FB pixel

DIF works toward standardized data scheme for age assurance credentials

‘Format agnostic’ template for both age estimation and age verification use cases
DIF works toward standardized data scheme for age assurance credentials
 

Legislation and discussion on age assurance has exploded globally, with major regulatory shifts ongoing in the U.S., UK, EU and elsewhere. Pornography, alcohol, cannabis, gambling, vapes, social media: just about all of society’s favorite age-restricted vices are being regulated, with their peddlers forced to ask customers to verify their age before transacting online. The methods for age assurance are nearly as varied, from document checks to biometric facial age estimation.

It can all make for a puzzling milieu. The Decentralized Identity Foundation (DIF)’s credential working group is looking at how verified credentials and decentralized identity fit into the picture. Specifically, the group is collaborating on a standardized credential schema to establish what’s needed for proof of age. Among those involved in the effort are biometrics and age assurance firms Privado ID, Privately, Digital Bazaar and TruAge Solutions.

Crossmint’s Valerio Camaiaini, who is a co-chair of the working group, explains that, in the DIA context, a schema is a “data template” that specifies which attributes a credential should contain, so that it is manageable across different credential formats such as JSON-LD and VC-JWT.

The working group’s goal is to create an age assurance credential that is format-agnostic – per Privado ID Standards Architect Otto Mora, Camaiaini’s co-chair on the working group, a “standardized proof-of-age schema” to serve as a general purpose template for what data a credential should contain to allow for both age estimation and age verification.

“No matter what credential format you like or what age assurance method you like,” Mora says, “the idea is the data fields should remain the same and that there should be consistency.”

Age data, level of confidence, age assurance methods included

The data fields in question include data on both the user and the credential itself.

For age estimation, Mora says, “age range would be an object that would have both minimum and maximum age,” whereas the age verification use case would require a stated age value (date of birth). Age estimation also incorporates a “probability of correctness” by percent, which corresponds to a “level of confidence” field.

“A level of confidence is a concept introduced by one of the ISO standards out there for age verification, and we have aligned our proposed age verification with this ISO standard for age checks,” Mora says. Levels range from “asserted” to “basic” (90 percent confident) to “strict” (99.99 percent confident).

The credential schema lists the age assurance method – for instance, voice, facial scan, identity document scan and so on. And it contains other credential metadata such as an issuer identifier and expiration date.

The credential working group is also considering credential issuance patterns, comparing single-issuance for more advanced protocols that support advanced privacy techniques, to batch issuance that generates a separate key for each credential created – what Mora calls “burner credentials.”

Credential schema does not include user binding data

But equally important to what they are doing is what they’re not. Mora lists a few “explicit non-goals” that are not included in the implementation. These include user/holder binding, including local on-device biometrics and biometric hash data – “an implementation detail separate from the credential schema standard itself.”

Guardian and parent management are also not included, nor is police clearance or criminal background data, deemed beyond the scope of the proof-of-age credential format.

The schema’s job is to define the data fields needed for age verification or age estimation. But Mora notes that while the schema is neutral, regulatory jurisdictions are not; some, for instance, may contend that facial age estimation is non-compliant.

DIF has published a “very early draft” of the schema, but it remains a work in progress. The DIF working group is inviting submissions of sample schemas or suggestions for additional data fields; interested parties can contact Otto Mora at Privado ID. The deadline for expressions of interest is February 28, 2025.

Related Posts

Article Topics

 |   |   |   |   |   |   | 

Latest Biometrics News

 

Operationalizing biometrics for digital economy is a process

From biometric binding through regulations for payments from digital wallets, the Biometric Update’s top stories of the week reflect a…

 

Deepfakes a ‘now problem’ as EU AI Act passes compliance deadline: Reality Defender

First it was Joe Biden, Kamala Harris and Taylor Swift. Now it’s Scarlett Johannson, Emmanuel Macron and Italy’s Defense Minister…

 

OneID raises £16 million

UK digital verification service OneID has secured new funding amid a rise of interest in digital identity among the country’s…

 

Digital ID verification can make property transactions more efficient, less prone to fraud

In the UK, Russia, South Korea, India and Pakistan, biometrics are making their way into real estate transactions, as digital…

 

IDV experts ponder death and resurrection of document verification

Is document verification dead? The question hangs over a debate hosted by Peak IDV CEO, Steve Craig. Five industry experts…

 

Jamaica operationalizing national digital ID with data exchange platform

Jamaica will make its digital identity available to all of its citizens, Custos of Kingston Steadman Fuller said on Thursday…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Viewed This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events