TWIST Identity Working Group (IDWG)
The IDWG was established to deliver a framework enabling the implementation of secure and interoperable identity infrastructures. By identity infrastructures we mean occurrences of architecture, policies, operational and management activities, hardware and software, that cover the lifecycle of identities and their consumption. Such infrastructures are seen by businesses and regulators as essential to meet increasing demands for universally accessible services.
To small, medium, and large businesses across Europe, the challenges of pan-European business share a significant common factor: the emerging power of, and increased responsibilities for the customer.
These customers are increasingly demanding free access to products and services across borders, free access to service providers across borders. In Europe, these requirements are increasingly supported by regulation (e.g. MiFID, SEPA).
Today the growth of traffic and connections on Internet and professional networks substantially multiplies the risk factors. Some risks are known, more are to be discovered. Consumers, merchants, trade, logistics and finance service providers will be able to sustain this new economic growth and reap its benefits only if technology enables them:
- to behave in a more responsible way,
- to depend on actual guarantees given by service providers, either state or private controlled.
The complex networks, which are taking shape on a global basis must cope with issues such as liability allocation and control, auditability, associability and socialisation of risks (insurability) which are all included in the modern vision of traceability.
The key to this traceability is the “identity”, actually a digital identifier (a set of data that may apply to individuals, a constituent in a legal entity or an organisation, or an object).
However, in today’s environment, corporates are having to deal with as many identity frameworks as they have trading partners and as many islands of policy and regulation as there are countries, regions or continents in which they do business.
It is in this context that TWIST set up the Identity Working Group to address the critical concerns of this challenge: the assignment of risk and the assurance of trust in the context of multiple and highly-mobile trading partners across the financial supply chain.
The Benefits the IDWG is seeking to bring to TWIST Members
Benefits to all: With solutions to risk assignment and trust dependability incorporated directly into the framework from the outset, it launches the supply chain integration effort with a set of secure standards that enable all organisations participating in global commerce to invest in sustainable, open, straight-through processing implementations.
Benefits to corporates and banks: It will also ease the burden of complying with current and future directives such as SEPA and MiFID. It has been suggested that when MiFID is adopted, millions of identities will need to be verified by financial services providers. In the United States and for multinational corporations that have their listing in the USA, Sarbanes-Oxley is also calling for better security controls among corporations and their providers.
Another benefit is the creation of better reporting tools and greatly reduced exposure to risk.
Benefit to corporates: This open-market environment gives corporations mobility to change their service providers based on business needs, without additional cost (and vice versa), and the flexibility to incorporate new partners at little risk or cost.
Benefits to banks and solutions providers: In an environment where everyone is being challenged to do increasingly more with less, this push for secure standards by TWIST and its partners offers a means to achieve both.
IDWG Guiding Principles
The IDWG conducts its work along t following guidelines:
- Solutions independent: Although the work of the IDWG will be solutions independent, Solutions Providers may sit around the table as they represent an enormous knowledge base and will be key to successful and workable implementations.
- Global scope: Although global in scope, it is expected that the European regulatory initiatives SEPA and MIFID will be significant drivers and create targeted implementation environments.
- Build on what is already there. Innovation more than revolution: The IDWG intends to build a framework that brings elements together that already exist, fills the gaps (interoperability)and brings such improvments as to keep pace with both innovation and regulation.
- Dialogue with other Standards Bodies: The IDWG would like to engage into a constructive dialogue with other Standards Bodies to garner support for further solutions.
The IDWG is developing a Workplan with concrete deliverables that fall into the following three overall categories:
- Policy: This deliverable will describe the policy principles behind an interoperable and portable identity management framework.
- Solution components: This deliverable will describe the technical components that are necessary in any solution that aims at delivering an interoperable and portable identity management framework to the market.
- Workable solutions: This deliverable will describe what workable solutions look like and how they will have to interoperate.
The first deliverables are based on a requirements gathering exercise which permanent goals are:
- to identify the scenarios and requirements related to the challenges of responsibility and liability in a world where corporates are interested in multi-banking and in being able to switch efficiently between financial service providers.
- to describe the scenarios and requirements related to leveraging identity characteristics for service delivery and customisation, including global-scale variations in trust assurance and risk assignment in the context of privacy and security.
- to translate the foregoing into requirements for an identity infrastructure, including statements on the gaps in, and challenges concerning adoption of, existing and emerging solutions.
- Proposed Top Level Business Requirements for Identity Management in TWIST Standards and Projects- The Market Pressure (Customers, Regulators, Competitors)
- Glossary of terms – this version was prepared for the informal European Electronic Invoicing task force
- Business Requirements and Technical Requirements for Identity Management in an Interoperable and Electronic Environment
- Identity Infrastructures Case Studies
- Listing and Scoping TWIST Standards and Project for Identity Infrastructures
- Technologies for Identity Infrastructures
Current State of Work
Since early 2007 the TWIST IDWG diverted its course of work towards practical applications. It contributed mainly to the informal European Electronic Invoicing task force, now an official expert group of the European Commission. In the mean time other ID interest groups burgeonned in various circles. TWIST IDWG intends to act as a forum on these initiatives between TWIST members.