This fourth BEST OF TRUSTECH article explores the importance of standardization, what it means today, and the opportunities for governments to embrace greater interoperability within their digital identity management systems through OSIA.
The questions Guy de FELCOURT reflects on in this article make reference to the conference track dedicated to Government Identity and Challenges and more specifically to the presentation by Ms. Debora Comparin, Chair of the OSIA group at Secure Identity Alliance on the 27th of November 2019 at TRUSTECH.
The evolution of open standards for trusted digital identities
Standards have grown significantly in the digital sphere in recent decades. They are a symbol of both the push for greater globalization and the increasing maturity of digital services. More recently, we have witnessed the introduction of new open standards for trusted digital identities for government systems.
Progress in standardization around identity
Standardization plays an increasingly important role in driving the digital world, and in establishing a strong framework for security and interoperability. We see this across the sector spectrum – in telecommunications, connected objects, information systems, open banking and the management of identity.
In the digital identity world, many standards already exist. We have standards for identity cards (ISO 7810), for travel documents (ICAO 9303), for biometrics (ISO and NIST), and for digital signatures (ETSI, CEN, ITU, ASIS). There are also standards for the exchange of identity data on the Web or in federations such as Open ID Connect and SAML.
The activity of three working groups within ISO is regularly monitored – the GT17 for the cards and security devices for the identification of individuals, the GT27 for information security, cybersecurity and privacy protection, and the GT37 for biometrics. We could also refer to the levels of trust specified by NIST, ISO or eIDAS regulations around identity verification and authentication as standards. So too, the new authentication solutions being developed by the FIDO alliance follow this standardization track.
Of course, standards are evolving all the time. One particularly interesting development was presented at the last edition of Trustech – the OSIA initiative[1]. This offers an opportunity for governments around the world to standardize their digital identity management systems. It sounds great, but what is this initiative and what real world benefits will it offer to governments and their citizens?
Open standards for governments
Technically, these new standards aim to strengthen the modularity of management systems and their interoperability by creating fully standardized interfaces. In other words, the components of management systems are defined by a common structure and their specified interfaces. This allows the creation of a framework for the interconnection and interoperability of the main components of identity systems: fundamental registers, functional registers, citizen enrollment, biometrics, credential management, authentication, etc.
This modularization created through the standardization of interfaces will bring several benefits for governments.
The most immediate is the increased ease of systems design, and a smoother measure of performance in test mode or production. The management of the tendering process, and the implementation of solutions, are also simplified.
Perhaps more importantly, OSIA offers new levels of flexibility and sustainability. Indeed, thanks to standardized interfaces (APIs), the opportunity exists for different solutions to seamlessly communicate with one another as part of a single identity management system, and to easily add new ones! In short, from the moment a vendor commits to OSIA standards, their solutions become compatible with all others within the initiative.
As a result, governments that adopt these standards will be able to swap out on modular solution with another (‘vendor agnostic’ according to the market term). While vendors will be able to compete on a level playing field.
Surprising benefits
But there are other, more surprising, benefits as Debora Comparin revealed to us at Trustech: [2] "We must realize that the most common situation in countries is that several administrations manage registers, titles and biometrics for different purposes with generations and versions of systems that are not compatible – for example electoral registers or social security."
Until now these systems often had the greatest difficulty communicating with one other, their compatibility was limited, and the only possible solution was often the duplication of several systems when authorities wanted to replace one of the modules.
Today, in respect of the consent of citizens for the use of their data, the sharing and optimization of resources (e.g. ABIS or Enlistment) will be more convenient with standardized interfaces. It will become easier to make several generations of systems coexist, and separate jurisdictions will be able to make better use of resources – even when they are natively heterogeneous.
As the market evolves, this approach will enable national identity ecosystems to more easily reconcile the principles of sovereignty and interoperability, and will allow data to be more easily shared between foundation registers and administrative services. All of which will benefit citizens and drive the development of (and access to) higher quality services.
To delve deeper or go further:
- Link to the nomenclature of ISO/IEC 24760-1 (2019) standard— « IT Security & Privacy : A framework for identity management » https://www.iso.org/obp/ui/#iso:std:iso-iec:24760:-1:ed-2:v1:en and standards on biometricshttps://www.iso.org/committee/313770/x/catalogue/
- World Bank Catalog of Technical Standards for Digital Identification Systems http://documents.banquemondiale.org/curated/fr/669471547045930961/pdf/129743-French-ID4D-Standards-Catalog-2018.pdf
- OSIA initiative https://secureidentityalliance.org/osia-about and the latest specifications on standardized interfaces https://osia.readthedocs.io/en/latest/
TRUSTECH 2019 presentation : "Open Standards for Trusted and Universal ID Systems"
By Debora Comparin, Chair of the OSIA workgroup at Secure Identity Alliance
Interested in speaking at TRUSTECH 2021?
Are you an expert in Identification, Payment or Security issues and wish to take the stage at TRUSTECH?
Discover the 2021 Conference Themes
__________________________________________________________
[1] https://secureidentityalliance.org/osia
[2] Chair of the OSIA Working Group