IDBB Status Meeting 16th July 2024

Attendees:

@PSRAMKUMAR

@smita.selot

Key Points Discussed:

Identity White Paper

• Limitations of the typical username/password approach

• Include the functional aspect of using Foundational Identity-based SSO vs social media-based SSO (Google, Instagram, Facebook etc)

• Elaborate on the concept of the use of Functional ID (PSUT) by other BBs such as Messaging BB

Organization ID

• Onboarding and creating Functional IDs for Organizations

  • Similarity with Functional IDs for humans

  • How do we build trust among organizations (digital signatures?)?

• Organization <> Organization, Organization <> Human, and Human <> Human interactions

  • Data sharing and Consent mechanisms

  • Payments

  • Messaging

Policy Management

• Role of the parties (issuer, verifier, holder, etc.)

• Attributes to be shared

• Mode of attribute sharing (partially masked, masked, unmasked, signed, encrypted, etc.)

• Duration of attribute sharing

• Revoke attribute sharing

How do we onboard more DPGs in GovStack?

• Adaptors - Who will build them? Countries, GovStack, Joget, DPGs?

• Functional Compliance vs API Compliance

  • DPGs that only compliant with GovStack Functional Requirements

  • DPGs that are compliant with GovStack API Requirements

• What will motivate the DPGs to be compliant with GovStack?

  • Business/ROI incentives -

    • GovStack indirect influence by showcasing multiple DPG options for each BB to the countries adopting GovStack, currently only 1-2 DPGs are compliant for each BB

    • Proactive discussions with DPGs to understand their motivation

      • Already established markets; do not need help from GovStack

      • Legacy implementation – Hard to adapt to new standards

Action Items:

• Add sections in the Identity White Paper as discussed

• Research on examples of DPGs in a given BB that are Functionally Compliant but not API compliant

• Think about the Policy Management Framework

• Functional Identity for Organizations