Let’s talk about digital identity with Nick Mothershaw, Chief Identity Strategist at the Open Identity Exchange.

In episode 60, Oscar speaks to Nick about the Open Identity Exchange (OIX)’s role in the Global Assured Identity Network (GAIN), plus the OIX Trust Framework 2022. Nick discusses what makes a trust framework work for its intended users, and how to make it interoperable with other frameworks.

[Transcript below]

“When things work for users, they get adopted.”

Nick MothershawNick is Chief Identity Strategist at the Open Identity Exchange, a community for all those involved in the ID sector to connect and collaborate. Together they develop the guidance needed for interoperable, trusted identities on a global basis. Through OIX’s definition of, and education on, Trust Frameworks it creates the rules, tools, and confidence to allow every individual a trusted, universally accepted, identity.

Find out more about the Open Identity Exchange at openidentityexchange.org.

Nick has expert knowledge of Identity and Fraud techniques, solutions, and standards across a wide variety of different sectors and jurisdictions. He was previously Director of ID and Fraud at Experian where he was responsible for the development of Experian’s fraud and identity solutions for both the public and private sectors. Nick led Experian’s development, launch and operation of a full “Identity as a Service” solution which was the first live example of a Digital ID being seamlessly interoperable across public and private sector.

Find Nick on Twitter @OIX_Nick and on LinkedIn. Follow OIX on Twitter @OpenIDExchange.

We’ll be continuing this conversation on Twitter using #LTADI – join us @ubisecure!

­Go to our YouTube to watch the video transcript for this episode.

Let's Talk About Digital Identity
Let's Talk About Digital Identity
Ubisecure

The podcast connecting identity and business. Each episode features an in-depth conversation with an identity management leader, focusing on industry hot topics and stories. Join Oscar Santolalla and his special guests as they discuss what’s current and what’s next for digital identity. Produced by Ubisecure.

 

Podcast transcript

Let’s Talk About Digital Identity, the podcast connecting identity and business. I am your host, Oscar Santolalla.

Oscar Santolalla: Hello, and welcome to a new episode of Let’s Talk About Digital Identity in this new year, 2022. And we have, after some time, again, our friends of the Open Identity Exchange. And today, our guest is Nick Mothershaw. He is the Chief Identity Strategist at the Open Identity Exchange, a community for all those involved in the identity sector to connect and collaborate.

Nick has expert knowledge of Identity and Fraud techniques, solutions and standards across a wide variety of different sectors and jurisdictions. Nick was previously Director of Identity and Fraud at Experian, where he was responsible for the development of Experian’s fraud and identity solutions for both the public and private sectors. Nick led Experian’s development, launch and operation of a full “Identity as a Service” solution, which was the first live example of a digital identity being seamlessly interoperable across public and private sector.

Hello, Nick.

Nick Mothershaw: Hello, Oscar. Hello.

Oscar: Welcome. It’s great having you, Nick.

Nick: It’s a pleasure to be here. And yeah, Happy New Year to you and all your listeners, very exciting to be at the start of 2022, which I think it’s going to be an amazing and transformational year for digital identity. So this is a really timely conversation.

Oscar: Yeah. And I know you have new things to tell us. So yeah, Nick, let’s talk about digital identity. But I’d like to start hearing a bit more about yourself, so please tell us about your journey to the world of digital identity.

Nick: Yeah, it’s been a long journey now. So I was originally involved in, I guess, in identity when I worked with law enforcement, providing crime management and intelligence management systems. And after that, we started looking at biometrics. So around the year 2000, we were using biometrics to help identify criminals from group photographs and also using facial mapping to look at, where we used to use these E-FITs, these faces that were being drawn by computer that were put out on things like crime watch programmes, so we’re using facial biometrics to match those two databases of known and suspected criminals. And that was way back in 2000.

So from there, I moved to look more in detail at fraud and around identity fraud, specifically, and how can identity fraud be detected and prevented. So using algorithms, anomaly detection, graph-based analysis to bind identity fraud in the finance ecosystem initially, and then into insurance and telcos.

