Latest News

OIX defines the need for clear, global data standards for identity information

The Open Identity Exchange (OIX) has today released a paper calling for comprehensive data standards for identity information to ensure Digital ID interoperability is achieved.

Focused specifically on core identity data and its associated evidence, the OIX is calling for its recommendations to be adopted on a global scale.

According to OIX analysis, there are many bodies in existence that address some element of the standards required for interoperability, but no one is addressing the whole picture.

OIX found that existing data standards specifically for – core claims about an individual (such as name, address, date of birth), the common evidence types (such as passport, driving licence, national ID card), the associated proofing techniques and the way in which identity assurance is communicated – are inconsistent and mixed. This continues to be a major barrier to interoperability and wider digital ID adoption.

The paper, Data Standards for Digital ID Interoperability, finalises a series of recommendations that the OIX has been formulating over the past year. It outlines in detail how standards might be implemented from the data item level upwards, revealing a layered requirement that will enable the many granular standards for individual data items of evidence to be brought together consistently into the whole picture.

OIX is a global non-profit organisation that has been working across sectors, borders and with governments, to ensure that digital ID works well for organisations that will come to accept digital identities and credentials.

Now it is urging those setting standards for data to adopt and progress its recommendations outlined in the paper.

This will be vital for allowing interoperability of digital IDs in federations within an ID ecosystem and across different jurisdictional ID ecosystems enabling the adoption of digital ID among relying parties.

Nick Mothershaw, Chief Identity Strategist at OIX, said: “There are too many scenarios where the lack of comprehensive standards is creating significant difficulties for organisations trying to confirm a user’s identity. For example, where there is a local federation of ID providers issuing the same verified core ID information or where digital IDs are used across international boundaries to prove who a user is in a new country, all requiring consistent communication of evidence, proofing and ID assurance approaches.

“Relying parties are receiving the same data in different formats from different digital ID providers. Having to assess the data themselves, and code differently to accommodate for the differences, is creating problems around interpretation, translation and data normalisation. This is forming a barrier to digital ID Adoption. If we want relying parties to embrace and consume digital ID, we must make it easier for them to do so.”

The Data Standards for Digital ID Interoperability paper focuses on the specific data that identifies an individual, and the evidence behind that, which needs to be standardised in a way that can be communicated consistently regardless of the ‘protocol envelope’ used to securely exchange the data. It makes a series of key recommendations around how it should be standardised and by whom to enable interoperability.
• A single protocol independent data standard must be created. It must allow core ID information and evidence to be communicated consistently, regardless of the protocol used to securely exchange it (e.g.OIDC, Verifiable Credentials). The OIX view is that this should be based on the OIDC for Identity Assurance standard.
• Existing ISO and ICAO standards must be used for core ID claims as far as is possible.
• A per claim level of trust and period of validity construct should be considered.
• Where evidence specific standards exist for evidence types (e.g. passports, driving licenses), they should be used for those types of evidence.
• Standards are required for proofing techniques – such as document scanning (with different light options), document optical character recognition, image capture liveness, biometric matching – that will enable different trust frameworks to assemble sets of proofed credentials as part of their individual assurance policies.

These recommendations will be explored further at the OIX’s #IdentityTrust2023 Conference – Building Trust in Digital Identity – a conference designed to address the most crucial elements impacting how organisations from all sectors will adopt, digest and operate within the rapidly growing digital ID ecosystem.

The conference will take place on Thursday 28th September 2023 at County Hall in London. To attend, please register here: https://openidentityexchange.org/networks/87/events.html?id=7780