4 principles for securing the digital identity ecosystem

(Credit: Unsplash)

This article is brought to you thanks to the collaboration of The European Sting with the World Economic Forum.

Author: Colin Soutar, Managing Director, Cyber Risk, Deloitte

  • With services increasingly digital, proving identity online remains critical.
  • Cross-system use cases require a common meaning of trust.
  • Increased security and confidence in identities can incentivize greater participation.

When we travel through airports with passports that allow us to enter countries, it is sometimes easy to forget all the underlying steps that went into establishing trust between the issuing and the receiving countries. At a minimum, there’s the international standardization definition of a “neutral expression” for the facial recognition software; the passport’s machine-readable zone that carries our biographical information; the interface characteristics of the on-board chip; and, most importantly, the processes used to initially identity-proof the owner and their rights to the passport, and the subsequent authentication steps used to verify that they are in fact the one presenting the passport at airports and borders.

Just as a physical passport provides ease of movement, imagine the convenience of having your own digital identity “passport” you can present every time you want to access a new online service, without providing all the usual personal information and creating a username password, and other authentication factors. But while the online world – increasingly pervasive due to the global pandemic – does not require any standardized physical documents, identity-proofing and authentication are becoming inexorably more complex as users try to access a broad range of services and benefits without any direct, in-person interaction. For transactions of a single purpose, either in commercial or government sectors, self-contained identity solutions are nowadays often robust and easy to use. The challenges start to arise when we leverage credentials created by one system for use on another.

Why is this so hard? At the heart of the challenge lie two important inter-related considerations: trust and incentive. With travel documents, an issuing country has the incentive to allow its citizens to travel to other countries, and both countries have agreed on the operating conditions for the passport – so there is mutual trust. Securing the digital identity ecosystem matters because it can help to establish the basis for such trust online: among service providers, identity services, and – most importantly – users who will drive the commercial and government transactional engines.

This trust needs to be aligned, though, with incentives for the various parties. For example, users who manage and reuse their identity credentials like passports would likely be incentivized to drive greater online economic growth due to more convenience and confidence. Further, if commercial identity providers are incentivized to enable users to reuse credentials to access a multitude of services, then that helps limit the amount of unnecessary, replicated online personal information that consumers are required to provide. This would mean overcoming any liability concerns between the parties, or the natural tendency for organizations to want to retain information about their customer base for their exclusive use.

The 4 governing principles of digital identity
The 4 governing principles of digital identity Image: Deloitte

While there is still much work to be done around these considerations, the international trust aspect of digital identity is rapidly maturing. Based on supporting programmes across government and commercial organizations for well over a decade, Deloitte recently articulated four specific principles that are important to achieve broader, stronger and more convenient online transactions:

  • Digital identity solutions should be user-controlled and portable. This means citizens and consumers can easily access many online services with the same secure digital identity and not have to create multiple different ones for each service.
  • Digital identity services should be flexible and adaptive. Services should support the rapid integration of different end-user devices and authentication mechanisms – such as biometric technologies and low-friction solutions like behavioural analytics – based on evolving technologies and the shifting threat environment.
  • A broader digital identity ecosystem will likely emerge where verified information is consumed. For example, a citizen may establish reputational trust around their digital identity that can then be used to post online information or receive threat alerts, such as compromised email addresses or other information that may be shared among organizations in the ecosystem.
  • Strong digital identity systems should enable bi-directional trust. That is, governments need to know that authorized citizens are accessing services and information. But citizens also need to trust that they are interacting with a legitimate service, that their personal information will be protected, and that they can efficiently access services.

As noted, trust should extend throughout the full range of identity and service providers in the identity ecosystem. Although federation tools exist that help with technical interoperability (i.e. does the format of the data make sense?), there still remains a gap in defining “rules of the road” that can quantify the trust embodied in an identity credential: That is, are we really sure that the person presenting the credential is who they claim to be?

With respect to incentives, there is the potential for data-sharing among participants within a digital identity ecosystem. Such data could include shared threat signals, information on new vulnerabilities, profiles of emerging threat actors and broad information that helps unlock identity ecosystem-wide security capabilities in support of trusted transactions. This would allow governments and commercial organizations to deploy a layered approach that dynamically adjusts security controls based on the current known situational and transactional risk. It would also enable all participants of the broader digital identity ecosystem to have more confidence in the data that they rely upon and therefore encourage a richer set of participants.

What is the World Economic Forum doing about digital identity?

In an era of unprecedented data and ubiquitous intelligence, it is essential that organizations reimagine how they manage personal data and digital identities. By empowering individuals and offering them ways to control their own data, user-centric digital identities enable trusted physical and digital interactions – from government services or e-payments to health credentials, safe mobility or employment.

The World Economic Forum curates the Platform for Good Digital Identity to advance global digital identity activities that are collaborative and put the user interest at the center.

The Forum convenes public-private digital identity collaborations from travel, health, financial services in a global action and learning network – to understand common challenges and capture solutions useful to support current and future coalitions. Additionally, industry-specific models such as Known Traveller Digital Identity or decentralized identity models show that digital identity solutions respecting the individual are possible.