And the flip side of that is, of course, identity. So if you strongly identify the individual, the risk of fraud is reduced. So this fraud and identity became two sides of the same coin. And as we put our business, Experian, around fraud and identity, we both evolved the fraud solutions to be more and more sophisticated, but also involved the identity side of the coin, to leverage data that can prove to the individual’s identity to scan documents, to bring those together into complete Identity-as-a-Service management.

So around 2015, we built an Identity-as-a-Service platform. And that enabled us to identify end users both of Experian systems and, in the UK, Gov.Uk Verify users. So we were able to take users through a proofing process using data, using passports and driving licenses, using – getting payments into open banking, with PINs on. And that enabled us to strongly proof an individual.

And alongside that we ran all the fraud controls we created as well. So we mitigated against identity fraud to create a really strongly trusted ID. There was a reusable ID, and users could use the identity to both log on to Experian’s credit management systems, credit reference systems and also in the UK, log onto government systems through the Gov.UK Verify framework. So we were the only identity provider who did that – had both a public-private interoperable login for users, which meant I only had to have one password, only one set of credentials, to access multiple different services at a high level of trust. So we’re really proud that we built that and that was delivered into UK Verify.

As part of that, I got involved in the Open Identity Exchange. So I was Vice Chair for a while and then became Chair. And then just over two years ago now, I decided I wanted to spend all of my time driving forward this vision of digital identity so that we could all have a digital ID that is trusted, that is accepted ubiquitously and our lives, our digital lives are made so much easier because our trusted information is available, it’s controlled by us, and is shareable by us to those who need to understand who we are and what we’re eligible to do for different use cases, different services all over the world. I really strongly believe in that vision and joined OIX as Chief Identity Strategist, so just over two years ago now to help OIX, as a members’ body, to help its members collectively pursue and achieve that vision.

Oscar: Yeah, fantastic experience you had in Experian. That sounds quite exciting what you were doing there. And also, now I can hear your motivation to work here in OIX. Excellent.

So as I mentioned earlier, we had before, around a bit more than two years ago, we had in this podcast show and at that time, it was Don Thibeau representing the OIX. And he was talking about the need for a global approach to identity. And he also has mentioned a little bit of that. But something that came to, I think everybody who is involved in the digital identity space in the last months has been the GAIN white paper. And we know that both OIX and I think also yourself have been involved in that. So could you tell us a bit about that? What is the OIX’s role within GAIN?

Nick: Yeah, absolutely. So GAIN, Global Assured Identity Network, was a white paper that was released back in September, and was created over the summer. In the end, over 150 different authors put their name to that paper. And the vision was that – lots of people shared the vision, I’ve just articulated. This vision that an identity can be used in an interoperable way and that will work internationally. So 150 plus people, all sharing that vision, put their name to that paper.

The paper was collectively created; fortunately a few people held the pen, not 150, or else it would never have come. We’d never have got anything coherent out. We mostly created a collective paper that had the backing of 154 people, I think it was in the end, they all shared that same vision. And that vision is that an ID can be accepted anywhere around the globe. And that’s a massively ambitious statement. And to do that, the GAIN term was coined, the Global Assured Identity Network. To make that possible, there needs to be some kind of network on a global basis and that that work enables trust, to the number of different elements of GAIN.

So we released the paper, and then five organisations have kind of rallied around that vision, taking different parts and delivering it. So firstly, on the technical side, the Open Identity Foundation, the foundation is looking at OK, how do that vision achieve technically? How can we communicate trust from one domain to another, from one framework to another, from one country to another? And they’re looking at the different technical rails of how that makes possible.

OIX is looking at the legal, the operational, the governance elements that would sit above that technical layer. And arguably, and my other colleagues sometimes say that this is true, that’s the harder bit. So we can communicate some information about an individual. But what does that information mean? And I’ll come back to that in a minute. And that’s one of the key challenges OIX is looking at.

