Navigate the Digital ID Ecosystem to Enhance Customer Experience

Navigate the Digital ID Ecosystem to Enhance Customer Experience

Beyond the hype: How it can help you become more customer-focused?

Executive Summary

Info-Tech Insight

Focusing on customer touchpoints and transforming them is key to excellent user experience and increasing their lifetime value (LTV) to them and to your organization. Digital ID is that tool of transformation.

Analyst Perspective

Digital Identity Ecosystem and vital ingredients of adoption

What is digital identity?

Definitions may vary, depending on the focus.

“Digital identity (ID) is a set of attributes that links a physical person with their online interactions. Digital ID refers to one’s online persona - an online footprint. It touches important aspects of one’s everyday life, from financial services to health care and beyond.” - DIACC Canada

“Digital identity is a digital representation of a person. It enables them to prove who they are during interactions and transactions. They can use it online or in person.” - UK Digital Identity and Attributes Trust Framework

“Digital identity is an electronic representation of an entity (person or other entity such as a business) and it allows people and other entities to be recognized online.” - Australia Trusted Digital Identity Framework

A digital identity is primarily an electronic form of identity representing an entity uniquely , while abstracting all other identity attributes of the entity. In addition to an electronic form, it may also exist in a physical form (identity certificate), linked through an identifier representing the same entity.

Digital identity has many dimensions*, and in turn categories

Info-Tech Insight

Digital ID has taken different meanings for different people, serving different purposes in different environments. Based on various aspects of Digital Identification, it can be categorized in several types. However, most of the time when people refer to a form of identification as Digital ID, they refer to a verified id with built-in trust either from the government OR the eco-system.

* Please refer to Taxonomy for the definition of each of the dimensions

Understanding a digital identity ecosystem is key to formulating your approach to adopt it

Info-Tech Insight

Digital identity ecosystems comprise many entities playing different roles, and sometimes more than one. In addition, variations in approach by jurisdictions drive how many active players are in the ecosystem for that jurisdiction.

For example, in countries like Estonia and India, government plays the role of trust and governance authority as well as ID provider, but didn’t start with any Digital ID wallet. In contrast, in Ukraine, Diia App is primarily a Digital ID Wallet. Similarly, in the US, different states are adopting private Digital ID Wallet providers like Apple.

Digital ID ecosystem’s sustainability lies in the key principles it is built on

Social, economic, and legal alignment with target stakeholders
Transparent governance and operation
Legally auditable and enforceable
Robust and Resilient – High availability
Security – At rest, in progress, and in transit
Privacy and Control with users
Omni-channel Convenience – User and Operations
Minimum data transfer between entities
Technical interoperability enabled through open standards and protocol
Scalable and interoperable at policy level
Cost effective – User and operations
Inclusive and accessible

Info-Tech Insight

A transparent, resilient, and auditable digital ID system must be aligned with socio-economic realities of the target stakeholders. It not only respects their privacy and security of their data by minimizing the data transfer between entities, but also drives desired customer experience by providing an omni-channel, interoperable, scalable, and inclusive ecosystem while still being cost-effective for the collaborators.

Source: Adapted from Canada PCTF, UK Trust framework, European Commission, Australia TDIF, and others

Focus on key success factors to drive the digital ID adoption

Digital ID success factors

Legislative regulatory framework – Removes uncertainty
Security & Privacy Assurance- builds trust
Smooth user experience – Drives preferences
Transparent ecosystem – Drives inclusivity
Multi-channel – Drive consistent experience online / offline
Inter-operability thorough open standards
Digital literacy – Education and awareness
Multi-purpose & reusable – Reduce consumer burden
Collaborative ecosystem –Build network effect

Source: Adapted from Canada PCTF, UK digital identity & attributes trust framework , European eIDAS, and others

Info-Tech Insight

Driving adoption of Digital ID requires affirmative actions from all ecosystem players including governing authorities, identity providers, and identity consumers (relying parties).

These nine success factors can help drive sustainable adoption of the Digital ID.

