OIX wants a global standard for digital identity data to underpin interoperability
While digital IDs are becoming increasingly popular, data standards for digital identities and credentials are still inconsistent, and sometimes non-existent. To ensure that our future digital IDs are interoperable, we will need to set common standards, including for biometric information, Open Identity Exchange (OIX) argues in a new paper.
The non-profit argues in its research, titled “Data Standards for Digital ID Interoperability,” that achieving global interoperability across different jurisdictions and ecosystems is a major challenge.
“There are too many scenarios where the lack of comprehensive standards is creating significant difficulties for organizations trying to confirm a user’s identity,” says OIX Chief Identity Strategist Nick Mothershaw.
The digital ID advocacy organization offers a solution: Standard-setting bodies should adopt the recommendations on which it has been working for the past year.
Its suggestions include creating a single-protocol independent data standard called the Global Protocol Independent Data Standard. This would allow for core ID information and evidence to be communicated consistently, regardless of the security protocol used.
While deciding who should create, own and govern this standard is yet to be determined, OIX suggests it should be based on the OIDC for Identity Assurance. OIDC or OpenID Connect is developed by the OpenID Foundation, which includes companies like Google and Microsoft.
OIX also proposes using existing ISO and ICAO standards for core ID claims as far as possible. ISO should be encouraged to create a new structured global name and address schema to allow cross-mapping of local standards. The organization believes that ISO should also create a new global standard for communication of personal identifiers.
Proofing techniques, such as document scanning (with different light options), document optical character recognition, image capture liveness and biometric matching of faces, irises, fingerprints and veins also need standards. The standards will enable different trust frameworks to assemble sets of proofed credentials as part of their individual assurance policies, the paper notes.
“Relying parties are receiving the same data in different formats from different digital ID providers. Having to assess the data themselves, and code differently to accommodate for the differences, is creating problems around interpretation, translation and data normalization,” says Mothershaw. “This is forming a barrier to digital ID adoption. If we want relying parties to embrace and consume digital ID, we must make it easier for them to do so.”
Founding members of OIX include Booz Allen Hamilton, Equifax, Google, PayPal, Verisign and Verizon, and the organization was the first trust framework provider certified by the U.S. government. OIX plans to hold its IdentityTrust2023 Conference on the 28th of September in London.
In July, OIX also called on digital ID service providers to improve identity proofing by integrating mobile telecommunications data.