OIX defines the need for clear, global data standards for identity information

LONDON - Aug. 31, 2023 - PRLog -- The Open Identity Exchange (OIX) has released a paper calling for comprehensive data standards for identity information to ensure Digital ID interoperability is achieved.

OIX says there are many bodies addressing some element of the standards required for interoperability, but no one is addressing the whole picture. Existing data standards - for core claims about an individual (name, address, date of birth), common evidence types (passport, driving licence), associated proofing techniques and how identity assurance is communicated - are inconsistent, causing a major barrier to interoperability.

OIX's Data Standards for Digital ID Interoperability finalises a series of recommendations formulated over the past year. It outlines how standards might be implemented from the data item level upwards, revealing a layered requirement to enable the many granular standards for individual data items of evidence to be brought together consistently into the whole picture.

OIX is urging those setting standards for data to adopt and progress its recommendations.

Nick Mothershaw, Chief Identity Strategist at OIX, said: "The lack of comprehensive standards is creating significant difficulties for organisations trying to confirm a user's identity.

"Relying parties are receiving the same data in different formats from different digital ID providers. Having to assess the data themselves, and code differently to accommodate for the differences, is creating problems around interpretation, translation and data normalisation. We must make it easier for relying parties to consume digital ID."

The Data Standards for Digital ID Interoperability (https://openidentityexchange.org/networks/87/item.html?id...) paper focuses on the data that identifies an individual, and the evidence behind that, which needs to be standardised in a way that can be communicated consistently. It makes a series of key recommendations around how it should be standardised and by whom.

• A single protocol independent data standard must be created. It must allow core ID information and evidence to be communicated consistently, regardless of the protocol used to securely exchange it (e.g.OIDC, Verifiable Credentials). The OIX view is that this should be based on the OIDC for Identity Assurance standard.
• Existing ISO and ICAO standards must be used for core ID claims as far as is possible.
• A per claim level of trust and period of validity construct should be considered.
• Where evidence specific standards exist for evidence types (e.g. passports, driving licenses), they should be used for those types of evidence.
• Standards are required for proofing techniques – such as document scanning (with different light options), document optical character recognition, image capture liveness, biometric matching - that will enable different trust frameworks to assemble sets of proofed credentials as part of their individual assurance policies.