Key Points

1. identity requirements must fit the use cases
2. their are many digital providers and digital identity solutions
3. a variety of identity standards can apply to different use cases
4. key questions to ask: who should own, control your identity?
5. SSI concept - your identity is separate from the identity providers. They issue an identity credential to your digital identity
6. a holder is someone who "holds" their digital identity and credentials - different than Google, Facebook who hold your identity
7. SSI holders can hold their own digital wallet or use a multi-tenant cloud-based wallet 
8. all digital identity solutions need a reliable useful recovery model

References

Key Concepts

2 definitions of Digital Identity defined here.

Depends on context which is correct.

Digital Identity - Wikipedia.org 

https://en.wikipedia.org/wiki/Digital_identity

A digital identity is information on an entity used by computer systems to represent an external agent. That agent may be a person, organization, application, or device. ISO/IEC 24760-1 defines identity as "set of attributes related to an entity".^[1]

The information contained in a digital identity allows for assessment and authentication of a user interacting with a business system on the web, without the involvement of human operators. Digital identities allow our access to computers and the services they provide to be automated, and make it possible for computers to mediate relationships.

The term "digital identity" also denotes certain aspects of civil and personal identity that have resulted from the widespread use of identity information to represent people in an acceptable trusted digital format in computer systems.

According to Feher's academic approach: digital identity "refers to the digital data corpus being built by users and digital systems" ^[2]

Digital identity is now often used in ways that require data about persons stored in computer systems to be linked to their civil, or national, identities. Furthermore, the use of digital identities are now so widespread that many discussions refer to "digital identity" as the entire collection of information generated by a person’s online activity. This includes usernames and passwords, online search activities, birth date, social security, and purchasing history.^[3] Especially where that information is publicly available and not anonymized, and can be used by others to discover that person's civil identity. In this wider sense, a digital identity is a version, or facet, of a person's social identity. This may also be referred to as an online identity.^[4] With self-sovereign identity (SSI) the user has a means of generating and controlling unique identifiers as well as some facility to store identity data.

The legal and social effects of digital identity are complex and challenging. However, they are simply a consequence of the increasing use of computers, and the need to provide computers with information that can be used to identify external agents.

Digital Identity often refers to Self Sovereign Identity 

Modern Identity definitions focus on Digital Identity as an implementation of 2 key concepts:

Self Sovereign identity ( SSI )

Decentralized Identity Documents ( DID ) as a standard to define an SSI implementation

Digital Identity News

Updated SSI inforamtion wiki - indentosphere - Kaliyah

https://newsletter.identosphere.net/. << All things Digital Identity.  <<. https://identosphere.net/

https://newsletter.identosphere.net/p/identosphere-167-retrospectives-eidas2

Everything related to decentralized identity and verifiable credentials including standards and development: updates, walkthroughs, from the enterprise to web3, real world use, policy and research.

Trends in Digital Identity

https://www.thalesgroup.com/en/markets/digital-identity-and-security/government/identity/digital-identity-services/trends

Forces driving digital identity include:

We expect to see:

1. More mobility and access to the Internet
2. Greater demand for security and trust
3. An accelerating shift towards smart cities
4. More calls for public supervision of digital identification systems

5. Even more National ID card and eID programs​, national ID ​​initiatives, and implementations

How Digital Identity Management works - article 

https://www.zdnet.com/article/identity-management-101-how-digital-identity-works/

From the article .. the key to Digital Identity ...

"It comes down to a way to federate identity across lots of different organizations," responded Hank Thomas, CEO of security VC Strategic Cyber Ventures LLC.  "That comes back to people having to work together, and trust each other that, once one person has proven that someone is someone, that other organization is going to have the same level of trust in the same thing. There's ways to do that; it's just that that trust isn't necessarily there yet. Maybe it's for compliance reasons, and for other reasons."

Some Standards on Digital Identity - from Linkedin 2025

Self-Sovereign Identity ( SSI )

self-sovereign identity requires that users be the rulers of their own identity.

For self-sovereign identity, which can be defined as a lifetime portable digital identity that does not depend on any centralized authority, we need a new class of identifier that fulfills all four requirements: persistence, global resolvability, cryptographic verifiability, and decentralization.

The Path to Self-Sovereign Identity - article

by Christopher Allen

http://www.lifewithalacrity.com/2016/04/the-path-to-self-soverereign-identity.html

Self-sovereign identity is the next step beyond user-centric identity and that means it begins at the same place: the user must be central to the administration of identity. That requires not just the interoperability of a user’s identity across multiple locations, with the user’s consent, but also true user control of that digital identity, creating user autonomy. To accomplish this, a self-sovereign identity must be transportable; it can’t be locked down to one site or locale.

A self-sovereign identity must also allow ordinary users to make claims, which could include personally identifying information or facts about personal capability or group membership¹⁸. It can even contain information about the user that was asserted by other persons or groups.

Decentralized Identity Documents ( DID ) are a standard way to define a Self Sovereign Identity.