The other organisations involved in it are GLEIF, Global Legal Entity Identity Foundation. So wherever we’ve got a legal actor in here, an organisation, GLEIF have a role to play in identifying who that organisation is, both in terms of parties providing information, but also consuming information and being the identity asserters themselves where it’s an organisational ID.

For the Cloud Signature Consortium, because this links closely into digital signing, digital signatures. And once we know who the user is, we want to legally enter into a relationship with them in many use cases.

And then the International Institute of Finance is looking at how, across the finance community, how can that community both be involved as consumers of identities – because finance is a key area we need to prove who you are – but also providers of identities. In many countries already in the Nordics, in Canada, we’ve got banks playing the role of identity providers, and that’s likely to happen in a lot of other countries. So IIF are playing that dual role of representing identity consuming community and providing community.

So these five organisations have now come together to drive GAIN forward. And so OIX’s focus area is the, as we term it, the trust framework element. So let’s imagine that I can communicate information about an individual. So that individual has a Belgian ID, for instance. And they’re trying to assert their identity in Indonesia. So I can tell that the relying party in Indonesia, who the person is. I can give them the name, the address, the date of birth, the national ID number, maybe, to identify who they are, which is relevant in Belgium, that means nothing in Indonesia. I can tell who the identity provider is that has provided that information. I tell them the standard to which that identity was proofed, which might be eIDAS substantial, for instance. And I can tell them the framework that it was done in – so it was done in eIDAS. So I can give a lot and I can communicate all of that information pretty simply in a technical package of data.

But the key question is what does all that mean? So can this relying party, let’s say it’s a bank in Indonesia, trust a Belgian ID? The Belgian ID is issued under this thing called eIDAS and has a level of assurance ‘substantial’. What does that mean? And how does that map into any Indonesian trust framework and rules that that relying party is subject to? How does it map into any finance rules they have that’s replicable for anti-money laundering?

So, they can only accept that ID if they know a lot more about the framework that is behind the information. And that’s OIX’s role to work out how do we explain the information about each framework? And how do we assess framework and interoperability, because what we’re really looking at there is the Belgian ID is operating under a framework. There’s a framework in Indonesia that dictates how ID needs to be assessed, managed, scored, levels of assurance, assessments in Indonesia. Are those two things compatible? So can that Indonesian relying party accept a Belgian-issued identity?

To do that, we think we need some kind of global interoperability framework. So we can take those two different frameworks in two different jurisdictions, and assess where they align, where they differ. And where they do differ, work out what those differences are, and work out how those differences can be mitigated. And is that by further alignment, by step up, by legal agreements? And to do that, we think we need a global interoperability framework, a meta framework, a framework of frameworks to compare frameworks to.

So, one of the things we’re going to be working on in our new global interoperability Working Group, which is kicking off on the 31st of January, is exploring precisely that question, how do we get two frameworks to interoperate? And that leaves the question of how do we get many frameworks to interoperate, which is why we think we need this global interoperability, this meta framework that sits across the top to make this happen.

And on top of that, we’ll be exploring how might that be governed? So how might that be done in a way that is independent, a lot of these frameworks will be government-driven, so enables government-to-government frameworks to communicate and strike agreements internationally with each other, without having to have lots of bilateral agreements from government to government, because that will take forever. That would be like doing trade agreements with every single country bilaterally, that doesn’t work. People do trade agreements in blocks, we need to leap beyond that to that entity to do identity trust agreements on a global basis. Let’s get this right, first time around.

Oscar: Yeah, I can see. So, a very good example you gave with two quite distant countries, Belgium and Indonesia, for example. And I get the idea that in different jurisdictions there are trust frameworks, but what is needed, the missing piece, is that global interoperable trust framework, and that is the – that is a piece that your team at the OIX is working right now. And both as part of the GAIN, the implementation of GAIN, but also I think this global interoperable trust framework is meant to be used also anywhere it can be used, correct?

