G7 digital identity lingo aligned, technical standards not so much

An attempt to match the digital identity systems of some of the world’s richest countries against each other shows a sound basis to start from, but a significant amount of work to do not just aligning but adopting international technical standards.

The “G7 Mapping Exercise of Digital Identity Approaches” compares the concepts and definitions, approaches to levels of assurance and use of international technical standards among G7 countries and the European Union, which includes remaining members France, Germany and Italy. The G7 takes up the call for cross-border interoperability of digital IDs in the OECD Recommendation on the Governance of Digital Identity, released last year.

The 30-page mapping exercise draws on a template used last year by the EU-US Trade and Technology Council to align their respective digital identity standards. It was launched during the G7 Digital and Technology Ministerial Meeting in Como, Italy on Tuesday.

It compares Canada’s 2019 Directive on Identity Management, the European Union’s Regulation 2024/1183, which updates the EU’s plans for interoperable digital identity, Japan’s DS-500 Guidelines Concerning Online Identity Verification Methods in Administrative Procedures, the UK’s Good Practice Guides GPG45 and GPG44 and NIST’s Digital Identity Guidelines established in SP 800-63-3. The UK’s GPG45 and GPG44 address identity verification and online authentication, respectively.

Good news/bad news

The report finds common ground in many definitions, including the “ten key concepts” identified by G7 members.

Levels of assurance line up well too, with most utilizing three levels, and Canada’s idiosyncratic four-level system mapping reasonably well by collapsing the two middle levels into one. The specifics of identity proofing, evidence requirements, validation, and verification processes at higher levels needs some work to enable true interoperability.

The use of technical standards is another story. There are 50 standards in use between the G7 members, with none overlapping all members. There are six standards covering at least two parties, but notably, the Annex on standards does not identify any used by Japan, and only two used by Canada.

The UK and U.S. both use OpenID Connect, the EU and U.S. use ISO/IEC 29115:2013 for identity assurance, and Canada and the EU use the same country codes, based on ISO 3166-1, for example.

The way forward, the report concludes, involves delving into the details in areas that are further ahead, like definitions, and holding “discussions on the relevance of different international technical standards to support future interoperability, while respecting their different contexts and approaches.”

The EU has also been working through its own digital ID interoperability pilots, meanwhile, with initiatives like EU4Digital.

Article Topics

digital ID  |  G7  |  identity assurance  |  interoperability  |  ISO standards  |  NIST  |  OECD  |  OpenID Connect  |  standards