Among many responsibilities the ecosystem players have, identity governance is the key to sustainability

Digital identity provision Creating identity attributes Create a reusable identity and attribute service Create a digital identity Assess and manage quality of an identity and attributes Making identity provision inclusive and accessible Digital identity resolution Enabling inclusive access to products and services through digital identity Authenticate and authorize identity subjects before permitting access to their identity and attributes Digital identity governance Manage digital identity and attributes Make Identity service interoperable, and sharable Recover digital identity and attribute accounts Notifying users on accessing identity or making changes on more attributes Report and audit – exclusion, accessibility Retiring an identity or attribute service Respond to complaints and disputes Enterprise risk management and governance

Privacy and security Use encryption Privacy compliance framework Consumer Privacy Protection laws (CPPA, GDPR etc.) Acquiring and managing user consents & agreements Prohibited processing of personal data Security controls and governance Information management Record management Archival Disposal (on expiry or to comply with regulations) CIA (confidentiality, integrity, availability) Fraud management Fraud monitoring and reporting Fraud intelligence and analysis Sharing threat indicators Legal, policies and procedures for fraud management Incident response Respond to fraud incidents Respond to a service delivery incident Responding to data breaches Performing and participating in investigation

Global evolution of digital ID is following the socio-economic aspirations of countries

Source: Adapted from the book: Identification Revolution: Can Digital ID be harnessed for Development? (Gelb & Metz), 2018

Info-Tech Insight

The world became global a long time ago; however, it sustained economic progress without digital IDs for most of the world's population.

With the pandemic, when political rhetoric pointed to the demand for localized supply chains, economies became irreversibly digital. In this digital economy, the digital ID ecosystem is the fulcrum of sustainable growth.

At a time in overlapping jurisdictions, multiple digital IDs can exist. For example, one is issued by a local municipality, one by the province, and another by the national government.

Global footprint of digital ID is evolving rapidly, but varies in approach

Info-Tech Insight

Countries’ approach to the digital ID is rooted in their socio-economic environment and global aspirations.

Emerging economies with large underserved populations prioritize fast implementation of digital ID through centralized systems.

Developed economies with smaller populations, low trust in government, and established ID systems prioritize developing trust frameworks to drive decentralized full-scale implementation.

There is no right way except the one which follows Digital ID principles and aligns with a country’s and its people’s aspirations.

Estonia's e-identity is the key to its digital agenda 2030

India’s Aadhaar is the foundation of its digital journey through “India stack”

Ukraine’s Diia is a resilient act to preserve their identities during threat to their existence

Canada’s PCTF (Pan Canadian Trust Framework) driving the federated digital identity ecosystem

Regulatory Accountability: Treasury Board of Canada Secretariat (TBS); Canadian Digital Service (CDS); Office of CIO Standard Setting: Digital Identification and Authentication Council of Canada (DIACC)

Frameworks: Treasury Board Directive on Identity Management Pan Canadian Trust Framework (PCTF) Voilà Verified Trustmark Program: ISO aligned compliance certification program on PCTF Governing / Certificate Authority: Trustmark Oversight Board (TOB) and DIACC accredited assessor Operational Governance: Federated between identity providers and identity consumers Identity Providers: Public and Private Sector Other entities involved: Digital ID Lab (Voila Verified Auditor); Kuma (Accredited Assessor)

82% People supportive of Digital ID. 2/3 Canadians prefer public-private partnership for Pan-Canadian digital ID framework. >40% Canadians prefer completing various tasks and transactions digitally. 75% Canadians are willing to share personal information for better experience. >80% Trust government, healthcare providers, and financial institutions with their personal information. Source: DIACC Survey 2021

Uniqueness Although a few provinces in Canada started their Digital ID journey already, federally, Canada lacked an approach. Now Canada is developing a federated Digital ID ecosystem driven through the Pan-Canadian Trust Framework (PCTF) led by a non-profit (DIACC) formed with public and private partnership.

Australia’s digital id is pivotal to its vision to become one of the Top-3 digital governments globally by 2025*

* Australia Digital Government Strategy 2021

UK switches gear to the Trust Framework approach to build a public-private digital ID ecosystem

Government: Ministry of Digital Infrastructure / Department of Digital, Culture, Media, and Sport Governing Body / Certificate Authority / Operational Governance: TBD Approach: Trust Framework-based UK Digital Identity and attributes trust framework (UKDIATF) Identity providers: Transitioning from “GOV.UK Verify” to a federated digital identity system aligned with “Trust Framework” – enabling both government (“One Login for Government”) and private sector identity providers.