Decentralized Identity Concepts - Slides

Decentralized Identity Document ( DID )

W3C standards

https://www.w3.org/TR/did-core/

Decentralized identifiers (DIDs) are a new type of identifier that enables verifiable, decentralized digital identity. A DID identifies any subject (e.g., a person, organization, thing, data model, abstract entity, etc.) that the controller of the DID decides that it identifies. In contrast to typical, federated identifiers, DIDs have been designed so that they may be decoupled from centralized registries, identity providers, and certificate authorities. Specifically, while other parties might be used to help enable the discovery of information related to a DID, the design enables the controller of a DID to prove control over it without requiring permission from any other party. DIDs are URLs that associate a DID subject with a DID document allowing trustable interactions associated with that subject. Each DID document can express cryptographic material, verification methods, or service endpoints, which provide a set of mechanisms enabling a DID controller to prove control of the DID. Service endpoints enable trusted interactions associated with the DID subject. A DID document might contain semantics about the subject that it identifies. A DID document might contain the DID subject itself (e.g. a data model).

This document specifies a common data model, a URL format, and a set of operations for DIDs, DID documents, and DID methods.

A DID example 

A DID is a simple text string consisting of three parts, the:

• URI scheme identifier (did)
• Identifier for the DID method
• DID method-specific identifier.

EXAMPLE 1: A simple example of a decentralized identifier (DID)

did:example:123456789abcdefghi

The example DID above resolves to a DID document. A DID document contains information associated with the DID, such as ways to cryptographically authenticate the DID controller, as well as services that can be used to interact with the DID subject.
EXAMPLE 2: Minimal self-managed DID document

{
  "@context": "https://www.w3.org/ns/did/v1",
  "id": "did:example:123456789abcdefghi",
  "authentication": [{
    // used to authenticate as did:...fghi
    "id": "did:example:123456789abcdefghi#keys-1",
    "type": "Ed25519VerificationKey2018",
    "controller": "did:example:123456789abcdefghi",
    "publicKeyBase58": "H3C2AVvLMv6gmMNam3uVAjZpfkcJCwDwnZn6z3wXmqPV"
  }],
  "service": [{
    // used to retrieve Verifiable Credentials associated with the DID
    "id":"did:example:123456789abcdefghi#vcs",
    "type": "VerifiableCredentialService",
    "serviceEndpoint": "https://example.com/vc/"
  }]
}

DID Goals

Decentralized Identifiers are a component of larger systems, such as the Verifiable Credentials ecosystem [VC-DATA-MODEL], which drove the design goals for this specification. This section summarizes the primary design goals for this specification.

DID Architecture 

This section provides a basic understanding of the major elements of DID architecture. Formal definitions of terms are provided in § 2. Terminology .

Figure 1 The basic components of DID architecture.

• DIDs and DID URLs
  • A DID, or Decentralized Identifier, is a URI composed of three parts: the scheme "did:", a method identifier, and a unique, method-specific identifier generated by the DID method. DIDs are resolvable to DID documents. A DID URL extends the syntax of a basic DID to incorporate other standard URI components (path, query, fragment) in order to locate a particular resource—for example, a public key inside a DID document, or a resource available external to the DID document.
    
    
• DID Subjects
  • The subject of a DID is, by definition, the entity identified by the DID. The DID subject may also be the DID controller. Anything can be the subject of a DID: person, group, organization, physical thing, logical thing, etc.
    
    
• DID Controllers
  • The controller of a DID is the entity (person, organization, or autonomous software) that has the capability—as defined by a DID method—to make changes to a DID document. This capability is typically asserted by the control of a set of cryptographic keys used by software acting on behalf of the controller, though it may also be asserted via other mechanisms. Note that a DID may have more than one controller, and the controller(s) may include the DID subject.
    
    
• Verifiable Data Registries
  • In order to be resolvable to DID documents, DIDs are typically recorded on an underlying system or network of some kind. Regardless of the specific technology used, any such system that supports recording DIDs and returning data necessary to produce DID documents is called a verifiable data registry. Examples include distributed ledgers, decentralized file systems, databases of any kind, peer-to-peer networks, and other forms of trusted data storage.
    
    
• DID documents
  • DID documents contain metadata associated with a DID. They typically express verification methods (such as public keys) and services relevant to interactions with the DID subject. A DID document is serialized according to a particular syntax (see § 6. Core Representations). The DID itself is the value of the id property. The generic properties supported in a DID document are specified in § 5. Core Properties. The properties present in a DID document may be updated according to the applicable operations outlined in § 7. Methods .
• DID Methods
  • DID methods are the mechanism by which a particular type of DID and its associated DID document are created, resolved, updated, and deactivated using a particular verifiable data registry. DID methods are defined using separate DID method specifications (see § 7. Methods ).
    
    
• DID resolvers and DID resolution
  • A DID resolver is a software and/or hardware component that takes a DID (and associated input metadata) as input and produces a conforming DID document (and associated metadata) as output. This process is called DID resolution. The inputs and outputs of the DID resolution process are defined in § 8. Resolution . The specific steps for resolving a specific type of DID are defined by the relevant DID method specification. Additional considerations for implementing a DID resolver are discussed in [DID-RESOLUTION].
    
    
• DID URL dereferencers and DID URL dereferencing
  • A DID URL dereferencer is a software and/or hardware component that takes a DID URL (and associated input metadata) as input and produces a resource (and associated metadata) as output. This process is called DID URL dereferencing. The inputs and outputs of the DID URL dereferencing process are defined in § 8.2 DID URL Dereferencing . Additional considerations for implementing a DID URL dereferencer are discussed in [DID-RESOLUTION].
• Verifiable Credentials
  • Credentials are a part of our daily lives; driver's licenses are used to assert that we are capable of operating a motor vehicle, university degrees can be used to assert our level of education, and government-issued passports enable us to travel between countries. This specification provides a mechanism to express these sorts of credentials on the Web in a way that is cryptographically secure, privacy respecting, and machine-verifiable.

