ID2020 Certification: feedback and next steps
ID2020 Certification: Feedback & Next Steps
Convener: Aiden Slavin & Dakota Gruener
Notes-taker(s): Dakota Gruener
Tags for the session - technology discussed/ideas considered:
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:
Attendees: Aiden Slavin, Brian Behlendorf, Cam Parra , Nathan George, Sam Goto, Lawrence Liu, Dakota Gruener, Jeffrey Hallett, Todd Gehrke, AJ Finema, Maryam Shahid
Overview of the ID2020 Alliance and ID2020’s certification initiative
- ID2020 is a global-public private partnership focused on privacy-protecting, portable and decentralized digital ID. Partners include Microsoft, Accenture, Gavi, the Vaccine Alliance,
- The alliance is meant to drive critical mass on three levels:
- Agreement on principles and norms around what defines “good” digital ID (and what defines “bad” ID) >> advocacy and regulatory engagement.
- Development and adoption of interoperable “good” digital ID solutions >> ID2020 certification
- Uptake of ethical digital ID programs >> program support, either through our grant-making or advisory engagements
- ID2020 defines four key principles for good ID: private, portable, personal and persistent
ID2020 certification sets a floor for digital ID solutions. Meant to:
- Race to the top: as certified products gain distinction in the marketplace, the entire market shifts towards good digital ID
- Drives convergence on technical standards for interoperability
- Provide valuable shorthand for organizations looking to implement digital identity systems, particularly for those without great technical depth.
- Product differentiation: companies can demonstrate their adherence to the highest ethical standards by certifying their products as ID2020 compliant
Requirements were established by ID2020’s Technical Advisory Committee. They are updated annually. Requirements here: http://docs.google.com/document/d/1X8wKvPr-xEnF43BK0Bg-qK-woVspQirP27bChEW8Y8Y/edit ID2020
- We are just about to begin the first annual review. Call to the IIW community to provide input on how these can be expanded or improved upon.
- One key question: there is a tension between need to be solution-agnostic and flexible in terms of how solution providers achieve the requirements and the need for some amount of prescriptive-ness around standards in order to drive meaningful interoperability.
Importance of stories from the ground, both to strengthen the solution requirements and inspire the technical community.
Necessity of ensuring we don’t take short-cuts now that bite us later. What is good enough, not just for the immediate need, but also longer-term?
- In the context of COVID, the certification mark could be used as a third-party measure of what’s good enough. Embed in RFP processes for immunity / health status certificate programs.
On the horizon (and suggestions to expand the impact of this work):
- ID2020 certification expands beyond certification of end-to-end solutions to auditing implementations of these solutions, ensuring that not only is the technology good, but that the deployment of the technology adheres to ID2020’s values
- Upcoming annual review cycle:
- Todd: need to ensure that each requirements is easy to measure; some currently a bit objective
- Brian: marketing necessary to build the case for why organizations should verifiable credentials. Create a series of videos (slickly produced) that could be put in front of the general population to see the workflow, understand why it’s safe.
- Todd: recommend design patterns (i.e. show what iRespond is doing for biometrics)
ZOOM CHAT WINDOW
From cam-parra to Everyone: (12:43 PM) I have to hop off the call. Thanks everyone this was a really insightful call :)
From Aiden Slavin to Everyone: (12:43 PM) Thanks! http://docs.google.com/document/d/1X8wKvPr-xEnF43BK0Bg-qK-woVspQirP27bChEW8Y8Y/edit ID2020 Technical Requirements ^
From Brian Behlendorf to Everyone: (01:03 PM) http://raw.githubusercontent.com/DP-3T/documents/master/public_engagement/cartoon/en/shortened_onepage.png
From Nathan George to Everyone: (01:04 PM) Worse execution of the same principle https://people.redhat.com/duffy/selinux/selinux-coloring-book_A4-Stapled.pdf
From Brian Behlendorf to Everyone: (01:04 PM) http://vimeo.com/378793095 <-- Accenture video, high production quality, on traceable supply chain
From Aiden Slavin to Everyone: (01:06 PM)
Evaluation reports of two so-far certified
From Nathan George to Everyone: (01:06 PM) Those systems are *awesome* credential issuers, they just need more interoperability system for them
From Aiden Slavin to Everyone: (01:09 PM) Please provide further feedback to: Aiden@id2020.org