The Third Wave in Digital Identity
Rod Boothby
Digital Identity Product Leader | 2X Co-Founder CEO, COO | Quant | Ex Wells Fargo, AIG, E&Y, Santander, npm Inc. and IDPartner
We are entering the third wave in digital Identity.
In the first wave, companies gave IDs and passwords their employees so they could access work systems. Companies like Novell offered Directory Services servers to manage logins. Eventually, this led to standards like LDAP. Today, solutions like Microsoft’s Active Directory provide this service.?
In the second digital wave, businesses gave customers IDs and passwords to access services delivered over the Internet. This is the dominant system used today. It means companies spend a fortune on managing and cleaning data. It has resulted in an endless stream of fake accounts, fake reviews, bots and trolls. And it is difficult for users who must maintain hundreds of IDs and passwords.
We are now at the beginning of the third wave. People are asking “Why can’t we have just one ID? A way to be trusted everywhere and a way to control how our information is shared?”
In the third wave of digital identity, people with bring their own trusted digital identity. Global Open-ID standards mean they can use it everywhere. They will work with a trusted 3rd party to make sure they are trusted everywhere without compromising their privacy.
Financial services companies have an opportunity to be the trusted 3rd party verifier in this new wave for identity management. That’s why I have been co-chair of the Open Digital Trust Initiative at the IIF. And why we are working with the OIX - Open Identity Exchange, Cloud Signature Consortium, Open-ID Foundation and GLEIF to develop open-source global standards to deliver these services. It’s called GAIN, which stands for Global Assured Identity Network. The GAIN DIGITAL TRUST paper describes a proposed standard.
It’s based on an idea first developed 20 years ago in the Nordics. In Sweden and Norway, you don’t login with a unique ID and password for every site. And you don’t use Login with Google ID or Login with Facebook ID. Instead, you log in with your Bank ID. Your bank vouches for who you are. And your bank protects your information. The way it works is easy. You click the login button and you get a message in your bank app on your phone. “Do you want to login to this site?”
领英推荐
Your identity is an asset. It is the key that unlocks everything else. Financial services firms protect assets and work in the interest of their customer. The third wave in digital Identity offers an opportunity for banks and other firms to offer a fundamentally new type of service.
The benefits for financial institutions are tremendous:
My colleague, Elizabeth Garber, and I have created an intro video to explain the concept.
What do you think?
How and where can these new types of verified identities be used?
Learning and building identity and access for customers, partners and workforce since 2001
3 年How does decentralized idenity fit into this model? Hopefully a lot of work already done on this front by DIF would be leveraged so that we don’t have competing standards in market place (SAML vs WS-Fed comes to mind).
RegTech 3.0 | eIDV | Blockchain | Open Banking | CDR | Governance | Risk Management | Information Security, Privay and Compliance | SOC2 | ISO27001
3 年thank you for sharing Rod Boothby. that's a very well-written article. The global open banking initiatives provide a strong basis for Open-ID. How do you think the cross-border exchange of Open-ID would work?
R&D at Avoco Secure, writer, sometimes evolutionary anthropologist
3 年GAIN has a laudable goal. It also seems that the industry, whilst still factionalised, may be able to come together under an umbrella of transactions rather than the blind alley that identity has taken us down these last two decades. I link to this article by David Birch also talking about the potential of GAIN: https://www.forbes.com/sites/davidbirch/2021/09/16/digital-identity-should-be-a-big-business-for-banks/ and Stephen Wilson who talks prolifically on the need to drop the IDP and embrace the attribute-led transaction (I used to argue with Steve on this point - he was correct, just ahead of his time) I have written on this subject over the last few years via CSOOnline: Including this piece: https://www.csoonline.com/article/3397316/can-the-re-use-of-identity-data-be-a-silver-bullet-for-industry.html I will say this, GAIN has to recognise that bank ID may well not be enough, rather it may be a starting point. The systems that fall out of GAIN may involve a requirement for two-way traffic of data under certain use cases; other attributes may need to be part of the system, the system must be flexible enough to deliver across the myriad of user journeys and use cases that exists - this is a major undertaking, it needs flexibility of thinking as much as flexible architectures.
Partnering to enable business led digital transformation
3 年Rod, that’s an excellent and well reasoned explanation. The Nordic early adopters make a compelling case for something that has been waiting in the wings for too long.
Thanks for sharing, do you think Open-ID will be popular in US?