technology to support each other, and understanding where each has limits may suggest areas requiring further work.
The remainder of the paper does just that by offering recommendations on where governments, civil society, and technologists may focus their efforts to bridge the gaps and grapple with the uncomfortable intersections of competing requirements. For example, considering new ways to enable consent, supporting systemic transparency for the individual, and encouraging greater support for advanced cryptographic algorithms.
Your feedback will help ensure this paper serves as a strong platform to inform further dialog with governments, civil society, and technologists.
The comment period will be open until 24 April 2023. You may submit your feedback to director@oidf.org. Please reference specific line numbers for your proposed changes where appropriate.
We will share more on the final outcomes and recommendations at the OpenID Foundation Workshop (17 April 2023), EIC (11 May 2023) and Identiverse (31 May 2023).
About the OpenID Foundation, Kantara Initiative, and the Secure Identity Alliance
About OpenID Foundation
The OpenID Foundation is a non-profit open standards body with a vision to help people assert their identity wherever they choose and a mission to lead the global community in creating identity standards that are secure, interoperable, and privacy-preserving. One of the OIDFs strengths is creating identity protocols that serve billions of consumers across millions of applications. In that context, OIDF welcomes the opportunity to help fund and facilitate this ambitious yet pragmatic effort in service to the global community.
Similarly, Kantara Initiative believes in the importance of this work to serve the global community by closing the gaps between policy and protocols. Kantara is a non-profit, global leader in privacy certification with a shared goal of offering safe spaces for open conversations by the community. Kantara seeks to materially improve the privacy landscape across all markets and sectors. One of its key strengths is deep dive audits of client implementations to ensure standards like NIST 800-63-3 are met against clear conformance criteria. The joint approach of Kantara and OIDF to both projects serves as a model for the kinds of partnership required to build technically viable policies and policy-supportive protocols.
About Kantara Initiative
Kantara Initiative is a global community focused on improving the trustworthy use of identity and personal data. It has multiple working groups that explore innovation, and standardization and develop good practices around the collection, storage, and use of personal identity information. Kantara nurtures thought leadership, and ground-breaking R&D and develops specifications that will create and maintain a trustworthy identity ecosystem. Our working groups concentrate on informing policy and standards on topics as wide-ranging as User Managed Access and Consent Receipts; Privacy-Enhancing Mobile Credentials, and Digital Healthcare Services.
Kantara also runs the world’s leading Identity Assurance programs. These assessment programs uniquely audit companies and their products for conformance against a number of Trust Frameworks, including the National Institute of Standards & Technology (NIST) 800-63 standards for privacy and security around Identity and the UK government’s Digital Identity & Attributes Trust Framework (DIATF).
Different classes of Identity Assurance Trust Marks are awarded to organizations that meet specific criteria around technical and business expertise. The most complete Trust Mark is awarded for full compliance with technology, business processes, maintenance, and governance for full credential service providers.
More than 50% of Kantara members reside outside the US. Our leadership is committed to low – or no – barriers to participation, and we encourage membership from organizations across all public, private, and non-profit sectors and across all geographies.
See www.kantarainitiative.org for full details of our work.
About the Secure Identity Alliance
Secure Identity Alliance (SIA) is a global non-profit association representing actors and organizations and adjacent industries active across the digital identity ecosystem. SIA’s mission is to unify the ecosystem of identity and unlock the full power of identity so that people, economy, and society thrive. The association supports the development of the activities of its members across four broad pillars: Identity for Good, Outreach, Open Standards Development and Industry Services and Solutions.
See https://www.secureidentityalliance.org for more information.