Effective digital identity requires strong foundations: a call for collaborators

Several of the most influential non-profit organizations in digital identity took the stage at KuppingerCole’s EIC 2024 (European Identity and Cloud Conference) to explain their respective roles in the ecosystem and invite more participation.

Their presentation on “Why We Need More Collaboration” was moderated by Judith Fleenor of the Trust Over IP Foundation. The panel also included Kim Hamilton Duffy of DIF, Nick Mothershaw of OIX, Kay Chopard of Kantara, and Joseph Heenan of Authlete, who is also part of working groups with IETF (the Internet Engineering Task Force) and the OpenID Foundation, which he represented on the panel.

The panelists described the work of their organizations in the digital identity space, and how they fit together. For the most part, OIX writes reports, frameworks and reports about frameworks, Trust Over IP, OpenID and DIF create protocols and contribute to standards, and Kantara performs the audits, performance assessments and certifications to established standards.

Fleenor referred to them collectively as “proto-standards groups,” as the protocols and standards they create are often adopted in part or in full by groups like the International Standards Organization (ISO).

Heenan summarized the difference between OpenID and OIX as being that his group does standards, whereas OIX works on policy.

OpenWallet Foundation was introduced as the third pillar in the decentralized identity ecosystem, along with DIF and Trust Over IP. OpenWallet does code, rather than standards, Fleenor says. Duffy specified DIF’s role as involving the trust that individuals can have, as opposed to organizations or relying parties. Fleenor notes that Trust Over IP is partly differentiated by its focus on governance.

They work together, and Fleenor says that Trust Over IP and DIF even considered whether the overlap between their groups indicated they should merge. The differences were found to be sufficient to support separate mandates. During the question-and-answer portion of the discussion, the possibility that W3C may soon be folded into DIF or the EITF was raised, but those discussions are ongoing.

The interplay between groups is demonstrated by OIX’ submission of its guide to frameworks to Trust Over IP to vet its representation of self-sovereign ID back in 2022.

OpenID and Kantara both perform certification. OpenID certifies compliance to its own standards, which Heenan says boil down to “how data moves from one place to another.” The certifications are highly technical, he says, and are performed with an automated tool rather than auditors.

Chopard explained that Kantara’s assessments often involve judging whether a given policy is in place, and whether it is effectively implemented. Most of the standards it performs assessments for can be traced back to governments. The assessments are quite different, therefore, from lab testing, she says. That also gives the assessments some variation from country to country.

Rather than seeing the ecosystem as a series of pies that stakeholders are trying to grow, panelists suggested it should be seen more as a puzzle with specialized pieces. That means involvement in multiple organizations is not only beneficial, but necessary, to understand where your piece fits.

Fleenor concluded the discussion with a dual call for organizations to back the foundations, not just financially, but with engineering talent.

Article Topics

Authlete  |  decentralized ID  |  Decentralized Identity Foundation (DIF)  |  digital identity  |  EIC 2024  |  Kantara  |  KuppingerCole  |  Open Identity Exchange (OIX)  |  OpenID Foundation  |  OpenWallet Foundation (OWF)  |  standards  |  Trust over IP