With the pandemic forcing greater online interaction, it is likely that a more virtual society will persist beyond the crisis. As such, a dynamic and cohesive digital identity ecosystem will be needed to enable citizens and consumers to more efficiently and conveniently navigate online, while governments and commercial organizations gain the assurance that they need to determine that benefits and services are going to the correct individuals. This virtual society will have many diverse circumstances – with use cases spanning a wide range of requirements for digital identities. But it is critical to achieve the right degree of trust and incentive that will instill the user confidence needed to drive economic growth for years to come.

the sting Milestones

Featured Stings

Can we feed everyone without unleashing disaster? Read on

These campaigners want to give a quarter of the UK back to nature

How to build a more resilient and inclusive global system

Stopping antimicrobial resistance would cost just USD 2 per person a year

Thousands of Syrians in ‘life and death’ struggle amid harsh conditions in remote desert camp, UN warns

Meet the Junior Enterprise network at JEWC 2014!

Brussels to point the finger to Washington for lack of commitment over TTIP

European Defence Fund: EU funds new joint research and industrial projects

Plan for troop pullback ‘now accepted’ by rival forces around key Yemen port, but fighting intensifying elsewhere, Security Council warned

New malaria vaccine trial in Malawi marks ‘an innovation milestone’, declares UN health agency

Progress in medical research: leading or lagging behind?

Yemen talks: Truce agreed over key port city of Hudaydah

Girls hold the key to Zambia’s future

New UN report shows record number of children killed and maimed in conflict

COVID-19 threatens the developing world’s small businesses. This is how to save them

ECB to people: Not responsible if you lose money on Bitcoin, your governments are

Bioethics: how to recover trust in the doctor-patient relationship

ECB with an iron hand disciplines the smaller Eurozone member states; latest victim: Greece

Barcelona’s ‘superblocks’ could save lives and cut pollution, says report

This is how we can save millions of people from extreme poverty after COVID-19

Governments should step up their efforts to give people skills to seize opportunities in a digital world

Unity, regional cooperation and international support needed for Horn of Africa to develop sustainably

The shrinking Arctic ice protects us all. It’s time to act

International World Summit Award calls for outstanding digital applications with impact on society from 178 UN member states

Chinese Premier Li Keqiang’s speech from World Economic Forum’s Annual Meeting of New Champions

Booking.com commits to align practices presenting offers and prices with EU law following EU action

Science leads the response to COVID-19. These 25 scientists are tackling the other global challenges

Europe’s forests are booming. Here’s why.

UN’s Bachelet rejects Sri Lankan official’s ‘spin’ on Human Rights Council encounter, urges reforms

Global South cooperation ‘vital’ to climate change fight, development, Guterres tells historic Buenos Aires summit

Ten UN peacekeepers killed in a terrorist attack in northern Mali

Yemen war: UN chief urges good faith as ‘milestone’ talks get underway in Sweden

Lockdown is the world’s biggest psychological experiment – and we will pay the price

State aid: Commission approves €511 million Italian scheme to compensate commercial rail passenger operators for damages suffered due to coronavirus outbreak

4 ways to deliver social justice during the COVID-19 recovery

This Brooklyn farm company is training a new generation of urban farmers

Why vaccines are not just for children

Online radio and news broadcasts: Parliament and Council reach deal

World’s Press Calls on the United Kingdom to Address Press Freedom Concerns

Turkey: Commission continues humanitarian support for refugees

New UN forestry project bids to help countries meet climate change commitments

Conflict prevention, mediation: among ‘most important tools’ to reduce human suffering, Guterres tells Security Council

5 ocean success stories to chase away the blues

Coronavirus: Pandemic alert should be trigger for countries to do more against COVID-19

Financial services are changing. Here’s how

Thursday’s Daily Brief: Climate crisis and food risks, fresh violence threat for millions of Syrians, calls for calm in Kashmir

The application that encourages us to be heroes

EU shapes its ambitious strategy on India

Chart of the day: When do young Europeans leave home?

Dear Davos: time to declare an emergency opportunity for people and planet

EU Parliament raises burning issues over the FTA with the US

How the world can gear up for the fight against cancer

The World Health Organization has called on countries to ‘test, test, test’ for coronavirus – this is why

Key quotes from China’s Premier Li on COVID-19, the economy and US relations

“ASEM: Global Partners for Global Challenges”, a Sting Exclusive by China’s Ambassador to the EU

There is no patient safety without healthcare workers’ safety

Safer roads: More life-saving technology to be mandatory in vehicles

Canada has the most comprehensive and elaborate migration system, but some challenges remain

Global hunger is on the rise. These simple steps could help eradicate it

The Europe we want: Just, Sustainable, Democratic and Inclusive

Ambassador Zhang Ming Attends the EP Debate on China-EU Relations and Answers Questions

Asia’s plastic problem is choking the world’s oceans. Here’s how to fix it

Guterres censures terrorist attacks in Nigeria, pledges UN ‘solidarity’

UN Mission in Haiti calls on protestors, authorities, to refrain from violence

More Stings?


Speak your Mind Here

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s