Nick: Oh, absolutely. Yes, yes. So this is so – we already have a framework, which is intended as a global guide to frameworks at the moment. So you can come along to the OIX website, www.oix – sorry, http://www.openidentityexchange[in full].com. And on there is our guide to trust frameworks. And that details the contents of a trust framework, and it’s already there as a guide for those who need to understand what a trust framework is, what should be in it, and how to create it. So we already have that, so that’s been published a couple of years. That builds on the work we’ve done over the last 10 years around defining what a trust framework is. So that’s out there. We’re about to update that with the 2022 version, which I’ll talk about in a moment.

So the work we’re doing with GAIN is really taking that framework model we’ve got, and then using that to reason about how frameworks can interoperate. And from that, we expect to distil that there are key elements of a framework that are required for interoperability. And that’s where the term global interoperability framework is starting to come from. A lot of the things in our guide, they’re all important. But when you ask the interoperability question across frameworks, some are more important than others. And that’s the work we’re about to do with the GAIN initiative, to make that assessment. Whatever conclusions we reach there, again, conclusions are done where the Open Identity Exchange will be publishing our findings in an open way. And that framework would be able to be used by GAIN and the others looking to achieve the same objectives.

Our framework, though, our new framework that’s coming out, the trust framework 2022 is a massive evolution from the one that was previously published. One of the things we’ve done is taking a look at the way the markets moved over the past, I mean five years really, but in particular, since COVID, and that has emphasised the need for user-centric identity. We’ve seen a lot of self-sovereign based identities, verifiable credentials being used now to communicate the COVID certificates. We’ve seen the emergence of mobile driving licenses as a particular credential, digitised credential that can be gained by the user and put in a wallet and shared with others.

So we’ve moved our framework on to make sure it’s fully embracing of user-centric, self-sovereign identity. And we’ve changed some of the terminology. So we’ve moved to use, heavily use the term ‘credential’. So we talked about digitised credentials and derived credentials, that the digital identity, which could be a wallet, helps the user manage, gather, and manage those credentials and share them with others. So we’ve kind of taken a bit of a shift in our positioning and philosophy but we are remaining technology agnostic in that shift that we’ve made.

The other thing that we have really baked into that new version of the framework is that we see a digital identity is going to be useful for the user. If we just simply collect a set of digitised real-world credentials in a digital wallet- So if I end up with a wallet on my phone that’s got my passport and my driving license in it and my COVID certificate, that’s digitised some real-world credentials, documents, and given me them in an electronic form. That’s a great step forward.

But what the digital identity needs to do is really help the user in that process of both gathering that information, and more importantly, collating it to present to relying parties in a way that meets the rules of the relying party. So what you’ll see in our new trust framework, when it comes out, is an emphasis on a digital identity being able to understand the rules of the relying parties, the organisations that need to consume identity, and eligibility information, because we classed something like COVID information as eligibility information, and the digital identity can take those rules, and then work out, does the user have what they need to meet those rules?

So if it’s a question about, is the user COVID safe? What does COVID safe mean in this context? What is that question that’s being asked? Because COVID safe, COVID secure means different things, depending on who’s asking the question. If it’s a government wanting to let you into the country, versus a bar wanting to admit you to have some drinks, it’s a very different question. And everybody’s rules are different.

So the digital identity’s got to help the user through that process. It’s got to accept the request from the airline that saying, “Well, if you’re going to board me, you’ve got to be COVID safe. These are the rules. This is what I mean, by COVID safe. I mean, you’ve got to have a vaccine. And the vaccine has got to be one of these types. And you’ve got to have had a complete course of two vaccines. And it’s got to have been done with the last 14 days. And I mean, you’ve got to have a test. And that test has got to be completed in the last 24 hours. And it’s of this type, and it’s from one of these certified providers.”

So all of those rules, complex rules, the digital identity needs to help the user through. It needs to be intelligent, so that it can accept the request from the relying party, it can work out, well, yeah, the user’s have got the vaccine they need, that’s great. But they haven’t got the test that they need. So they need to go and get a test. So where can they go and get that test – it needs to help them through that process. It’s got to be intelligent. So you’ll start to hear us talking a lot about intelligent digital identity. And that that is going to be key to digital identity being a success.