DID Use Cases

https://w3c.github.io/did-use-cases/

This document sets out use cases and requirements for a new type of identifier that has 4 essential characteristics:

1. decentralized: there should be no central issuing agency;
2. persistent: the identifier should be inherently persistent, not requiring the continued operation of an underling organization;
3. cryptographically verifiable: it should be possible to prove control of the identifier cryptographically;
4. resolvable: it should be possible to discover metadata about the identifier.

Although existing identifiers may display some of these characteristics, none currently displays all four.

DID Primer - what they are, how to use 

https://w3c-ccg.github.io/did-primer/

A Decentralized Identifier (DID) is a new type of identifier that is globally unique, resolveable with high availability, and cryptographically verifiable. DIDs are typically associated with cryptographic material, such as public keys, and service endpoints, for establishing secure communication channels. DIDs are useful for any application that benefits from self-administered, cryptographically verifiable identifiers such as personal identifiers, organizational identifiers, and identifiers for Internet of Things scenarios. For example, current commercial deployments of W3C Verifiable Credentials heavily utilize Decentralized Identifiers to identify people, organizations, and things and to achieve a number of security and privacy-protecting guarantees. This document is an introduction to the concept of Decentralized Identifiers.

The need for globally unique identifiers that do not require a centralized registration authority is not new. UUIDs (Universally Unique Identifiers, also called GUIDs, Globally Unique Identifiers) were developed for this purpose in the 1980s and standardized first by the Open Software Foundation and then by IETF RFC 4122.

The need for persistent identifiers (identifiers that can be assigned once to an entity and never need to change) is also not new. This class of identifiers was standardized as URNs (Uniform Resource Names) first by IETF RFC 2141 and more recently by RFC 8141.

As a rule, however, UUIDs are not globally resolvable and URNs – if resolvable – require a centralized registration authority. In addition, neither UUIDs or URNs inherently address a third characteristic – the ability to cryptographically verify ownership of the identifier.

For self-sovereign identity, which can be defined as a lifetime portable digital identity that does not depend on any centralized authority, we need a new class of identifier that fulfills all four requirements: persistence, global resolvability, cryptographic verifiability, and decentralization.

DID model: decentralized control, centralized support

SSI model is decentralized IDs and implementation

Full production capabilities require centralized services for support ( recovery etc )

Centralized support can deliver privacy, security and user control using user-defined proxies to the central services

DIDComm Protocol

Identity Blockchains ( Sovrin, Indy, etc )

m Hyperledger Indy

Aries - a Universal Agent for Identity Blockchains

m Hyperledger Aries - identity, data management tools

Trust Over IP ( TOIP )

m TOIP Trust Over IP

Automation of Digital Trust on identity Blockchain Networks

BC Digital Trust Concepts & Use Cases

new BC org book site:

https://digital.gov.bc.ca/digital-trust/

Digital Trust empowers people and businesses with safe and secure ways of identifying themselves online and communicating confidentially with others. 

a>> see this site for great use cases on Digital Identity, Verifiable Credentials and solutions shared

VON - Verifiable Organizations Network - open-source example solution for SSI and credentials

https://vonx.io/getting_started/get-started/

try the sample app solution

try the mobile android interface

VONX questions

1. what versions of indy, Aries required?
2. what is the current wallet standard used for the mobile, enterprise wallets?
3. what else can the wallet hold besides coin, credentials?

Verifiable Credential Concepts, Standards and Use Cases for Digital Identity

https://en.wikipedia.org/wiki/Verifiable_credentials

The holder of a verifiable credential operates in a triangle of trust, mediating between issuer and verifier. The issuer and holder trust each other, the holder trusts the verifier, and the verifier trusts the issuer. Any role in the triangle can be played by a person, an institution, or an IoT device.

m TOIP Trust Over IP

Toip-model - Interactive Model - Layers & Governance

Digital Identity Implementation Requirements Concepts

Requirements & Concepts

1. Inclusion 

2. populations not all digital

3. need EID cards when issuing a digital identity

4. EID card can have proxy UID stored and as qr code that can link to consented data share of PII with the option to consent real-time for mor

5. Owner sets the proxy visibility rules on what defaults, where added consent needed
   
   

6. Decentralization

7. decentralized network not as import as decentralized control

8. ownership of your ID, credentials and personal data

9. who sees it

10. who uses it
    
    

11. Recovery

12. Many use cases ( eg prescriptions, medical treatment ) may require immediate recovery of identity and credentials

13. If ID and credentials not accessible digitally how can the owner recover them quickly?

14. Full decentralized distribution model makes owner responsible for their own recovery without other support

15. Decentralized control model allows for centralized support from trusted providers ( Foundations, Governments versus businesses, NGOs )

16. Decentralized control allows owner to control the recovery solution directly

17. Centralized service provides a secure method for owner to establish control over a lost identity ( eg ssa.gov model etc )
    
    

18. Revocations

19. Many use cases do not require real-time revocation verifications

20. Options include renewal token verification ( eg once per hour, once per day )
    
    

21. Governance

22. Proof of governance on the process and the transactions for the owner and the service provider

23. owner access to the governance rules, terms, time limits in force, durability, performance

24. owner consent controls sharing the governance trust for the provider | issuer with others by default or explicitly

Governments Issuing Digital IDs

2020 US States

https://www.nbcnews.com/mach/science/what-new-digital-driver-s-licenses-mean-motorists-police-ncna875576

Colorado, Delaware, Idaho, Maryland, Wyoming and the District of Columbia are carrying out limited trials of digital driver's licenses. Iowa and Louisiana are planning to issue digital licenses to every motorist who wants one beginning this year.