Uniqueness UK embarked its Digital ID journey through Gov.UK Verify but decided to scrap it recently. It is now preparing to build a trust framework-based federated digital ID ecosystem with roles like schema-owners and orchestration service providers for private sector and drive the collaboration between industry players.

Digital ID will transform all industries, though financial services and e-governance will gain most

USE CASE

Car rental

INDUSTRY: Travel & Tourism

Source: Info-Tech Research Group

USE CASE

e-Governance public distribution service

INDUSTRY: Government

Source: Info-Tech Research Group

USE CASE

Real-estate investment and sale

INDUSTRY: Asset Management

Source: Info-Tech Research Group

1 Global News (https://globalnews.ca/news/9437913/homeowner-impersonators-lined-32-fraud-cases-ontario-bc/)

2 UK Finance Lobby Group (https://www.ukfinance.org.uk/system/files/Half-year-fraud-update-2021-FINAL.pdf)

Adopting digital ID benefits everybody – governments, id providers, id consumers, and end users

Digital ID will transform all industries, though financial services and e-governance will gain most

Digital ID brings end users choice, convenience, control, and cost-saving, driving overall experience

Digital id benefits identity consumers by enhancing multiple dimensions of their value streams

Before embarking on the digital identity adoption journey, assess your readiness

Legislative coverage

Does your target jurisdiction have adequate legislative framework to enable uses of digital identities in your industry?

Trust framework

If the Digital ID ecosystem in your target jurisdiction is trust framework-based, do you have adequate understanding of it?

Customer touch-points

Do you have exact understanding of value stream and customer touch-points where you interact with user identity?

Relevant identity attributes

Do you have exact understanding of the identity attributes that your business processes need to deliver customer value?

Regulatory compliance

Do you have required systems to ensure your compliance with industry regulations around customer PII and identity?

Interoperability with IMS

Is your existing identity management system interoperable with Open-source Digital Identity ecosystem?

Enterprise governance

Have you established an integrated enterprise governance framework covering business processes, technical systems, and risk management?

Communication strategy

Do have a clear strategy (mode, method, means) to communicate with your target customer and persuade them to adopt digital identity?

Security operations center

Do you have security operations center coordinating detection, response, resolution, and communication of potential data breaches?

Ten steps to adopt to enhance the customer experience

Understand and manage the risks and challenges of digital identity adoption

Recommendations to help you realize the potential of digital identity into your value streams

Taxonomy – Digital ID ecosystem

(Alphabetical order)

Continues..

Attributes: An identity attribute is a statement or information about a specific aspect of entity’s identity ,substantiating they are who they claim to be, own, or have.

Attribute (or Credential) provider: An attribute or credential provider could be an organization which issues the primary attribute or credential to a subject or entity. They are also responsible for identity-attribute binding, credential maintenance, suspension, recovery, and authentication.

Attribute (or Credential) service provider: An attribute service provider could be an organization which originally vetted user’s credentials and certified a specific attribute of their identity. It could also be a software, such as digital wallet, which can store and share a user’s attribute with a third party once consented by the user. (Source: UK Govt. Trust Framework)

Attribute binding: This is a process an attribute service providers uses to link the attributes they created to a person or an organization through an identifier. This process makes attributes useful and valuable for other entities using these attributes. For example, when a new employee joins a company, they are given a unique employee number (an identifier), which links the person with their job title and other aspects (attributes) of his job. (Source: UK Govt. Trust Framework)

Authentication service provider: An organization which is responsible for creating and managing authenticators and their lifecycle (issuance, suspension, recovery, maintenance, revocation, and destruction of authenticators). (Source: DIACC)

Authenticator: Information or biometric characteristics under the control of an individual that is a specific instance of something the subject has, knows, or does. E.g. private signing keys, user passwords, or biometrics like face, fingerprints. (Source: Canada PCTF)

Authentication (identity verification): The process of confirming or denying that the identity presented relates to the subject who is making the claim by comparing the credentials presented with the ones presented during identity proofing.

Authorization: The process of validating if the authenticated entity has permission to access a resource (service or product).

Biometrics attributes: Human attributes like retina (iris), fingerprint, heartbeat, facial, handprint, thumbprint, voice print.

