際際滷

際際滷Share a Scribd company logo

GAIN Presentation.pptx

Download as PPTX, PDF
T
Torsten Lodderstedt

GAIN is a shared vision for an interoperable global identity network to bridge existing "islands of trust". It emerged from a need to address issues like financial crime, misinformation, and privacy concerns resulting from increased anonymity and lack of control online. GAIN is guided by 5 non-profits and aims to be global in scale, technology agnostic, and built upon open standards. Its Proof of Concept community group is currently connecting identity providers and relying parties from different jurisdictions to test GAIN's technical hypotheses, such as supporting diverse identity architectures and cross-border participation, through 2022.

1 of 16
Download to read offline
GAIN: The Global Assured Identity Network Dr. Torsten Lodderstedt, Co-Chair GAIN PoC
GAIN emerged from something you know In the beginning, there was trust on the internet But as it opened up, trust was lost.
GAIN emerged from something you know Weaponized Anonymity for Some Financial Crime is up to 5% of GDP (2Tn USD) Misinformation Lack of Control for the Rest Pervasive Tracking Identity Theft
GAIN is a shared vision Interoperability Trusted Network An interoperable system that bridges islands of trust Trusted Network
GAIN became a white paper 150+ Authors no logo, pro bono, open source GAIN Digital Trust
5 non-profits guide GAIN CSC OIDF OIX GAIN Rules and governance, Digital Trust frameworks Identity standards & POC Community Group Standards for legal entities & vLEIs Engagement of the Financial Services community Standards for electronic signatures We invite other non-profits to join
GAIN principles moving forward Global Interoperability Technology Agnostic Open Standards Internet Scale Build on whats been built
GAIN PoC Community Group
GAIN POC Community Group GAIN can be built on top of existing networks and solutions IIPs from different jurisdictions can input to GAIN The network can support different IIP architectural approaches (federated, SSI, etc.) and different interoperable interfaces to RPs (OIDC, DIDCom, WACI, etc.) IIPs can offer a variety of APIs built to serve different purposes into the network RPs can access assured identity data from IIPs in a simple and trusted approach (single contract, single credential and a single technical specification) The GAIN POC Community Group is a test bed for GAINs technical hypotheses Success Means: At the end of the POC, Any party will be able to understand what they need to do in order to implement (technically) in a live environment We will feel successful if participants (or others) want to take it to the next level 5 Hypotheses 1 2 3 4 5
GAIN POC Community Group (Status & Timeline) Q3/2021 Started Alpha PoC Q4/2021 Successful conformance tests of the first group of IDPs Q1 2022 Connect RPs via standardized APIs and network functions Q2 2022 Establish OIDF community group Agree on goals and hypothesis to test Demonstrate end2end scenarios in sandbox (federated and SSI) Q3 2022
Hypothesis 1: GAIN can be built on top of existing networks and solutions Hypothesis 2: Cross border participation Relevant Specifications This list is non-exhaustive and under development with the Community Group. OpenID Connect Core OpenID Connect for Identity Assurance 1.0. 3rd Implementers Draft Financial Grade API Focus of Alpha PoC Basis: GAIN PoC OpenID Connect 4 Identity Assurance Profile Integration of the following existing solutions: BankID Sweden (SWE) Dizme (IT) German Banks (DE) Planned: mojeID (CZ) SecureKey (CA)
Relying Parties Hypothesis 3 Different IIP approaches BankID Sweden German Banks Dizme large scale federation one service for all bank customers SSI Wallet Credential to Claims transformation OpenID Connect 4 Identity Assurance Relying Parties Relying Parties
Hypothesis 4 IIPs can offer a variety of APIs Several extensions are being discussed in the group Identity (Implemented) OpenID Connect 4 Identity Assurance SSI-specific: OpenID Connect 4 SSI (?) DIDComm (?) Account Information & Payments Electronic Signing
Hypothesis 5 Simple RP Integration Vision: Register Once, become a client to all the IDPs. Trusted RP management to allow RP to access all IDPs with single credential Trusted IDP management to allow RPs to find and select suitable IDPs Approach Collection of Requirements Survey of design choices (DNS-based, OpenID Connect Federation, EU Trusted List, ) Selection and setup of test network Assumption: there can be multiple GAIN-based networks, such networks might be federated
Hypothesis 5 Simple RP Integration Use cases to evaluate hypothesis Electronic Signing Identification of Domain Registrants Provisioning of SSI Credentials Remote Staff Onboarding Students Identification User Account verification (e.g. Twitter) Account Recovery Age verification
Ongoing OIX & OIDF work complement one another Alpha POC Connecting IDPs and RPs Uses OIDC for Identity Assurance 1. Diverse architectures (including federated and SSI) 2. Multiple geographies 3. Minimal claims set 4. Identity assurance attestation SSI protocols Guide to Trust Framework Legal Entity linked identities Mapping across Frameworks Add 3rd Party Services Additional Participants More use cases Richer identity schema Extended claims set +GLEIF +OIX +OIX + DIF (?) IDP Chooser + OIDF Participant Directory + OIDF Extended Attributes + CSC