Oscar: What is that intelligence – where it relies, in the application? Or…

Nick: So, from the user’s perspective, it needs to look to them as though it’s simply their digital identity is doing this for them. Technically, where does that sit? There are a number of options. So, if I’ve got a digital identity that’s cloud-based, or wallet-based, as part of the provision of that digital identity in the cloud, or in the wallet, that intelligence can be built in. So we’re talking there about an intelligent wallet, or an intelligent digital identity, where it has a rules engine in it.

So within our framework now, we’ve made it that a rules engine being present, that can interpret the rules and can work out how to answer the questions. And that can either be embedded in the wallet, or we’re talking about concepts of a rules agent. So where you can have a wallet, which is the thing that collects the information and collects derived information, and a rules agent who does the intelligent bit. So it’s the rules agent who takes the rules around being COVID safe, understands those, works out what credentials the user’s already got, helps the user get the ones that haven’t, and then derives the COVID safe status as a derived credential, enables the wallet to pass that on to the relying party.

So we see it’s very much as either it can all be in one intelligent digital identity, or it can be in a digital identity leveraging intelligent rules agents to achieve that goal. And again, the new framework paints both of those options as being completely valid.

Oscar: And all this is defined in the trust framework. That sounds powerful, I would say.

Nick: Yeah, we tried to make it as consumable as possible. So, at OIX, we’ve got the section on the guide, and we break the framework guide down into sections so it’s more easily consumable. So there’s a guide in there, really to what is a digital ID and how does it manage these credentials and gather them? How does it derive credentials like COVID safe from core credentials, like vaccines and tests? And then we dive into rules around things like identity assurance. Again, what are the rules around determining a level of assurance for an individual if that is required.

And most frameworks work on some kind of level of assurance, you’ve got low, substantial, high. In eIDAS, you’ve got low, medium, high. In the UK, you’ve got IALs and NIST… So when you get to that level of trust, and you’ve got a pre canned definitions of levels of trust, it gets quite complicated. So it’s really, there’s a whole section on that around identity assurance and how that is achieved.

Below the guide itself are more detailed guides. So we have a separate guide on identity assurance and authentication. We have separate guides on trust marks and how you mark, create and market a trust mark. We have guides on principles just to think, few things you should think about when creating principles. We’ve got another new guide coming out in February on everything that happens when something goes wrong. So from Help Desk to compensation, how should a digital identity ecosystem deal with those unhappy paths, and make sure all users have a good experience despite difficulties they may encounter?

And we also have a guide to fraud controls as well, which enables people creating identity ecosystems to understand. Unfortunately, digital identity will be targeted by fraudsters. It will become a honeypot, we’ve got to build the right flow controls at day one. So the overarching guide is really- there’s 25 different elements of the trust framework, what we’re doing is drilling into those 25 elements with more guides. There won’t be 25 of them, because we drill into several elements at once in a single guide. But we’re probably about halfway through in writing a full guide to digital identity. But the framework itself is complete and contains everything you need to do to create successful and trusted digital identities.

Oscar: Oh, it sounds very powerful as I said. And if I may, what is the ultimate name, the official name of this new trust framework?

Nick: The official name is OIX Trust Framework 2022. It’s the year, is the new version. So it will be launched on I’d say February the 3rd, we are planning a launch event. So for those of you who are OIX members, or if you sort of follow on the OIX website, there’ll be a launch event coming up early next week for you to come along and hear more about what’s in that framework and why we’ve done it and the intent behind making sure we’ve got intelligent digital IDs, not just collections of stuff in a wallet.

Oscar: Yeah, absolutely, I’m asking because people can easily find it. And also, to dig a bit more on the details of the actual work you’re doing. So, who it’s being created for, who should read this, this work that you are going to release?

Nick: So, it’s aimed at multiple audiences. And we also just announced from it, other information that is relevant to relying parties. So the overarching framework guide itself – if you were to want to write a framework from scratch, it contains everything you need to enable you to do that, and to understand what needs to be in a trust framework. There’s no other global guide that does that, that tells you what is a trust framework and what’s in it and how should it be governed? So that enables those creating trust frameworks to create them and evolve them. And you know, we’re hoping with the new version is people who’ve already got trust frameworks will look at the new version and say, “Yeah, we need to evolve our existing framework to move towards this provision of intelligent digital ID.”