-------------------------------
tokenization of assets, money 


https://www.forbes.com/sites/michaeldelcastillo/2020/10/24/jp-morgan-veteran-daniel-masters-explains-how-blockchain-will-end-commercial-banks/#71867e66bdd9


orgs 

iso     ssi, did
ietf    ssi, did
ieee    ssi, did
w3c     ssi, did
iiw     ssi, did
dif     ssi, did
mobi    vid, cmdm

 Fast IDentity Online (FIDO) Alliance; and Open ID Foundation.


weforum.org 

https://www.weforum.org/projects/global-standards-mapping-initiative


***
world bank did std draft 
http://pubdocs.worldbank.org/en/579151515518705630/ID4D-Technical-Standards-for-Digital-Identity.pdf

key read

ch5 -   stds for eid cards, dig sign, federation prot, 
    29100, 27018, 29190 - pii, 
    https://www.slideshare.net/AntoineVigneron/iso-27014-38500

    eIDAS Electronic identification and trust services
    Regulation for Identification and trust services for the



***
securetechalliance.org
draft on mobile id use cases
https://www.securetechalliance.org/wp-content/uploads/Mobile-Identity-Authentication-WP-FINAL-March-2017.pdf
    has vcrs for each use case !


consensys blog 2019 on bc in govt projects ... 

*** good for use cases - consensys blog
2019 which govts use bc now
https://consensys.net/blog/enterprise-blockchain/which-governments-are-using-blockchain-right-now/?utm_campaign=ConsenSys%20Newsletter&utm_source=hs_email&utm_medium=email&utm_content=80467613&_hsenc=p2ANqtz--zOUwxuYK6daqZLBVjcSvsDfB415GmyrmqQ1XAqQ0DBWsYHR6cYWw7Fnjsuktv-dBE40ojH5MBFbBgDSRn1mh1AV0So0Oxmwv6hGdQVMHowXCOCQY&_hsmi=80467613

Illinois investigated five blockchain projects, including property deed recording, academic credentialing, health provider registries, an energy credit marketplace, and securing vital records.


*** 
eublockchainforum.eu/initiative-map

https://www.eublockchainforum.eu/initiative-map
best global graph


***
SSI book - Drummond
good for FAQS on how did, wallets, agents work
https://freecontent.manning.com/the-basic-building-blocks-of-ssi/


***
gbbc map on blockchain

https://gbbcouncil.org/gsmi/

global standards mapping initiative

misses many blockchain projects and solutions ( eg bc.gov etc )


https://www.weforum.org/projects/global-standards-mapping-initiative


countries
https://gbbcouncil.org/gsmi/


usa by state
https://gbbcouncil.org/gsmi-usa/


gsmi key insights
http://www3.weforum.org/docs/WEF_GSMI_Key_Insights_2020.pdf

    misses DID stds on SSI as support for GDPR etc


legal regulatory report pdf
https://gbbcouncil.org/wp-content/uploads/2020/10/GSMI-Legal-Regulatory-Report.pdf


gbbc bc techicanl standards
https://www.weforum.org/whitepapers/global-standards-mapping-initiative-an-overview-of-blockchain-technical-standards

missed the DID, DID-COMM stds at v1.0 that relevant to this initiative


gsma    mobile identity article report
https://www.gsma.com/idx/wp-content/uploads/2020/05/Mobile-Identity-enabling-the-digital-world-report-Final-1.pdf


https://fidoalliance.org/
online authentication stds
    biometrics


apple pay at 5 years -- rollout successful and slow
https://www.pymnts.com/news/mobile-payments/2019/report-what-apple-pay-at-five-says-about-the-future-of-mobile-pos-payments/



------------
------------
USA regulations 
------------


estonia, bc.gov do did for firms, individuals

no state has did for dbr yet 


 Some important organizations include the American National Standard Institute (ANSI); the U.S. National Institute
of Standards and Technology (NIST); the U.S.-based International Committee for Information Technology Standards (INCITS), the U.S. Department of Homeland Security (DHS); the U.S. Department
of Defense (DoD)


see DG initiatives




------------
digital drivers license 
------------

https://legiscan.com/gaits/search?state=ALL&keyword=digital+drivers+license


https://www.wfla.com/news/national/several-states-introduce-digital-drivers-licenses-government-ids/#:~:text=Mobile%20IDs%20are%20rolling%20out,wants%20one%20beginning%20this%20year.


https://www.nbcnews.com/mach/science/what-new-digital-driver-s-licenses-mean-motorists-police-ncna875576

Colorado, Delaware, Idaho, Maryland, Wyoming and the District of Columbia are carrying out limited trials of digital driver's licenses. Iowa and Louisiana are planning to issue digital licenses to every motorist who wants one beginning this year.


iowa ddl test pgm
https://www.nbcnews.com/video/iowa-starts-testing-digital-drivers-licenses-520545347705




https://www.techrepublic.com/article/mobile-drivers-license-would-replace-the-physical-card-with-a-digital-identity/

Eleven states are already testing mobile driver's licenses (mDL) or planning pilot projects, including Colorado, Oklahoma, Louisiana, and Iowa. A digital driver's license would come in the form of a phone app protected by biometrics or a PIN. Instead of handing over a physical license to a police officer or store clerk, an individual could display the relevant information or send it electronically.




