Deloitte believes the future of government rests on a vision it calls ‘agile identity’
Deloitte has unveiled a vision called “agile identity” which it believes is the future of government, soon after being awarded two contracts (worth a combined £13.8 million, or US$18.1 million) with the UK government to build a digital identity app called One Login to replace its predecessor Gov.UK Verify.
In brief, Deloitte’s agile identity vision has three approaches defined as centralized, federated, and decentralized and they describe how each has benefits, drawbacks, and the many possible technologies that can be used for citizen access to government and commercial digital services. As a basic primer to various government identity schemes that have been implemented globally, the vision mainly focuses on the dynamic nature of societies, individual choice, and trust in the integrity of digital identity systems.
The standout portion of the vision lays out a future, emerging near-term example, where an individual can leverage an in-person proofing ceremony to apply for or renew a physical driver’s license card and at the same time, acquire a mobile (or digital) driver’s license credential which is cryptographically protected, digitally signed, and stored in a secure enclave of the personal device as part of a digital wallet. Digital wallets, which are often used for credit card and payment information, can store any information from concert, airline, and movie tickets to high value identity-related documents and verifiable credentials.
Verifiable credentials can contain a multitude of identity-related attributes and zero knowledge proofs about the holder, beyond the eligibility to drive (in this case) or purchase alcohol (another common example). Verifiable credentials can enable the holder, via user consent and authorization methods, to connect to a school, provide proof of employment, and use various government related services without the need to establish a new account, register (or reuse) a username (email address) and password, or to repeatedly appear in-person to establish the validity and authenticity of individual to be a true, real person and citizen.
Firms like Deloitte rely on a vast ecosystem of technology vendors and cloud services providers and some of the world’s largest—including Microsoft, Workday, Ping Identity and Evernym (Avast) are participating in driving Verifiable Credentials into the mainstream as demonstrated at the 2022 Identiverse conference in Denver, Colorado earlier this month.
Three core tenets for equitable digital ID
Deloitte’s vision falls somewhat short in laying out what the company sees as the core tenets of equitable access within identity ecosystems.
The first tenet is open identity and open data model standards-based (vs. proprietary) for interoperability, security, and ecosystem vendor conformance.
There are several published open identity, open data, APIs and standards that exist today from the OpenID Foundation, the Decentralized Identity Foundation, and W3C. In other words, the world is not waiting on standards and frameworks to catch up with technology capabilities.
The second is principles of minimal or selective disclosure and responsible collection for privacy preservation, data protection, and compliance.
Instead of providing vast amounts of personally identifiable information to every government service, commercial website or mobile application as we do today, verifiable credentials expressly eliminate centralization (and therefore can reduce data breaches related to this information) through the use of blockchain and furthermore places the holder (individuals, people) rather than systems in control of their digital identity information.
Identity-related threats, fraud, scams, misuse, and abuse is the leading attack vector for financial crimes with an unprecedent surge in activities such as opening fake accounts, applying for loans and credit, and account take overs, and this is Deloitte’s third tenet.
Governments are not the only entities whose future rests on identity, financial services institution and healthcare providers play an equally important role in participating in an ecosystem that protects consumers and patients.
In the words of the late computer scientist, identity architect and humanitarian Kim Cameron, “The Internet was not built with an Identity Layer”, and there is a growing recognition, beyond the commercial benefits, within the identity ecosystem for equitable access especially for populations impacted by political instability, homelessness, displaced by war, vulnerable youth in foster care without legal guardianship, and survivors of domestic violence.
About the author
Carla Roncato is the Founder of Authora Research and Evangelist at the OpenID Foundation. Carla was previously the primary analyst at the Enterprise Strategy Group (ESG) covering identity and access management, data privacy, and zero trust security. She has been featured in Computer Weekly, SG Magazine, TechTarget, Wall Street Journal and a keynote speaker at Trend Micro CloudSec Conference and Open Banking Security Summit. Find Carla on Twitter and LinkedIn.