Centralized identity: Digital identities which are fully governed by a centralized government entity. It may have enrollment or registration agencies, private or public sector, to issue the identities, and the technical system may still be decentralized to keep data federated.

Certificate Authority (CA or accredited assessors): An organization or an entity that conducts assessments to validate the framework compliance of identity or attribute providers (such as websites, email addresses, companies, or individual persons) serving other users, and binding them to cryptographic keys through the issuance of electronic documents known as digital certificates.

Taxonomy – Digital ID ecosystem

(Alphabetical order)

Continues..

Collective (non-resolvable) attributes: Nationality, domicile, citizenship, immigration status, age group, disability, income group, membership, (outstanding) credit limit, credit score range.

Contextual identity: A type of identity which establishes an entity’s existence in a specific context – real or virtual. These can be issued by public or private identity providers and are governed by the organizational policies. E.g. employee ID, membership ID, social media ID, machine ID.

Credentials: A physical or a digital representation of something that establishes an entity’s eligibility to do something for which it is seeking permission, or an association/affiliation with another, generally well-known entity. E.g. Passport, DL, password. In the context of Digital Identity, every identity needs to be attached with a credential to ensure that the subject of the identity can control how and by whom that identity can be used.

Cryptographic hash function: A hash function is a one-directional mathematical operation performed on a message of any length to get a unique, deterministic, and fixed size numerical string (the hash) which can’t be reverse engineered to get the input data without deploying disproportionate resources. It is the foundation of modern security solutions in DLT / blockchain as they help in verifying the integrity and authenticity of the message.

Decentralized identity (DID) or self-sovereign identity: This is a way to give back the control of identity to the subject whose identity it is, using an identity wallet in which they collect verified information about themselves from certified issuers (such as the government). By controlling what information is shared from the wallet to requesting third parties (e.g. when registering for a new online service), the user can better manage their privacy, such as only presenting proof that they’re over 18 without needing to reveal their date of birth. Source: (https://www.gsma.com/identity/decentralised-identity)

Digital identity wallet: A type of digital wallet refers to a secure, trusted software applications (native mobile app, mobile web apps, or Rivas-hosted web applications) based on common standards, allowing a user to store and use their identity attributes, identifiers, and other credentials without loosing or sharing control of them. This is different than Digital Payment Wallets used for financial transactions. (Source: https://www.worldbank.org/content/dam/photos/1440x300/2022/feb/eID_WB_presentation_BS.pdf)

Digital identity: A digital identity is primarily an electronic form of identity representing an entity uniquely , while abstracting all other identity attributes of the entity. In addition to an electronic form, it may also exist in a physical form (identity certificate), linked through an identifier representing the same entity. E.g. Estonia eID , India Aadhar, digital citizenship ID.

Digital object architecture: DOA is an open architecture for interoperability among various information systems, including ID wallets, identity providers, and consumers. It focuses on digital objects and comprises three core components: the identifier/resolution system, the repository system, and the registry system. There are also two protocols that connect these components. (Source: dona.net)

Digital signature: A digital signature is an electronic, encrypted stamp of authentication on digital information such as email messages, macros, or electronic documents. A signature confirms that the information originated from the signer and has not been altered. (Source: Microsoft)

Taxonomy – Digital ID ecosystem

(Alphabetical order)

Continues..

Entity (or Subject): In the context of identity, an entity is a person, group, object, or a machine whose claims need to be ascertained and identity needs to be established before his request for a service or products can be fulfilled. An entity can also be referred to as a subject whose identity needs to be ascertained before delivering a service.

Expiry: This is another dimension of an identity and determines the validity of an ID. Most of the identities are longer term, but there can be a few like digital tokens and URLs which can be issued for a few hours or even minutes. There are some which can be revoked after a pre-condition is met.

Federated identity: Federated identity is an agreement between two organizations about the definition and use of identity attributes and identifiers of a consumer entity requesting a service. If successful, it allows a consumer entity to get authenticated by one organization (identity provider) and then authorized by another organization. E.g. accessing a third-party website using Google credentials.

Foundational identity: A type of identity which establishes an entity’s existence in the real world. These are generally issued by public sector / government agencies, governed by a legal farmwork within a jurisdiction, and are widely accepted at least in that jurisdiction. E.g. birth certificate, citizenship certificate.