------------
digital identity 
------------


iowa in production in 2020

https://iowadot.gov/mvd/Mobile-ID


Thales selling did mobile

https://www.thalesgroup.com/en/markets/digital-identity-and-security/government/driving-licence/digital-driver-license

    https://youtu.be/Gv3eZIMOtZA





------------
blockchain 
------------





EU digital finance proposal
https://ec.europa.eu/info/publications/200924-digital-finance-proposals_en


Liechtenstein Innovation Framework
https://ceo-insight.com/finance/the-liechtenstein-innovation-framework-balancing-innovative-agility-and-legal-certainty/




estonia claims review
https://davidgerard.co.uk/blockchain/2017/09/06/estonias-smartcard-security-problem-is-probably-not-blockchain-related-but-what-is-estonias-blockchain/



KSI - Guardtime 
hash vs bc
https://www.digitalinsuranceagenda.com/96/guardtime-the-worlds-largest-blockchain-company/

https://cred-c.org/sites/default/files/slides/PNW-IW17_7.2_Bishop_Panel2_Emerging-Tech_Keyless-Signature.pdf

https://www.youtube.com/watch?v=cXKnoQoUrcQ






------------
Texas


Thales group


digital drivers license     bill died

https://legiscan.com/RI/bill/H5278/2019

Texas legislation for digital drivers license, digital identity 
not passed yet

https://capitol.texas.gov/tlodocs/86R/billtext/html/SB00991I.htm

a>> print
relating to the establishment of a pilot program for the issuance of
    digital identification.

video
https://www.thalesgroup.com/en/markets/digital-identity-and-security/government/driving-licence/digital-driver-license

    https://youtu.be/Gv3eZIMOtZA



blockchain

https://legiscan.com/gaits/search?state=TX&keyword=blockchain


blockchain work group  bill - died
https://legiscan.com/TX/bill/HB4517/2019

Relating to the creation of a work group on blockchain matters concerning this state

a>> print
https://capitol.texas.gov/tlodocs/86R/billtext/html/HB04517H.htm


------------
California



CA blockchain report 2020
https://www.govops.ca.gov/wp-content/uploads/sites/11/2020/07/BWG-Final-Report-2020-July1.pdf
    p25     when to use DLT
    P27     ethical framework



Contactless identification document system
    https://leginfo.legislature.ca.gov/faces/codes_displaySection.xhtml?lawCode=CIV§ionNum=1798.795


search CA legislation
https://leginfo.legislature.ca.gov/faces/codes_displaySection.xhtml

sb-373  vital records on blockchain 
pending

http://leginfo.legislature.ca.gov/faces/billStatusClient.xhtml?bill_id=201920200SB373

http://leginfo.legislature.ca.gov/faces/billCompareClient.xhtml?bill_id=201920200SB373&showamends=false



ab-3119     minimize consumer data protection act

http://leginfo.legislature.ca.gov/faces/billCompareClient.xhtml?bill_id=201920200AB3119&showamends=false




ab-1782     contact tracing
pending

https://legiscan.com/CA/bill/AB1782/2019




AB-499 Personal information: social security numbers: state agencies
passed

pii management



------------
Louisiana


la wallet




------------
Colorado

#ddl

https://www.colorado.gov/pacific/dmv/mycolorado-and-colorado-digital-id

    video
    https://youtu.be/Wtu_E7Sh-ls


    scan normal license 
    wallet has image
    test recognition captures data in wallet
    hologram for authenticity

    use for govt services

    protect information is manual, not based on verifier proof request
        no did-comm etc

    no stds for interop etc
    no did


#faqs model 
    https://www.colorado.gov/pacific/dmv/mycolorado-and-colorado-digital-id


MDL  std 
https://www.iso.org/standard/69084.html

interop for mdl 
https://ims.ul.com/interoperability-mobile-driver-license-mdl-application#:~:text=The%20ISO%2FIEC%2018013%2D5,JTC1%2FSC17%2FWG10).



------------
Florida


FDS - Florida Digital Services bill

https://legiscan.com/FL/bill/S1870/2020

https://www.flsenate.gov/Session/Bill/2020/1870/BillText/Filed/HTML

https://legiscan.com/FL/bill/H1391/2020
passed


develop an enterprise
   15         architecture for all state departments and agencies;
   16         providing requirements for such enterprise
   17         architecture; providing duties of the Florida Digital
   18         Service under certain circumstances; authorizing the
   19         Florida Digital Service to enforce the enterprise
   20         architecture by specified means;


states are passing bills to reduce fraud 
    did and bc can support that

    pending
    https://legiscan.com/FL/bill/H1077/2020

    https://www.flsenate.gov/Session/Bill/2020/1077/BillText/c1/PDF




------------
Maryland 



DDL

3 buttons - tsa, police, ??