And it enables those creating self-sovereign identities to understand how that identity would fit into a trust framework. And we are talking with the Trust Over IP Foundation about a partnership where the work they do and the work OIX do is more closely aligned. So hopefully more on that as we move further into 2022. It’s designed to explain trust frameworks to identity providers who might need to go and get certified and approved into a trust framework. And we distil from it a version that enables relying parties, organisations who consume trust frameworks, to also understand what a digital identity is.

However, they need a simpler view of the world. They’re interested in the bits that are relevant to them. So we have a separate guide called Getting Ready for Digital ID that positions what a digital ID is, why it should be intelligent, and what a framework does, in the context of a relying party that was launched back in October, and it’s available on the website now. So it’s designed to kind of multi– I mean their readership isn’t designed for its end users, really, but it’s relevant to the rest of the ID ecosystem.

Oscar: Yeah, excellent. That concept that you mentioned the intelligent ID that definitely intrigued me. I have to go and read that part at least and to know more. Sounds really powerful.

Nick: And what we’re going to use it for now. And this has always been our vision, is going back to what we’re doing on GAIN around global interoperability. So, having written it, brought it up to date, republished it, it now gives us the framework to start assessing global interoperability, and there’s already a section in it which talks about key elements for global interoperability. And we’re going to build out from that section and drill into the items we’ve highlighted in there to work out how do we create a framework that specifically enables interoperability. So enables us to do that and do that in a way that the terminology is consistent.

We’ve got a published benchmark to work from, because everyone’s– as frameworks have been written over the last, I guess, 10 years, OIX is proud to have influenced how a lot of them have been written, but it’s been evolutionary. So they’re all slightly different. And they’re all slightly different terms and structured things in slightly different ways. If we’re going to compare them and make them interoperable, we need something that’s standard to do that. And then so we would use the trust framework 2022 as that start point.

Oscar: Yeah. Makes a lot of sense. Anything else about this trust framework that you would like to share that we have not covered?

Nick: I think there’s a couple of things that we’re throwing out that are new. So, they move through the term credential. It does talk about these two things, digitise credentials and derived credentials. And that’s quite new. We’ve done a lot of work on this, a lot of thinking about what will those two terms mean.

So a digitised credential, we mean a digital version of a real-world thing like passport or driving license, a COVID vaccine, an education certificate. So these are the things that the self-sovereign world has been digitising, and is digitising. So they become part of a digital identity available in a wallet.

We’ve then got the term derived credential. And what that means – if we take digitised credentials, and then we derive other things from them. That might be simply deriving the person’s over 18. But we’re positioning that as a new credential that’s been derived from those other credentials. You might be determining that a person is COVID safe, which was the example earlier. We might be determining a level of assurance for the individual. So is this person eIDAS substantial? And we also position that as a derived credential, because it’s– you need to know what credentials it came from, when it was made, or what evidence was behind it, and how long it lasts. So if you have a person that’s over 18, they’re always over 18. So that’s the long-lasting derived credential. If you work out someone’s COVID safe, they probably are for a few weeks.

Oscar: Exactly. Yeah.

Nick: Yeah, work at a level of assurance it probably lasts months, or until something occurs that says its unsafe. So we thought it was important to have this separate type of credential, the derived credential, and it’s that those derived credentials are often the things that the relying parties need. If we’re going to do data minimisation, it’s the derived credential that data minimises the digitised credentials as they’re passed on to the relying party. So this construct digitised and derived credentials is quite key.

And the other thing to bring out that we’ve got is a new view on principles. So we’ve always had a user-centric view on principles in the framework. We talk about the four C’s are important for consumers, and we framed principles in terms that consumers would understand. And that’s always been really useful. But it didn’t map to more traditional principles that trust frameworks are built on. So we now got that mapping, we’ve got a set of traditional principles like data minimisation, privacy, security, and a set of user articulations on those principles around things like convenience, control, that enable a user view of the world and a ID ecosystem security, ethical view of the world to be mapped together to make sure actually, those principles are fulfilling user needs. So that’s an expanded section in the document that we’ve got at the moment.