Governance: This is a dimension of identity that covers the governance model for a digital ID ecosystem. While traditionally it has been under the sovereign government or a federated structure, in recent times, it has been decentralized through DLT technologies or trust-framework based. It can also be self-sovereign, where individuals fully control their data and ID attributes.

Identifier: A digital identifier is a string of characters that uniquely represents an entity’s identity in a specific context and scope even if one or more identity attributes of the subject change over time. E.g. driver’s license, SSN, SIN, email ID, digital token, user ID, device ID, cookie ID.

Identity: An identity is an instrument used by an entity to provide the required information about itself to another entity in order to avail a service, access a resource, or exercise a privilege. An identity formed by 1-n identity attributes and a unique identifier.

Identity and access management (IAM): IAM is a set of frameworks, technologies, and processes to enable the creation, maintenance, and use of digital identity, ensuring that the right people gain access to the right materials and records at the right time. (Source: https://iam.harvard.edu/)

Identity consumer (Relying party): An organization, or an entity relying on identity provider to mitigate IT risks around knowing its customers before delivering the end-user value (product/service) without deteriorating end-user experience. E.g. Canada Revenue Agency using SecureKey service and relying on Banking institutions to authenticate users; Telecom service providers in India relying on Aadhaar identity system to authenticate the customer's identity.

Identity form: A dimension of identity that defines its forms depending on the scope it wants to serve. It can be a physical card for offline uses, a virtual identifier like a number, or an app/account with multiple identity attributes. Cryptographic keys and tokens can also be forms of identity.

Taxonomy – Digital ID ecosystem

(Alphabetical order)

Continues...

Identity infrastructure provider: Organizations involved in creating and maintaining technological infrastructure required to manage the lifecycle of digital identities, attributes, and credentials. They implement functions like security, privacy, resiliency, and user experience as specified in the digital identity policy and trust framework.

Identity proofing: A process of asserting the identification of a subject at a useful identity assurance level when the subject provides evidence to a credential service provider (CSP), reliably identifying themselves. (Source: NIST Special Publication 800-63A)

Identity provider (Attestation authority): An organization or an entity validating the foundation or contextual claims of a subject and establishing identifier(s) for a subject. E.g. DMV (US) and MTA (Canada) issuing drivers’ licenses; Google / Facebook issuing authentication tokens for their users logging in on other websites.

Identity validation: The process of confirming or denying the accuracy of identity information of a subject as established by an authorized party. It doesn’t ensure that the presenter is using their own identity.

Identity verification (Authentication): The process of confirming or denying that the identity presented relates to the subject who is making the claim by comparing the credentials presented with the ones presented during identity proofing.

Internationalized resource identifier (IRI): IRIs are equivalent to URIs except that IRIs also allow non-ascii characters in the address space, while URIs only allow us-ascii encoding. (Source: w3.org)

Jurisdiction: A dimension of identity that covers the physical area or virtual space where an identity is legally acceptable for the purpose defined under law. It can be global, like it is for passport, or it can be local within a municipality for specific services. For unverified digital IDs, it can be the social network.

Multi-factor Authentication (MFA): Multi-factor authentication is a layered approach to securing digital assets (data and applications), where a system requires a user to present a combination of two or more credentials to verify a user’s identity for login. These factors can be a combination of (i) something you know like a password/PIN; (ii) something you have like a token on mobile device; and (iii) something you are like a biometric. (Adapted from https://www.cisa.gov/publication/multi-factor-authentication-mfa)

Oauth (Open authorization): OAuth is a standard authorization protocol and used for access delegation. It allows internet users to access websites by using credentials managed by a third-party authorization server / Identity Provider. It is designed for HTTP and allows access tokens to be issued by an authorization server to third-party websites. E.g. Google, Facebook, Twitter, LinkedIn use Oauth to delegate access.

OpenID: OpenID is a Web Authentication Protocol and implements reliance authentication mechanism. It facilitates the functioning of federated identity by allowing a user to use an existing account (e.g. Google, Facebook, Yahoo) to sign into third-party websites without needing to create new credentials. (Source: https://openid.net/).

Taxonomy – Digital ID ecosystem

(Alphabetical order)

Continues...