Thales

https://www.thalesgroup.com/en/markets/digital-identity-and-security/government/driving-licence/digital-driver-license

maryland pilot
https://youtu.be/Gv3eZIMOtZA




------------
North Carolina



------------
New York



------------
Delaware


blockchain on corp actions revisions

https://legiscan.com/gaits/search?state=DE&keyword=blockchain

https://legiscan.com/DE/bill/SB90/2019
pass

This bill continues the practice of amending periodically the Delaware Revised Uniform Partnership Act (the Act) to keep it current and to maintain its national preeminence.

REGULATION, OPERATION AND DISSOLUTION OF DOMESTIC PARTNERSHIPS AND THE REGISTRATION AND REGULATION OF FOREIGN LIMITED LIABILITY PARTNERSHIPS.




https://legiscan.com/DE/bill/SB244/2019

Delaware Statutory Trust Act (the Act) to keep it current and to maintain its national preeminence




------------
iowa ****

#ddl

mobile did in production 

https://iowadot.gov/mvd/Mobile-ID

video
https://youtu.be/2A1IUmEt89s


iso ?
mobile identity standards

pgm to rollout to agencies, organizations

stds for acceptance across states

4 cs - convenience, choice, control, confidence


faqs - mobile id for business
https://iowadot.gov/mvd/MID-businesses




------------
Wyoming




------------
Oklahoma ****


#ddl

p2p car sharing law     proposed
http://webserver1.lsb.state.ok.us/cf_pdf/2019-20%20INT/SB/SB1650%20INT.PDF



mobile id app on apple
https://apps.apple.com/us/app/oklahoma-mobile-id/id1461045650


https://www.idemia.com/press-release/idemia-and-oklahoma-create-drivers-license-your-mobile-phone-2019-11-08

We are pleased to be one of the states leading the movement to offer secure, state issued identification on a smart phone. Oklahoma Mobile ID offers individuals more control of their personal information and offers businesses and organization that transact with IDs additional measures to reduce fraud. Oklahoma Mobile ID is a major step in the State’s initiative to swiftly bring technology innovation to its citizens in a way that has real-world, immediate benefits.
David Ostrowe, Secretary of Digital Transformation and Administration for the State of Oklahoma

Oklahoma Mobile ID allows consumers to be in control. Privacy options allow individuals to show only the amount of information needed to conduct a transaction. For example, those who show an ID to purchase alcohol can set the Mobile ID to a privacy mode that shows only a photo and verification that the user is over 21 – the amount of information needed for such a transaction.


eid- online id
https://apps.apple.com/us/app/idemia-eid-trusted-online-id/id1220582616




------------

eidas - European Digital ID card standard

Oklahoma Mobile DID app

https://apps.apple.com/us/app/oklahoma-mobile-id/id1461045650

Oklahoma Mobile ID is a secure, digital version of your driver’s license/state ID. Use it to verify your identity anytime you would use your physical driver’s license or state-issued ID, wherever Mobile ID is accepted.

Intuitive and easy-to-use, Mobile ID is unlocked by a selfie match to verify identity, or by using a self-selected pin or TouchID/FaceID. Mobile ID allows you to control your identity by allowing you to share only the information needed for a transaction. For example, if you need to prove that you’re old enough to buy alcohol, you can select a privacy view that only shows your name, photo, and that you are older than 21. No other personal information, like date of birth and address is shown to the person checking your ID.

In three simple steps, you can register for your Mobile ID:

1. Download this app to your smartphone
2. Use the app to capture your state-issued driver’s license or ID card
3. Follow the app’s registration steps to take your selfie and verify you are you

Please note: Oklahoma Mobile ID by IDEMIA is considered an official state-issued ID, serving as a companion to your physical ID rather than as a replacement.

The Oklahoma Mobile ID is available at no charge to citizens until November 2020. After this, a yearly subscription will be required.

This app requires an iPhone 5s or newer device.

https://www.idemia.com/press-release/idemia-and-oklahoma-create-drivers-license-your-mobile-phone-2019-11-08

We are pleased to be one of the states leading the movement to offer secure, state issued identification on a smart phone. Oklahoma Mobile ID offers individuals more control of their personal information and offers businesses and organization that transact with IDs additional measures to reduce fraud. Oklahoma Mobile ID is a major step in the State’s initiative to swiftly bring technology innovation to its citizens in a way that has real-world, immediate benefits.
David Ostrowe, Secretary of Digital Transformation and Administration for the State of Oklahoma

Oklahoma Mobile ID allows consumers to be in control. Privacy options allow individuals to show only the amount of information needed to conduct a transaction. For example, those who show an ID to purchase alcohol can set the Mobile ID to a privacy mode that shows only a photo and verification that the user is over 21 – the amount of information needed for such a transaction.

IDEMIA mobile app for  EIDAS card

https://apps.apple.com/us/app/idemia-eid-trusted-online-id/id1220582616

Your free, secure digital ID to safely access online government and commercial services while protecting your identity.

The eID is the first, and only app in the U.S., that creates a digital ID leveraging your state driver’s license or ID card. Use the eID to prove your identity for various digital transactions on participating websites, mobile apps, and more.

It empowers you to apply online for benefits, transfer a vehicle title, open online accounts, protect sensitive transactions, secure your tax refunds, and more, leveraging the power of your identity and your smartphone.

