ISSE 2016: The four models of digital identity

News by Max Metzger

Coralie Mesnard, digital identity innovation manager, identified four distinct models of digital identity, crucial to future governance, at last weeks ISSE 2016

A panel of French IT security professionals offered their views on identity to what appeared to be a mostly anglophone audience at last week's ISSE 2016.

Coralie Mesnard, digital identity innovation manager at Gemalto, opened with the simple fact that government to citizen (G2C) digital transactions are set to grow 30 percent by 2020.  

Mesnard's talk addressed the various ways in which governments are handling the digital identities of their citizens in the growing area of e-governance. Mesnard identified four models elaborating Europe's move towards e-governance, across the public and private sector.

The first is a self-asserted open digital identity. Located entirely within the private sector, digital identities of this kind take the form of Facebook or Google accounts, which can then be used to authenticate identities when interacting with other services.

The second model is a hybrid, based on multiple identity providers. One such example is Sweden's Bank ID. Issued by 10 different banks within Sweden, 80 percent of the population apparently use the identity system for a wide variety of purposes: not only withdrawing money and making financial transactions but interacting with government services too. It's available on a wide variety of platforms like smartphones, cards and computers.

BankID deals with two billion transactions per year, with its success, according to Mesnard, based on this cross-industry usage with the same user experience.

Model 3, a multi-channel infrastructure digital identity based on national ID schemes. Mesnard said that EESTI, Estonia's national ID scheme had been “a huge success”. Essentially, everyone in the country has an ID card with a chip which is used to access online government services. As a result, 99 percent of bank transfer are digital, as are 94 percent of tax returns. For Mesnard though, the key factor is that all public services are online.

The fourth Model, said Mesnard is best exemplified as the UK's scheme, what Mesnard called a “hybrid model based on verified attributes exchange”, by which a citizen might authenticate themselves by using another digital identity from a certified provider, like Royal Mail or a bank.

Regulated by the government and driven by the private sector, the model was supposed to minimise the cost of digital identity by 90 percent, which as of 2014, was supposed to cost £3.3 billion.

As e-governance makes its way forward, concerns do present themselves, said Mesnard. Despite the great benefits that incoming regulation like EIDAS, a European standard for electronic authentication, the continuing lack of uniform standards or an international legal framework as well as concerns around cyber-security will remain troublesome as e-governance makes its interminable path into the future.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews