Episode 018: 28‐05‐2024 Best ROI for National ID - GluuFederation/identerati-office-hours GitHub Wiki

Linkedin Event

Description

This episode Kalyan will discuss and even demo how Bhutan rolled out foundational identity with the CREDEBL Platform. We'll also discuss the Singapore SingPass model, which enables sign-in to over 2,700+ services government and private sector websites. We'll discuss what are the keys to getting adoption and how to drive the highest return on invesment for national id programs.

Homework

Takeaways

  • The Bhutan National ID ("NDI") mobile app can be used for authentication to websites by scanning a QR code, which triggers a verifiable credential consent flow. Enrollment is possible because Bhutan already had high quality biometrics to authenticate against. Currently about one third of the population has enrolled, mostly the adult population. In terms of relying parties, two banks and several government ministries are able to support the NDI login.

  • One of the most interesting features of the Bhutan NDI app creates several credentials to enable more selective disclosure. It also enable self asserted claims, like current address and phone number. Mike had some questions about the device itself... for example, could it be used to track your IP address? Kalyan asserted that it was designed with Privacy by Design principles. However, I could just imagine the blow-back if we asked US citizens to install an "America App" on their phone.

  • Armando reported that Dominican Republic is building a federated solution, which would also give them SSO (it wasn't clear if Bhutan was concerned about SSO). They have had their share of challenges onboarding both citizens and private sector. Armando mentioned that they would like to shorten the amount of time it takes to open a bank account. There are more organizational / political hurdles in the DR, which is probably similar to most countries (it's rare to get a clear mandate for digital identity infrastructure from the sovereign!)

  • Singapore has done a great job onboarding websites and private sector consumers of their digital identity. The more places people can use their national id, the more utility value it has, and thus the higher the ROI to society. Perhaps there is a tradeoff here... if federated identity systems are easier to get adoption from RPs, perhaps its more likely to generate a higher ROI? But will the privacy tradeoffs of a federated system undermine adoption, and therefore ROI? That was unclear from this discussion.

Livestream Audio Archive

here