The eID:

• Empowers you to be in total control of your identity information

• Provides peace of mind knowing there is less chance of identity fraud

• Saves you time & money with streamlined access to online resources, services and benefits

• Eliminates usernames and passwords

In three simple steps, you can register for, and activate, your eID:

1. Download the IDEMIA eID to your smartphone

2. Use the app to photograph your state-issued driver’s license or ID card

3. Take your selfie with the app

Once registration is complete, the eID offers a frictionless user experience. Through the app’s QR code scanning feature you can safely, and securely, verify your identity and share specific required identity details needed for the particular transaction. Push notification alerts inside the eID app give you the control to approve transactions and identity information requests directly from your smartphone. This gives you the control you desire over your accounts and your identity.

Download the IDEMIA eID and start your journey to a safer and more secure online world.

This app requires an iPhone 5s or newer device, because it leverages Secure Enclave, only available on A7 processors and up.

KYC and related legislation 

KYC and AML laws apply in many jurisdictions to financial services

https://en.wikipedia.org/wiki/Know_your_customer#:~:text=The%20know%20your%20customer%20or,Money%20Laundering%20(AML)%20policy.

The know your customer or know your client (KYC) guidelines in financial services requires that professionals make an effort to verify the identity, suitability, and risks involved with maintaining a business relationship. The procedures fit within the broader scope of a bank's Anti-Money Laundering (AML) policy.

ID2020 - Digital identity for all NGO

https://id2020.org/digital-identity#approach

ID2020 partners believe that ethically implemented, privacy-protecting, user-managed, and portable digital ID solutions offer an opportunity to put the ownership of personal data back in the hands of the individual. But achieving this vision will require a sustained commitment to serving the needs of society’s most marginalized and ensuring that they are not left behind.

Digital identity should be:

1. private - you control the information you share and consent is tracked, revocable
2. portable - accessible and recoverable from anywhere at anytime
3. persistent - lives with you 
4. personal - unique to you

Identity and Voting

2020 US Voting experience

2020-election-analysis-PP_2021.01.15_biden-trump-views_REPORT.pdf

does vote-by-mail work and does it increase election fraud?

If candidates believe there has been voter fraud, they can present evidence regarding a particular race to the election board or file a lawsuit in a local court. Authorities review the evidence and decide if there has been actual fraud. If there is sufficient evidence, local prosecutors can indict the relevant people for mail ballot fraud. It is a criminal offense to forge a name on a mail ballot, impersonate someone else, steal ballots, or deceive someone about their mail ballot.

According to the Brennan Center for Justice at New York University, there is no evidence that mail balloting increases electoral fraud as there are several anti-fraud protections built into the process designed to make it difficult to impersonate voters or steal ballots. These provisions include requiring people requesting absentee ballots to be registered voters, mailing ballots to the official address listed on voter registration rolls, requiring voter signatures on the external envelope, and having election authorities make sure the ballot came from the address of an actual voter. If a ballot appears questionable, some states use a signature matching technique to verify the signature of the voter.

US election 2020: Do postal ballots lead to voting fraud?

There have been a few, well-publicized cases, such as in the 2018 North Carolina primary, which was re-run after a consultant for the Republican candidate tampered with voting papers.

US States support for Voter ID laws

https://www.politifact.com/factchecks/2022/jan/11/donald-trump/trump-says-democrats-are-trying-ban-voter-id-s-mis/

US States Voting ID Laws - 2022 -Trump says Democrats are trying to ban voter ID Thats misleading.pdf

John Lewis Voting Rights Act

US Draft Legislation on Privacy Bill

New draft US bill on data privacy

https://www.cov.com/en/news-and-insights/insights/2022/06/draft-released-of-the-bipartisan-american-data-privacy-and-protection-act#layout=card

overview

https://republicans-energycommerce.house.gov/wp-content/uploads/2022/06/Bipartisan_Privacy_Discussion_Draft_Bill_Text54.pdf

To provide consumers with foundational data privacy rights, create strong oversight mechanisms, and establish meaningful enforcement.

Potential Value Opportunities

Build a mobile driver’s license solution based on ISO/IEC 18013-5 using AWS Private CA and AWS KMS

A mobile driver’s license (mDL) is a digital representation of a physical driver’s license that’s stored on a mobile device. An mDL is a significant improvement over physical credentials, which can be lost, stolen, counterfeited, damaged, or contain outdated information, and can expose unconsented personally identifiable information (PII). Organizations are working together to use mDLs across various situations, ranging from validating identity during airplane boarding to sharing information for age-restricted activities.

The trust in the mDL system is based on public-private key cryptography where mDLs are signed by issuing authorities using their private key and verified using the issuing authority’s public key. In this blog post, we show you how to build an mDL issuing authority in Amazon Web Services (AWS) using AWS Private Certificate Authority and AWS Key Management Service (AWS KMS) according to mDL specification ISO/IEC 18013-5:2021. These AWS services align with the cryptographic requirements placed on the issuing authorities by ISO/IEC 18013-5. While we have tailored this post to an mDL use case, the sign and verify mechanism using AWS Private CA and AWS KMS can be used for multiple kinds of digital identity verification.

Solution Overview

AWS Private CA provides you with a highly available private certificate authority (CA) service without the initial investment and ongoing maintenance costs of operating your own private CA. CA administrators can use AWS Private CA to create a complete CA hierarchy, including online root and subordinate CAs, without needing external CAs. You can issue, rotate, and revoke certificates that are trusted within your organization using AWS Private CA.

AWS Private CA can issue certificates formatted as required by ISO/IEC 18013-5. You can build a certificate authority (CA) in AWS Private CA—referred to as the issuing authority certificate authority (IACA) in ISO/IEC 18013-5. We create an IACA self-signed root certificate and an mDL document signing certificate in AWS Private CA.

