Initial remarks on the Human-Centric identifiers paper from OpenID Foundation Posted a set of initial remarks about the whitepaper. more
Published literature and reports around digital identifiers run the gamut of focusing on rights-centric identifiers to those which are highly defined towards tracking and surveillance.
This project will aim to provide short reviews on various current work focusing on different aspects of the digital identifier lifecycle - registration/enrollment, issuance, exchange and sharing and governance. It is intended to create a store of commentary for future work on this topic to go ahead.
Notes on OpenID Foundation's Human-Centric Identity whitepaper
Recently, the OpenID Foundation has made available for public comment and feedback a new whitepaper titled “Human-Centric Identity: a primer for government officials”. You can find more about the whitepaper at this blog post.
Written around the OECD Recommendations on the governance of digital identity, the whitepaper underscores the idea that large scale approaches towards digital identity are often driven through public or public-private structures and thus need to have definitive guardrails built-in to make the effort more rights based.
John Phillips of Sezoo has posted a first set of comments on LinkedIn about the paper which are important to read as well.
In context of digital identity it is necessary to view the lifecycle of a digital identifier - the registration/enrollment, the issuance, the exchange and use and the governance. At each stage of this lifecycle there are elements of risks and the ecosystem(s) where the digital identifiers operate will have to identify, manage and mitigate such risks through the design of policies and technical requirements.
Principles provide a much need set of guiding paths when thinking through the lifecycle of digital identifiers. State issued digital identifiers are designed and devised for specific purposes although the scope/purpose creep intro tracking and surveillance models is not uncommon. This results in the slow erosion of the rights available to the recipient or holder of the digital credentials to an extent where the potential of human-centric digital records is lost. Principles also reinforce good design approaches which can guard against the “fail fast” nature of technology interventions. Digital identities and identifiers which are made available at the scale of a nation have to not only be compliant with the regulations of the jurisdiction but also actively prevent the situation of exacerbating any structural weakness. This last bit is something we (John Phillips, Jo Spencer and myself) had extensive discussions around when writing up the text for the Good Health Pass Recommendations on the topic of Guardianship.
The Principles of SSI from the Sovrin Foundation provide a human rights-based perspective in the context of digital identity and identity rights holders with the ultimate goal to enable humans to exercise their rights to work, study, and travel while having freedom of choice and being protected.
I think it is worth our while to read these along with the text in the OpenID Foundation document in order to become familiar with the topic of harms, rights and individual agency.
The rallying cry for digital identifiers is often pinned on UN SDG 16.9 and in this context Jaap van der Straaten’s paper "Legal identity for all, or not? is worth a read.