As US gives up on federated digital identity, Europe tries again with SSI
The idea of providing digital ID to people throughout an open federated identity ecosystem with multiple providers may have to be abandoned, according to Jeremy Grant, who led the Obama administrations attempt to encourage just such a system.
Grant is now Better Identity Coalition coordinator, and was speaking during AFCEA’s 2021 Federal Identity Forum and Expo, AFCEA’s SIGNAL reports. He led the National Strategy for Trusted Identity in Cyberspace initiative when it was launched in 2011, when he worked with the National Institute of Standards and Technology.
He was speaking with Paul Grassi, a former NIST colleague, now of AWS.
Grassi suggested that “monolithic programs” to create trust frameworks or certification programs and for identity providers consumers can sign up with have not been adopted due to the impression that they are too complicated, or that they duplicate existing systems. If they were “more lightweight,” like the Underwriter’s Laboratories stickers for safe electronics, they may have more success.
Grant noted that relying parties were not won over to the schemes, limiting their relevance to consumers. Improvements in remote authentication technology are part of the reason why. Those technological innovations include the FIDO protocol and behavioral biometrics, he noted.
Given those tools, businesses are often hesitant to rely on a third-party identity provider, according to Grant.
“In both the public and private sector, it’s been really hard, probably way too hard, to get different stakeholders to actually buy into this idea, particularly given that as you start looking at broader federation schemes … the different industries and stakeholder groups all come together with different drivers and different incentives,” Grant said.
Europe tries again
The EU has been prompted by the pandemic to include plans for a digital wallet in its update of eIDAS, and One World Identity’s Cameron D’Ambrosi said during a OWI podcast that the development of digital identity in Europe should be closely watched over the short term.
D’Ambrosi interviewed German Chancellery Advisor on Digital Identification Sebastian Manhart, who described Germany’s second effort at standing up an interoperable digital identity. The idea is for a federated system of private actors within a public framework to provide a user-centric decentralized ID, which is mirrored throughout Europe. Spain has also signed on to the project.
Manhart noted digitized government services is now well-established and self-sovereign identity (SSI) is a growing trend, while eIDAS can provide the framework for cross-border digital identity usage. It will take two to five years, however, for the negotiation stage to be completed.
D’Ambrosi said the previous version of eIDAS made true interoperability optional.
Germany has tapped 18 major stakeholders within the country’s economy to support its new approach.
A major opportunity for implementers could arise, as has happened with frameworks in other areas like payments.