AWS KMS is a managed service that you can use to create and control the cryptographic keys that are used to protect your data. AWS KMS uses FIPS 140-2 Level 3 validated hardware security modules (HSMs) to protect AWS KMS keys, which is a requirement for building an issuing authority as described in ISO/IEC 18013-5. We create an asymmetric key pair in AWS KMS for signing and verification of the mDL document. We programmatically create a certificate signing request (CSR) that’s signed by the asymmetric key pair stored in AWS KMS. The CSR is sent to the AWS Private CA service for issuing the mDL document signing certificate that matches the certificate profile requirement specified for the document signing certificate in ISO/IEC 18013-5.

We sign an mDL document using the private key of the asymmetric key pair created in AWS KMS with a KeyUsage value of SIGN_VERIFY. The signed mDL document is delivered to a mobile device where it’s stored in a digital wallet and produced for verification by mDL readers. The mDL readers are configured with IACA certificates from various issuing authorities that allow them to verify the mDL documents signed by respective issuing authorities. An example of an issuing authority could be a state government agency that issues driver’s licenses.

Potential Challenges

The different views of Digital Identities

https://www.linkedin.com/posts/lockstep_digital-ids-biggest-challenge-may-be-explaining-activity-7131372267485229057-qJv0?utm_source=share&utm_medium=member_desktop

https://www.linkedin.com/posts/11dot2_digital-ids-biggest-challenge-may-be-explaining-activity-7131140377121615872-rsbV?utm_source=share&utm_medium=member_desktop

Stephen Wilson well said. Yes, many entities will often have multiple identifiers assigned to them by different issuers ( I have a bank account, a gmail id etc). Agree with the concept that SSI does have political concepts behind it. We do use identities assigned by state authorities ( eg Passport, Driver's license etc ) as a legal proof of our identity in a specific context. In an increaslingly automated, digital world, we do need to find secure methods to effectively use our identities in many different use cases meeting specific trust and control requirments. Trust engineering goes beyond the boundaries of security for different multi-party use cases.

Identity Theft

things hackers can do with your cell phone number

think twice before sharing your phone number

 The information found through these sites includes your address, bankruptcies, criminal records, and family members’ names and addresses. All of this can be used for blackmail, stalking, doxxing, social media hacking, or identity theft.

reroute your mobile number to someone else's cell phone through the carrier

Another tactic is to contact your mobile carrier provider claiming to be you, says Veronica Miller, cybersecurity expert at VPN overview. Then, the hacker can make it so your number routes to their phone. From there, the hacker will log into your email account. Of course, they don’t have your password, but they don’t need it. They just click “Forgot password” and get the reset link sent to their phone that now uses your phone number. Once the hacker has access to your email account, it’s easy to gain access to any of your accounts.

Control Phone Hacking with these tips

https://www.zeebiz.com/technology/news-how-to-find-who-is-tracking-your-phone-with-ussd-codes-who-has-hacked-tapped-your-mobile-90270

##002# - If your voice call or data call, or SMS call has been forwarded, dialling this USSD code will erase them. 

*#21# - By dialling this USSD code, you would get to know if your calls have been diverted somewhere else or not. 

*#62# - With this, you can know if any of your calls - voice, data, fax, SMS etc, has been forwarded or diverted without your knowledge. 

Microsoft Entra Support for identity standards

https://learn.microsoft.com/en-us/azure/active-directory/verifiable-credentials/verifiable-credentials-standards

Candidate Solutions

Akif Kahn - Gartner - 2023 - Digital Identity Splutions Update on Linkedin

https://www.linkedin.com/posts/akifk_iam-identity-identityverification-activity-7137810351860912131-ow6K/?utm_source=share&utm_medium=member_desktop

Portable digital identity. That's the future. Untethered, under your control, allowing you to metaphorically float away and assert your identity wherever you choose to land - both in the digital and physical world.



At Gartner we just published "Portable Digital Identity: Definition and Approaches" which explains the different possible paths towards portable digital identity, looking across the 2x2 matrix of centralised data vs decentralised data and centralised execution vs decentralised execution.

....

But more broadly, we see governments implementing digital identity schemes for citizens. The EU Digital Identity Wallet initiative is probably the biggest and most exciting digital identity project in the world. The US is making steps forward with mobile driver licences - and this is then enabling the likes of Apple and Google to get into the game and allow people in some states to add their mDL into their native phone wallet. Microsoft has also made big strides with Entra Verified ID.

....

Thank you to Mike Kelley as lead author and to Arthur M. as co-author - as always, it was a pleasure co-authoring with you.



https://lnkd.in/e8AcDkgv

Jim >>>

Thanks for the updates on portable digital identity. I agree the EU Digital Identity initiative ( https://tinyurl.com/eu-digital-wallet ) will be a big leap forward. In the US, Liz Tanner, RI Secretary of Commerce, has led Rhode Island's roll out of the first US State Digital Identity solution based on Self-Sovereign Identities using Hyperledger software ( https://www.youtube.com/watch?v=0W5rMRU3714 ). The RI solution was tested with individual and corporate identities and verifiable credentials. That's a big step forward over the basic digital drivers licenses that are becoming more common today in the US.

Step-by-step guide for Example

sample code block

Recommended Next Steps

Related articles