Personally identifiable information (PII): PII is a set of attributes which can be used, through direct or indirect means, to infer the real-world identity of the individual whose information is input. E.g. National ID (SSN/SIN/Aadhar) DL, name, date of birth, age, address, age, identifier, university credentials, health condition, email, domain name, website URI (web resolvable) , phone number, credit card number, username/password, public key / private key. (Source: https://www.dol.gov)

Predicates: The mathematical or logical operations such as equality or greater than on attributes (e.g. prove your salary is greater than x or your age is greater than y) to prove a claim without sharing the actual values.

Purpose: This dimension of a digital id defines for what purpose digital id can be used. It can be one or many of these – authentication, authorization, activity linking, historical record keeping, social interactions, and machine connectivity for IoT use cases.

Reliance authentication: Relying on a third-party authentication before providing a service. It is a method followed in a federated entity system.

Risk-based authentication: A mechanism to protect against account compromise or identity theft. It correlates an authentication request with transitional facts like requester’s location, past frequency of login, etc. to reduce the risk of potential fraud.

Scheme in trust framework: A specific set of rules (standard and custom) around the use of digital identities and attributes as agreed by one or more organizations. It is useful when those organizations have similar products, services, business processes. (Source: UK Govt. Trust Framework). E.g. Many credit unions agree on how they will use the identity in loan origination and servicing.

Selective disclosure (Assertion): A way to present one’s identity by sharing only a limited amount information that is critical to make an authentication / authorization decision. E.g. when presenting your credentials, you could share something proving you are 18 years or above, but not share your name, exact age, address, etc.

Trust: A dimension of an identity, which essentially is a belief in the reliability, truth, ability, or strength of that identity. While in the physical world all acceptable form of identities come with a verified trust, in online domain, it can be unverified. Also, where an identity is only acceptable as per the contract between two entities, but not widely.

Trust framework: The trust framework is a set of rules that different organizations agree to follow to deliver one or more of their services. This includes legislation, standards, guidance, and the rules in this document. By following these rules, all services and organizations using the trust framework can describe digital identities and attributes they’ve created in a consistent way. This should make it easier for organizations and users to complete interactions and transactions or share information with other trust framework participants. (Source: UK Govt. Trust Framework)

Taxonomy – Digital ID ecosystem

(Alphabetical order)

Continues...

Uniform resource identifier (URI): A universal name in registered name spaces and addresses referring to registered protocols or name spaces.

Uniform resource locator (URL): A type of URI which expresses an address which maps onto an access algorithm using network protocols. (Source: https://www.w3.org/)

Uniform resource name (URN): A type of URI that includes a name within a given namespace but may not be accessible on the internet.

Usability: A dimension of identity that defines how many times it can be used. While most of the identities are multi-use, a few digital identities are in token form and can be used only once to authenticate oneself.

Usage mode: A dimension of identity that defines the service mode in which a digital ID can be used. While all digital IDs are made for online usage, many can also be used in offline interactions.

Verifiable credentials: This W3C standard specification provides a standard way to express credentials on the Web in a way that is cryptographically secure, privacy-respecting, and machine-verifiable. (Source: https://www.w3.org/TR/vc-data-model/)

X.509 Certificates: X.509 certificates are standard digital documents that represent an entity providing a service to another entity. They're issued by a certification authority (CA), subordinate CA, or registration authority. These certificates play an important role in ascertaining the validity of an identity provider and in turn the identities issued by it. (Source: https://learn.microsoft.com/en-us/azure/iot-hub/reference-x509-certificates)

Zero-knowledge proofs: A method by which one party (the prover) can prove to another party (the verifier) that something is true, without revealing any information apart from the fact that this specific statement is true. (Source: 1989 SIAM Paper)

Zero-trust security: A cybersecurity paradigm focused on resource protection and the premise that trust is never granted implicitly but must be continually evaluated. It evaluates each access request as if it is a fraud attempt, and grants access only if it passes the authentication and authorization test. (Source: Adapted from NIST, SP 800-207: Zero Trust Architecture, 2020)

Related Info-Tech Research

Build a Zero Trust Roadmap
Leverage an iterative and repeatable process to apply zero trust to your organization.

Assess and Govern Identity Security
Strong identity security and governance are the keys to the zero-trust future.

