Following the completion of v1.0 of ID2020’s Technical Requirements, we are proud to announce the launch of the ID2020 Certification Mark. Both of these efforts reaffirm our mission to improve lives through digital identity by adhering to our core principles of portability, persistence, privacy, and user control.
We want to thank our Technical Advisory Committee, a group that comprises some of the world’s leading experts on digital identity and its underlying technologies, for their diligent work creating our Technical Requirements and Certification Mark framework. We also want to thank ThingsCon and recognize their Trustable Technology Mark. We were tremendously inspired by their effort to develop a “badge of honor” for companies and organizations designing technology with user privacy and rights top-of-mind.
Digital identity is being defined now — and we need to get it right. Digital identity is a term that comprises a host of technologies, processes, and systems. The ID2020 Certification Mark is not a baseline certification; it isn’t an attempt to bound the complex, uneven, and ever-expanding landscape of digital identity. Instead, the Certification Mark is an opportunity to recognize technologies that we believe could form the basis of a “good” digital identity. Our Certification Mark deliberately sets a high bar. We want to incentivize companies and organizations to design with our principles and technical requirements in mind, and fully intend for our Certification Mark to play a market-shaping role.
Our Certification Mark is the first step in a long process towards achieving “good” digital identity for all. It aims to give companies that go above and beyond to implement “good” approaches to digital identity a way to demonstrate that they do, incentivizing a race to the top. We are hoping that our Certification Mark will not only play a market-shaping role, but a market-making one; we not only want to give visibility to digital identity systems that currently meet our requirements, but incentivize the creation of new ones that do.
That being said, the Certification Mark should be seen as a mark of distinction, an indication that a technology meets our technical requirements, but not as a seal of perfection. At ID2020, we believe that no technology can be understood out of context. That’s why we do not only certify “good” digital identities; we test them in a variety of contexts to ensure their suitability for a given individual, in a given place, at a given time. This is what we call the last mile and it’s where our robust monitoring and evaluation processes come into play.
Also important to note: even with our team of experts we will never have 100% certainty that all answers are true, and will stay true. But with the application processes developed for the Certification Mark we will have enough data points and input to take a pretty good snapshot. And if we ever learn about (or suspect) non-compliance or foul play, we reserve the right to revoke the certification. It’s a pretty high-touch approach, and we’re confident that this will lead to high quality and consistency.
What is, and isn’t, the Certification Mark?
We haven’t developed a set of standards (no fit-for-purpose standards currently exist for “good” digital identity). Our certification mark, instead, serves to spotlight the work of organizations that comply with our robust set of technical requirements and build digital identity systems that adhere to our core principles of portability, persistence, privacy, and user control.
We went with a holistic approach that measures compliance with each of our eight dimensions of “good” digital identity. Our process is based on a commitment to openness and transparency. It begins with information provided by a company/organization and then turns into a dialogue between our experts and their technologists. The result is a public, fully accessible certification process that serves as one step in a long process towards realizing “good” digital identity for all.
Importantly, this is an exercise in transparency, not a full technical assessment or audit. Our experts will do their best to fully dig into a digital identity system, but we can ultimately only know what is publicly available and what the applicant is willing to share. We know we are limited in reach, but see this as an opportunity to take a pretty good snapshot of a system. And if we ever learn about (or suspect) non-compliance or foul play, we’ll follow up, and reserve the right to revoke the certification. We also cannot guarantee that a system that receives our Certification Mark will work in practice as it is described in theory. If we discover that an implementation does not align with our principles, we’ll follow up, and reserve the right to revoke the certification.It’s a pretty high-touch approach, and we’re confident that this will lead to high quality and consistency.
Some notes on the process
We have deliberately designed a simple application form in order to incentivize participation. We’ll summarize the process below, but want to note that we are fully open to revising current workflow and criteria — this is a living effort designed to evolve over time.
-Company/organization fills out the ID2020 Certification Mark Application Form.
-Our experts review the answers and, if necessary, follow up for clarification.
-If after our initial review and follow-up the digital identity doesn’t meet our requirements, we don’t issue a Certification Mark.
-If, on the other hand, we are satisfied with our initial review and follow-up, then we award our Certification Mark.
-The content of the application form is published on ID2020.org, along with a unique ID for the assessed digital identity system that the company/organization can use in its communications.
If we are aware of any further questions/considerations/commentaries arise after a Certification Mark has been awarded, we may follow-up with the company/organization and re-assess the award.
We have completed our v1.0 Technical Requirements and, with our Certification Mark soon to come, we need your input! More than anything, we want to open a dialogue (it’s why we are publishing our Certification Mark under a Creative Commons (by) License). We want you to contribute to our mission to improve lives through digital identity by adding your voice to the conversation. Please contact us at firstname.lastname@example.org with any questions or comments.
We are in the process of reviewing, soliciting, and identifying digital identity systems that could meet our requirements and receive our Certification Mark. We intentionally set a very high bar in order to drive a race to the top, so we fully expect that there will only be a small number of digital identity systems eligible for the ID2020 Certification mark, but that this number will grow dramatically in the coming years. We fully intend to use the Certification Mark as a market-shaping force, and hope that, as it gains recognition, companies and organizations will build digital identity systems that meet our technical requirements from the get-go.
Once a digital identity system receives our Certification Mark, we will consider it for pilot. We believe that no technology can be fully considered outside of its implementing context. We will look to partner with companies and organizations that receive our Certification Mark in order to test them in a variety of contexts to ensure suitability for a wide range of users.
So, here we go!