We’ve also done quite a lot of work on roles. So we recognise the separate role of identity proofing provider, it’s just a specialist form of rules agent as we’ve created that in the trust framework. So all of that’s in there, as explained in the new framework. What we haven’t put in, or did debate quite a bit was the difference between centralised, decentralised and where federated fits. So we’ll be doing a subsequent piece of work in the trust framework working group to help explain those different terms of positioning to the market.

A lot of the questions I get from members, particularly new members are, what’s the difference between centralised, decentralised, distributed, and is federated the same as centralised? And it’s not. So we’ve done quite a bit of work on that already. It’s not ready for release just yet. But later in the year, we’ll be coming out with some views on, and hopefully clarity on, some of those terms to help the industry- to remove some industry confusion, because there’s quite a lot in the area at the moment.

Everything we do is members-driven, member-driven, so the need for clarity there is something our members are saying “Yeah, can you please sort this out and tell us properly what does distributed versus decentralised mean? Are they the same thing or different?” So that’s something we’re working on at the moment. So that’s something to watch out for. And you know, if you want to get involved in OIX, you can play a part in a definition of those, as well as the other things we’re working on around global interoperability. And we have a whole host of other working groups we’re just kicking off or continuing into 2022.

Oscar: Excellent. Well, this Trust Framework 2022 sounds super interesting. We’ll be following for sure. One more question for you, Nick. For all business leaders listening to us now, what is the one actionable idea that they should write on their agendas today?

Nick: So if you’re a business leader who is a consumer of an identity, a relying party, so if you, today, you run your own identity ecosystem to ID your customers, and are looking at moving to digital identity, then I would encourage you to start seriously thinking about getting ready for that now. Our getting ready paper is designed to help you understand what digital identity is all about, the benefits you’ll get as a business and what you should be looking for. And what you should be looking for is identity that comes from a trust framework, so that it has all the right rules, procedures, etc., around it that you can trust.

So a key thing we want at OIX is to try to help get that market going and help people understand what digital identity is. So if you’re a business leader in the relying party, please do have a look at that document and it’ll tell you a lot more about digital identity and what you should be looking for.

If you’re a business leader in the identity community, then start thinking intelligence. How can you install products that work for the user, not just user-centric, but the work for the user, help the user, assist the user? Because if we’re going to be successful, we’ve got to do that for the user, and got to make this easy. Because we know when things work for users they get adopted, when they work for the relying party, or they work for the ID provider or they work academically, they work from a security point of view. If they don’t work for the user, that’s all pretty academic. Make this work for the user to make it successful.

Oscar: Yes, I couldn’t agree more. And well, thanks a lot for this very interesting conversation and guiding us through the Trust Framework 2022, please let us know how people can follow the conversation with you or learn more about what OIX is doing.

Nick: Absolutely. So we’ve got the launch of that is on the third of February. So please look out for that on the OIX website. So the OIX website is www.openidentityexchange.org. So please come along to that. There you can find the guides, there you can find the information about becoming a member if you’re not already a member, and information about the working groups we are looking at the moment, which I say include global interoperability, we’re taking a fresh look at fraud, we’re looking at can we get relying party adoption moving more quickly? So there’s a whole host of things we’re looking at in 2022, which I’m sure would be of interest. So reach out to me directly so it’s [email protected].

Oscar: Perfect. Well, thanks a lot again, Nick, and all the best.

Nick: Thank you Oscar. It’s pleasure to talk to you today. And yeah, really excited about what 2022 is going to bring. Thank you.

Oscar: Thank you. Bye-bye.

Thanks for listening to this episode of Let’s Talk About Digital Identity, produced by Ubisecure. Stay up to date with episodes at ubisecure.com/podcast or join us on Twitter @ubisecure and use the #LTADI. Until next time.

[End of transcript]