Who’s setting the standards?

The World Wide Web Consortium is an international community where Member organizations, a full-time staff, and the public work together to develop Web standards. Led by Web inventor and Director Tim Berners-Lee and CEO Jeffrey Jaffe, W3C’s mission is to lead the Web to its full potential.

The FIDO Alliance is an open industry association with a focused mission: authentication standards to help reduce the world’s over-reliance on passwords. It is working to change the nature of authentication with open standards that are more secure than passwords and SMS OTPs, simpler for consumers to use, and easier for service providers to deploy and manage.

Arising out of the UN’s Sustainable Development Goal (SDG 16.9) that recognises legal identity as a fundamental human right, the ID2020 Alliance is a global public-private partnership with a manifesto to improve lives and accelerate access to digital ID by underserved and vulnerable populations. It is a multi-stakeholder collaboration that advocates the adoption of ethically-grounded digital ID solutions, the definition of individual-centred functional requirements and funds projects to deploy promising solutions.

Formed in 2010, OIX is a technology agnostic, non-profit trade organisation of leaders from competing business sectors focused on building the volume and velocity of trusted transactions online. OIX’s mission is twofold: a) to be the leading industry body driving the digital identity industry; and b) to be a centre of excellence that aligns to open, interoperable standards across the UK and Europe. The organisation operates the OIXnet trust registry, a global, authoritative registry of business, legal and technical requirements needed to ensure market adoption and global interoperability.

Established 2016 as an independent non-profit organization the Sovrin Foundation administers the Sovrin Network, an open source, public service utility based on distributed ledger technology (blockchain) that enables self-sovereign identity on the internet. Charged with administering the publicly created Governance Framework for the Sovrin Network, the Foundation is responsible for ensuring the Sovrin identity system is public and globally accessible and is committed to transparency and neutrality.

Created in March 2019 by the Sovrin Foundation, the Sovrin Alliance is a community of developers, enterprises, business and government leaders, NGOs, Sovrin Foundation staff, and volunteers that ensures the future of self-sovereign identity.

DIF is an engineering-driven organisation focused on developing the foundational elements necessary to establish an open ecosystem for decentralised identity and ensure interoperation between all participants. DIF Working Groups develop specifications and emerging standards for protocols, components, and data formats that inform development. Beyond specifications, DIF members develop open source reference implementations of the technical components and protocols they create and work to align industry participants to advance common interests.

Headquartered in Brussels, EEMA is a leading independent, not for profit, European Think Tank including topics on identification, authentication, privacy, risk management, cyber security, the Internet of Things, Artificial Intelligence and mobile applications. EEMA is a strong supporter of the European Electronic Identification, Authentication and Trust Services , eIDAS and the Go.eIDAS initiative.

In May 2016 the UK Government’s Digital Service launched GOV.UK Verify, an identity assurance scheme intended to provide a single trusted login across all Government Digital Services, verifying the user’s identity in 15 minutes. Although take-up by UK citizens has not been as swift as originally projected there are currently almost 5 million people who have signed up to the service. Five Identity Providers (also called ‘certified companies’) are contracted to verify an individual’s identity by reference to existing government issued credentials e.g. driving licence and passport. The UK’s newly appointed Director of Digital Identity, Lisa Barrett stated in a recent blog that “Digital identity is a vital issue not only for government transformation – as has often been our focus – but also for users who benefit from a safe, effective and  functioning digital economy underpinned by strong digital identity solutions.

NIST has produced a range of Special Publications (SP) on Digital Identity:

  • SP800-63-3 -Digital Identity Guidelines
  • SP800-63A – Enrolment and Identity Proofing
  • SP800-63B – Authentication and Lifecycle Management
  • SP800-63C – Federation and Assertions

SP800-63 contains a useful overarching diagram that describes the Digital Identity Model:

NIST Digital Identity Model

In October 2018 NIST produced an excellent Technology Overview document on Blockchain, concluding that the technology is still new and organisations should treat blockchain technology like they would any other technological solution at their disposal–use it only in appropriate situations

Social Linked Data (Solid) is the technology that underpins a movement led by Sir Tim Berners-Lee to re-orient the web to its original vision of a collaborative/re-writeable/editable web. The removal of editing capability in original browsers spawned an effort to get the write functionality back; dubbed the ‘read-write web’ this effort led to Richard McManus’ seminal article published in 2003.

The issue with writing data, as Wikipedia and others have learned, is that there needs to be a degree of control over who can write what so a process of obtaining and using permissions is needed. To enable these permissions there needs to be a system for identity – a way of uniquely confirming that an individual is who they purport to be; hence Solid’s relevance to the subject of digital identity.

Solid also provides a Personal Online Datastore (POD) within which an individual’s personal data can be stored and managed, and from which can be shared with approved partners.

OWI is a market intelligence and strategy firm focused on digital identity, trust, and the data economy. Through advisory services, events, and research, OWI helps a wide range of public and privately held companies, investors, and governments stay ahead of market trends, so they can build sustainable, forward-looking products and strategies. Since 2017 OWI has been the official host of the KNOW Identity Conference and KNOW Forums.

RAND Europe was commissioned by the British Standards Institution (BSI) in January 2017 to carry out a rapid scoping study to examine the potential role of standards in supporting Distributed Ledger Technologies (DLT)/Blockchain. The resulting report, entitled Distributed Ledger Technologies/Blockchain: Challenges, opportunities and the prospects for standards serves as an overview of the 6-week study and concludes that there is scope for standards to play a role in supporting the technology.

ISO has produced a terminology document for DLT as a first of a range of standards documents that are currently under development.

Hyperledger Indy provides tools, libraries, and reusable components for providing digital identities rooted on blockchains or other distributed ledgers so that they are interoperable across administrative domains, applications, and any other silo. Indy is interoperable with other blockchains or can be used standalone powering the decentralisation of identity.

Hyperledger Aries provides a shared, reusable, interoperable tool kit designed for initiatives and solutions focused on creating, transmitting and storing verifiable digital credentials. It is infrastructure for blockchain-rooted, peer-to-peer interactions. This project consumes the cryptographic support provided by Hyperledger Ursa, to provide secure secret management and decentralised key management functionality.