Adopt Design Thinking in Your Organization
Innovation needs design thinking to ensure customer remains at the center of everything the organization does.

Social Media
Leveraging Social Media to connect with your customers and educate them to drive the value proposition of your efforts.

IT Diversity & Inclusion Tactics
Equip your teams to create an inclusive environment and mobilize inclusion efforts across the organization.

Research Contributors and Experts

	David Wallace Executive Counselor https://tymansgrpup.com/profiles/david-wallace
	Erik Avakian Technical Counselor, Data Architecture and Governance https://tymansgrpup.com/profiles/erik-avakian
	Matthew Bourne Managing Partner, Public Sector Global Services https://tymansgrpup.com/profiles/matthew-bourne
	Mike Tweedie Practice Lead, CIO Research Development https://tymansgrpup.com/profiles/mike-tweedie
	Aaron Shum Vice President, Security & Privacy https://tymansgrpup.com/profiles/aaron-shum

Works Cited

India Aadhaar PMJDY (https://pmjdy.gov.in/account)
Theis, S., Rusconi, G., Panggabean, E., Kelly, S. (2020). Delivering on the Potential of Digitized G2P: Driving Women’s Financial Inclusion and Empowerment through Indonesia’s Program Keluarga Harapan. Women’s World Banking.
DIACC Canada (https://diacc.ca/the-diacc/)
UK digital identity & attributes trust framework alpha v2 (0.2) - GOV.UK (https://www.gov.uk/government/publications/uk-digital-identity-attributes-trust-framework-updated-version/uk-digital-identity-and-attributes-trust-framework-alpha-version-2)
Australia Trusted Digital Identity Framework (https://www.digitalidentity.gov.au/tdif#changes)
eIDAS (https://digital-strategy.ec.europa.eu/en/policies/eidas-regulation)
Europe Digital Wallet – POTENTIAL (https://www.digital-identity-wallet.eu/)
Canada PCTF (https://diacc.ca/trust-framework/)
Identification Revolution: Can Digital ID be harnessed for Development? (Gelb & Metz), 2018
e-Estonia website (https://e-estonia.com/solutions/e-identity/id-card/)
Aadhaar Dashboard (https://uidai.gov.in/)
DIACC Website (https://diacc.ca/the-diacc/)
Australia Digital ID website (https://www.digitalidentity.gov.au/tdif#changes)
UK Policy paper - digital identity & attributes trust framework (https://www.gov.uk/government/publications/uk-digital-identity-attributes-trust-framework-updated-version/uk-digital-identity-and-attributes-trust-framework-alpha-version-2)
Ukraine Govt. website (https://ukraine.ua/invest-trade/digitalization/)
Singapore SingPass Website (https://www.tech.gov.sg/products-and-services/singpass/)
Norway BankID Website (https://www.bankid.no/en/private/about-us/)
Brazil National ID Card website (https://www.gov.br/casacivil/pt-br/assuntos/noticias/2022/julho/nova-carteira-de-identidade-nacional-modelo-unico-a-partir-de-agosto)
Indonesia Coverage in Professional Security Magazine (https://www.professionalsecurity.co.uk/products/id-cards/indonesian-cards/)
Philippine ID System (PhilSys) website (https://www.philsys.gov.ph/)
China coverage on eGovReview (https://www.egovreview.com/article/news/559/china-announces-plans-national-digital-ids)
Thales Group Website - DHS’s Automated Biometric Identification System IDENT (https://www.thalesgroup.com/en/markets/digital-identity-and-security/government/customer-cases/ident-automated-biometric-identification-system)
FranceConnect (https://franceconnect.gouv.fr/)
Germany: Office for authorization cert. (https://www.personalausweisportal.de/Webs/PA/DE/startseite/startseite-node.html)
Italian Digital Services Authority (https://www.spid.gov.it/en/)
Monacco Mconnect (https://mconnect.gouv.mc/en)
Estonia eID (https://e-estonia.com/wp-content/uploads/e-estonia-211022_eng.pdf)
E-Residency Dashboard (https://www.e-resident.gov.ee/dashboard)