More Related Content

GAIN Presentation.pptx

  • 1. GAIN: The Global Assured Identity Network Dr. Torsten Lodderstedt, Co-Chair GAIN PoC
  • 2. GAIN emerged from something you know In the beginning, there was trust on the internet But as it opened up, trust was lost.
  • 3. GAIN emerged from something you know Weaponized Anonymity for Some Financial Crime is up to 5% of GDP (2Tn USD) Misinformation Lack of Control for the Rest Pervasive Tracking Identity Theft
  • 4. GAIN is a shared vision Interoperability Trusted Network An interoperable system that bridges islands of trust Trusted Network
  • 5. GAIN became a white paper 150+ Authors no logo, pro bono, open source GAIN Digital Trust
  • 6. 5 non-profits guide GAIN CSC OIDF OIX GAIN Rules and governance, Digital Trust frameworks Identity standards & POC Community Group Standards for legal entities & vLEIs Engagement of the Financial Services community Standards for electronic signatures We invite other non-profits to join
  • 7. GAIN principles moving forward Global Interoperability Technology Agnostic Open Standards Internet Scale Build on whats been built
  • 9. GAIN POC Community Group GAIN can be built on top of existing networks and solutions IIPs from different jurisdictions can input to GAIN The network can support different IIP architectural approaches (federated, SSI, etc.) and different interoperable interfaces to RPs (OIDC, DIDCom, WACI, etc.) IIPs can offer a variety of APIs built to serve different purposes into the network RPs can access assured identity data from IIPs in a simple and trusted approach (single contract, single credential and a single technical specification) The GAIN POC Community Group is a test bed for GAINs technical hypotheses Success Means: At the end of the POC, Any party will be able to understand what they need to do in order to implement (technically) in a live environment We will feel successful if participants (or others) want to take it to the next level 5 Hypotheses 1 2 3 4 5
  • 10. GAIN POC Community Group (Status & Timeline) Q3/2021 Started Alpha PoC Q4/2021 Successful conformance tests of the first group of IDPs Q1 2022 Connect RPs via standardized APIs and network functions Q2 2022 Establish OIDF community group Agree on goals and hypothesis to test Demonstrate end2end scenarios in sandbox (federated and SSI) Q3 2022
  • 11. Hypothesis 1: GAIN can be built on top of existing networks and solutions Hypothesis 2: Cross border participation Relevant Specifications This list is non-exhaustive and under development with the Community Group. OpenID Connect Core OpenID Connect for Identity Assurance 1.0. 3rd Implementers Draft Financial Grade API Focus of Alpha PoC Basis: GAIN PoC OpenID Connect 4 Identity Assurance Profile Integration of the following existing solutions: BankID Sweden (SWE) Dizme (IT) German Banks (DE) Planned: mojeID (CZ) SecureKey (CA)
  • 12. Relying Parties Hypothesis 3 Different IIP approaches BankID Sweden German Banks Dizme large scale federation one service for all bank customers SSI Wallet Credential to Claims transformation OpenID Connect 4 Identity Assurance Relying Parties Relying Parties
  • 13. Hypothesis 4 IIPs can offer a variety of APIs Several extensions are being discussed in the group Identity (Implemented) OpenID Connect 4 Identity Assurance SSI-specific: OpenID Connect 4 SSI (?) DIDComm (?) Account Information & Payments Electronic Signing
  • 14. Hypothesis 5 Simple RP Integration Vision: Register Once, become a client to all the IDPs. Trusted RP management to allow RP to access all IDPs with single credential Trusted IDP management to allow RPs to find and select suitable IDPs Approach Collection of Requirements Survey of design choices (DNS-based, OpenID Connect Federation, EU Trusted List, ) Selection and setup of test network Assumption: there can be multiple GAIN-based networks, such networks might be federated
  • 15. Hypothesis 5 Simple RP Integration Use cases to evaluate hypothesis Electronic Signing Identification of Domain Registrants Provisioning of SSI Credentials Remote Staff Onboarding Students Identification User Account verification (e.g. Twitter) Account Recovery Age verification
  • 16. Ongoing OIX & OIDF work complement one another Alpha POC Connecting IDPs and RPs Uses OIDC for Identity Assurance 1. Diverse architectures (including federated and SSI) 2. Multiple geographies 3. Minimal claims set 4. Identity assurance attestation SSI protocols Guide to Trust Framework Legal Entity linked identities Mapping across Frameworks Add 3rd Party Services Additional Participants More use cases Richer identity schema Extended claims set +GLEIF +OIX +OIX + DIF (?) IDP Chooser + OIDF Participant Directory + OIDF Extended Attributes + CSC

Editor's Notes

  • #5: Trust layers already exist on the internet. The GAIN vision is that we connect them. That we create a globally interoperable network of networks that leverages the high trust data that exists in trust networks and trusted institutions today - and also interoperates with the emerging decentralized solutions, SSI and wallet providers etc.
  • #6: As everything must, GAIN became a white paper. We had technologists, lawyers, leaders in existing federated identity networks. SSI and thought leaders in decentralized identity. Wallet creators. Identity information providers. Verifiers and business leaders who see the value in the network. We did not agree on everything even the papers target audience. But we shared that vision for global interoperability and its potential to
  • #7: We see non-profits and standard-setting bodies continuing to guide the GAIN vision though we invite others to participate
  • #8: reach is key success factor in identity solving the identity challenge on a global level requires a global solution building from scratch is very hard leveraging local solutions into a global network is the pragmatic solution We had technologists, lawyers, leaders in existing federated identity networks. SSI and thought leaders in decentralized identity. Wallet creators. Identity information providers. Verifiers and business leaders who see the value in the network. We did not agree on everything even the papers target audience. But we shared that vision for global interoperability and its potential to
  • #17: We see non-profits and standard-setting bodies continuing to guide the GAIN vision though we invite others to participate