No new standards need, work with existing initiatives
STORK and NSTIC sitting in a tree, k-i-s-s-i-n-g …
In the U.S. there is the National Strategy for Trusted Identities in Cyberspace and in the European Union there is similarly unfortunate moniker STORK 2.0, which stands for Secure idenTity acrOss boRders linKed 2.0.
Both are government initiatives dealing with digital identities but they have different goals, says Phil Sealy, research analyst at ABI Research. NSTIC wanted to create an identity ecosystem for use online. This may require use of a token or it may not, the strategy is trying to create the ecosystem to enable this.
STORK is different, it’s trying to enable cross-border use of credentials – government IDs – so that other can have some assurance in an identity, Sealy says. For example, someone can apply for a job in another country and the digital identity will be a certain level of identity assurance to the application. “STORK is based on the use of a physical credential, whereas NSTIC is open ended and embraces all the different types of IDs out there,” Sealy adds.
NSTIC and STORK are two projects focusing on digital identity but the GSMA, the trade association for mobile network operators, is also exploring online identity initiatives. With an addressable market in excess of 22 billion – a combination of government ID, payment and SIM cards – and more than 600 million broadband subscriptions worldwide there is a clear calling and emphasis being placed on the creation of international standards for securing digital identities.
ABI Research recommends that all of these projects work together to create a framework so that no matter which ID is being used – physical card or digital – they can work on a trusted platform. “Efforts are being made to not only bring wider standardization to the market but to additionally enable cross-border interoperability, providing a trusted platform from which cross-border authentication can be enabled,” ABI states in a report.
Addressing how to break down the international barrier for interoperable digital identity is the bigger question. “The current levels of fragmentation are a clear stumbling block, that is further exacerbated by the different approaches taken by individual companies. This is muddied even further by the differing national laws, security and privacy levels, infrastructure and standards used within each country.”
The creation of an international ID standard for everyone to adhere could help, but it’s unlikely that countries who have already invested heavily into identity programs will want to significantly reinvest, limiting uptake to those nations considering migration to next generation credentials and new projects.
“Initiatives such as STORK 2.0, the work being completed by the GSMA on the mobile identity front and NSTIC are best placed to address the interoperability issue,” Sealy says. “Rather than the creation of an international standard, these initiatives are looking at how to embrace all credential and solution types, defining or producing best practices from which countries can follow and adopt to create the trust framework required for cross-border use.”