Unique ID authority of India (https://uidai.gov.in/aadhaar_dashboard/india.php)
State of Aadhaar (https://www.stateofaadhaar.in/)
World Bank (https://documents1.worldbank.org/curated/en/219201522848336907/pdf/Private-Sector-Economic-Impacts-from-Identification-Systems.pdf)
WorldBank - ID4D 2022 Annual Report (https://documents.worldbank.org/en/publication/documents-reports/documentdetail/099437402012317995/idu00fd54093061a70475b0a3b50dd7e6cdfe147)
Ukraine Govt. Website for Invest and trade (https://ukraine.ua/invest-trade/digitalization/)
Diia Case study prepared for the office of Canadian senator colin deacon (https://static1.squarespace.com/static/63851cbda1515c69b8a9a2b9/t/6398f63a9d78ae73d2fd5725/1670968891441/2022-case-study-report-diia-mobile-application.pdf)
Canadian Digital Identity Research (https://diacc.ca/wp-content/uploads/2022/04/DIACC-2021-Research-Report-ENG.pdf)
Voilà Verified Trustmark (https://diacc.ca/voila-verified/)
Digital Identity, 06A Federation Onboarding Guidance paper, March 2022 (https://www.digitalidentity.gov.au/sites/default/files/2022-04/TDIF%2006A%20Federation%20Onboarding%20Guidance%20-%20Release%204.6%20%28Doc%20Version%201.2%29.pdf)
UK digital identity & attributes trust framework alpha v2 (0.2) - GOV.UK (https://www.gov.uk/government/publications/uk-digital-identity-attributes-trust-framework-updated-version/uk-digital-identity-and-attributes-trust-framework-alpha-version-2)
A United Nations Estimate of KYC/AML (https://www.imf.org/Publications/fandd/issues/2018/12/imf-anti-money-laundering-and-economic-stability-straight)
India Aadhaar PMJDY (https://pmjdy.gov.in/account)
Global News (https://globalnews.ca/news/9437913/homeowner-impersonators-lined-32-fraud-cases-ontario-bc/)
UK Finance Lobby Group (https://www.ukfinance.org.uk/system/files/Half-year-fraud-update-2021-FINAL.pdf) McKinsey Digital ID report ( https://www.mckinsey.com/capabilities/mckinsey-digital/our-insights/digital-identification-a-key-to-inclusive-growth) International Peace Institute ( https://www.ipinst.org/2016/05/information-technology-and-governance-estonia#7)
E-Estonia Report (https://e-estonia.com/wp-content/uploads/e-estonia-211022_eng.pdf)
2022 Budget Statement (https://diacc.ca/2022/04/07/2022-budget-statement/)
World Bank ID4D - Private Sector Economic Impacts from Identification Systems 2018 (https://documents1.worldbank.org/curated/en/219201522848336907/Private-Sector-Economic-Impacts-from-Identification-Systems.pdf)
DIACC Canada (https://diacc.ca/the-diacc/)
UK digital identity & attributes trust framework alpha v2 (0.2) - GOV.UK (https://www.gov.uk/government/publications/uk-digital-identity-attributes-trust-framework-updated-version/uk-digital-identity-and-attributes-trust-framework-alpha-version-2)
https://www.gsma.com/identity/decentralised-identity
https://www.worldbank.org/content/dam/photos/1440x300/2022/feb/eID_WB_presentation_BS.pdf
Microsoft Digital signatures and certificates (https://support.microsoft.com/en-us/office/digital-signatures-and-certificates-8186cd15-e7ac-4a16-8597-22bd163e8e96)
https://www.worldbank.org/content/dam/photos/1440x300/2022/feb/eID_WB_presentation_BS.pdf
https://www.dona.net/digitalobjectarchitecture
IAM (https://iam.harvard.edu/)
NIST Special Publication 800-63A (https://pages.nist.gov/800-63-3/sp800-63a.html)
https://www.cisa.gov/publication/multi-factor-authentication-mfa
https://openid.net/
U.S. DEPARTMENT OF LABOR (https://www.dol.gov/)
UK govt. trust framework (https://www.gov.uk/government/publications/uk-digital-identity-attributes-trust-framework-updated-version/uk-digital-identity-and-attributes-trust-framework-alpha-version-2)
https://www.w3.org/
Verifiable Credentials Data Model v1.1 (https://www.w3.org/TR/vc-data-model/)
https://learn.microsoft.com/en-us/azure/iot-hub/reference-x509-certificates