In part one of this blog, I discussed the trends which are driving governments towards digital ID wallets. In part two, I dive into what countries in the world today are using what type of digital ID , and what next steps are needed to progress these programmes further.
What examples of digital ID wallets are there?
These digital ID wallet initiatives are taking various forms, demonstrating the many ways these programmes can take shape.
In the USA, for instance, states are adopting a wallet based on the latest ISO 18013-5 standard. This defines specifications for a mobile driver license and, more generally, for digitalised documents on a mobile. Crucially, these states need a solution that can be recognised in other US states and jurisdictions. The ISO-based wallet ticks all the boxes: fully interoperable; capable of hosting various mobile documents; puts the user in control of his or her data; and enables them to share full or partial information.
In Canada, states are also moving to a digital ID wallet. However, here they shown a preference towards W3C with Verifiable Credential standards. This comes mainly from web providers that rely on a trusted digital ID and verifiable documents to be shared and need to ensure documents shared online are genuine and were issued and signed by the right trusted party.
The idea is still in its infancy, but Africa is also considering a cross-border digital ID scheme that could be recognised across the continent. This would be along very similar lines to eIDAS in Europe.
Australia and New Zealand appear to be looking at a multi-format wallet, with a mix of digitalised official documents, electronic attestations of attributes and certificates.
As for Europe, last June the EU Commission announced a framework for a European Digital Identity which will take the form of a digital ID wallet available to all EU citizens, residents, and EU-based businesses. The introduction of a European digital ID wallet will be cross- border and cross-segment. Recognised across the continent by both the public and private sectors, it will protect the user’s data privacy.
The technical specifications of the EU wallet and the definition of the toolbox which will include the technical architecture, standards and guidelines for best practices are planned for release by September 2022. From 2023, the regulation will enter into force, with member states launching an EU digital ID wallet.
Margrethe Vestager, Executive Vice-President for a Europe Fit for the Digital Age, said: “The will enable us to do in any Member State as we do at home without any extra cost and fewer hurdles. Be that renting a flat or opening a bank account outside of our home country. And do this in a way that is secure and transparent. So that we will decide how much information we wish to share about ourselves, with whom and for what purpose. This is a unique opportunity to take us all further into experiencing what it means to live in Europe, and to be European.”
By 2030, all EU key public services are expected to be available online. All EU citizens will have access to electronic medical records, and 80% of citizens should use an eID solution.
The digital ID wallet is a mega-trend, and comes with high expectations from all parties: government bodies, public and private issuers of identities and electronic attestations of attributes, third parties that will be consuming the identity, and the end user. Gartner predicts that the digital ID wallet will reach mainstream adoption in the next two to five years, and become part of daily life. We’ll be using them to share a digital driving license to rent a car at the airport, to prove our age, to share all the relevant documents needed to open a bank account, and much more besides.
As a conclusion, we can say that the best and fastest way to achieve interoperability is to leverage existing technology standards. Both the ISO 18013-5 international standard on mobile documents and the Verifiable Credentials standards from W3C are Self Sovereign Identity (SSI) friendly. They both address the need for cross-border capabilities, and they both address privacy concerns by putting the user in control of their data. They can both support multiple documents within the same digital wallet, and they both cover a wide range of use cases.
For governments, the goal should not necessarily be to go for one solution or the other. We can easily imagine these two standards coexisting nicely in the same ecosystem and, depending on use cases, even complementing one another. It is not the technology driving the use cases, but rather the use cases driving the type of technology that will best address the needs. But whatever use cases and standards are adopted, the need for security remains paramount. Dynamic security, data encryption and life cycle management of the digital ID wallet will all be crucial as use cases expand.
Within this highly dynamic environment, one thing is clear: these new ways of thinking about and consuming a digital identity need to be based on solid and trusted foundations, and secure technology platforms. Above all else, this will call for a combination of agility, multi-specialist expertise, and competency across both the digital and cyber security domains.
If you missed Part 1 of this blog series you can read it here.
Make sure to also follow us on Twitter and LinkedIn to receive the latest updates from Thales DIS!