Future Considerations (Identity)

Owned by Steve Conrad
Last updated: Apr 13, 2023 by Valeria Tafoya
2 min read

The following themes will be covered in future version of that document:

  • Enrolment of Users (Part of Identity Management)

  • Credential management and Interoperability

  • Subscription to identity change event (Subscription and Publication event based mechanisms)

  • Identity Management (remaining)

Future scope

  1. 1.Identity management: New Users can be on-boarded following an Enrollment process, this process can be composed of one or several steps with data coming from one or multiple sources. Once a new identity has been registered a Unique Identifier will be generated for further representing the User in the GovStack. For privacy purposes, this Unique Identifier will be kept secret inside the Identity Management system, and token (random generated identifier) or aliases (existing identifiers) will be linked to it and shared to the User for further involvment in the Usage APIs or for the Credential management. User Interfaces and APIs will allow a user to have a management of its personal data for CRUD requests (Create, Read, Update, Delete) according to GDPR regulation and to the Adopting Country laws, policies and practices. A User will have the possibility to generate a temporary and revokable Virtual ID to preserve its privacy for temporary use. A User will have the possibility to link an existing personal identifier for leveraging on existing forms of trusted ID (ie ID Card Number, Passport Number, Phone Number, e-mail adress,..) this identifier will be usable within ID Usage services.

  2. 2.Credential Management: A User will have possiblity to generate Credentials containing a set of claims, being personal attributes or declaration (ie I'm an adult). Those credentials will be possible to be issued in the form of Verifiable Credentials (W3C, ICAO, or mDL), with the objective to readable and verifiable against the issuer by a third party. Credentials may have limited lifetime or not, and could be limited to usage by specific partners. Identity Building Block would allow a user to suspend (temporarily) or revoke (definitely) a Credential which then would become unusable with the Usage APIs. A User could obtain physical forms of Credentials printed on a physical support (card, paper, ..), the information printed on the credential would be shared as a verifiable Credential to ensure backward trustability of the information, the Physical Credential layout could be generated by the Identity Building Block in a PDF format for a further printing by a credential printing partner. An API would be available to search, authenticate and manage credentials of specific User.

  3. 3.Subscription Management: Partners will have the possibility to register to Identity related events for being notified when they will happen. Identity related events being creation of identity (new User on-boarded, could be birth registered or new user registered), update in one or several of the identity personal attributes, event happening to that identity (ie death, disparition) Subject to preliminary autorization, Partners could register to type of events applicable to all Users, or to specific Users or using filters on some attributes (ie age reaching 18) When an event will occur the Identity Building Block will send a notification to the registered partners, then the partner will be in capacity to request Identity Building Block event related information.

  4. 4.Administration Management: GovStack administrators will have functionalities to configure the Identity Building Block from a central place.