1. I’ve Got My Identity, So
What?
Romek Szczesniak
Innovative Identity Solutions Ltd (aka Inidsol)
romeks@inidsol.uk
2. Who I Am And Where I Spent Covid Lockdown
• Who I am
• I have spent about 25 years working in digital identity. Of note,
• I was an originator in defining how PKI works,
• Designed Symbian Signed,
• Helped instigate T-Scheme,
• Created and implemented Malta’s eID scheme,
• Designed QuickTap for NFC shopping, …
• Inidsol (https://www.inidsol.uk), set up by Romek Szczesniak and Eleanor
Loughlin-McHugh, are a self-funded London-based identity startup.
• Where I spent Covid Lockdown?
• I created and ran the security team for UK BNPL double unicorn Zilch, guiding them
through PCI-DSS Tier 1, ISO 27001 and SOC 2 Type 1.
3. What Consumers Want From Digital Identity
• Simple to understand by non-technical people
• Is fast, small and easy to use
• Works online and offline when needed
• Works in parallel with their physical identity – the Anchor
• Honours the Law of the country they are using it in (for me UK)
• Can be checked by a policing entity when needed (on request)
• Be anonymous wherever possible
• Have useful informative assistance when it (rarely) fails
• Allows the Consumer to forget about identity and worry about other things
4. Simple Identity Operations – Proving I Am Me
• Showing I am me
• Buying alcohol
• Visiting a nightclub
• Buying a mobile phone
• Signing a form
• Shopping
• Collecting parcels
• …
7. Banks and Building Societies
• Every year banking has its SIBOS meeting. David Birch and John
Shamah wax lyrical that banks need digital identity, …
• … then nothing happens.
• So lets have digital identity and see what we can do with banks…
8. Banking With Digital Identity
• Quickly providing my identity to the bank,
• Verifying identity in deposit/withdrawal operations,
• Switching bank accounts and banks seamlessly
• SCA with personal identity,
• AMLD5 with personal identity,
• Performing simple deposit/withdrawal from our bank account directly
from the command line,
• Showing my identity on request at random spot checks for anti-fraud.
9. Ownership - How it Works (With Your Dog)
Ownership is rarely mentioned on the Internet.
Sometimes, we need to prove we own things.
Here is how (in the UK) we change ownership of our dogs.
It costs £17 to do so.
12. Vouching in Practice
• Digital Vouching is a hard problem that
disrupts how we value our identity.
• Here we introduce the idea of limited
trusting a user with no physical ID.
• Introduces vouchable people.
• Needs road-testing in real-world!
13. Witnessing – Witnessing an Event
6 witnesses came forward about
the George Floyd incident.
Witnessing a random event can
happen anytime, anyplace,
anywhere.
Digitally, we also need a way to
say that we witnessed an event.
Witnessing sometimes needs to
be anonymous.
Picture from: https://www.bbc.co.uk/news/world-us-canada-56585165
14. Witnessing – Witnessing Transactions
A simple example of witnessing is will making.
Will signing involves 3 people including 2 witnesses:
• The person signing the Will (usually you)
• 2 Witnesses
The person signing must be present throughout the process.
A Witness must be:
• Over 18
• Someone who is not an Executor or a Beneficiary of the Will
• Unrelated to you or to anyone mentioned in the Will either
by blood or marriage
• Able to see (not blind)
Information from https://wills.org.uk/will-witnesses/.
16. Bundling in Preparation for Offline Use
• Why do we not batch set up a set of
identities to represent that we will
likely be offline when we do this?
• Will allow me to digitally show
identity without needing online
access.
• I would expect to batch about ten
transactions for a typical flight.
Plane Departure
Check-In Show Identity
Submit Luggage Show Identity
Passport Control Show Identity
Get to Gate Show Identity
Get On Plane Show Identity
Plane Arrival
Passport Control Show Identity
Baggage Collect Show Identity
17. More Digital Identity is Coming… Companies House
• UK Companies House is updating to include Company Directors’
identity validation to remove fraud in 2022:
18. More Digital Identity is Coming… Etive House Buying
• Buying and selling
property is a project
being piloted in the
UK.
Diagram from Etive’s “A Digital Identity Trust Framework for the Home Buying & Selling Process”.
19. Identity in Business
• Every ISO 27001 company has a defined organisation chart.
• Each employee has a defined Job Title.
• When Consumers talk to Company Employees, they need also to
optionally provide their identity in the business.
• For Customer Service, a quick way to show an employee’s identity is
needed (preventing some of the current forms of e-crime), which
should be easily verifiable.
20. Things Will Need an Identity too…
• As we have identities for people, items need identity to show they are
identifiable too.
• This is rarely seen, but can be simply illustrated by the following
example in border control…
22. The Inidsol Sales Pitch
• We looked at all the examples above as a consumer.
• We have solutions for all of the above ideas.
• We continue to show how lightweight simple identity make this all simple.
• We interoperate with others in showing the above works.
• If you are looking for bespoke lightweight identity, we can design it for you!
23. Conclusions
• We are still a long way from making digital identity mainstream.
• Until the consumer requirements are satisfied, this will not change.
• We must start thinking that identity is a facilitator and not a product.
• People and things need to have identity with relationships between them.
• Identity must connect online and offline experiences.
• We need anonymity (for Consumer privacy) where possible.
• Sometimes we require vouching, ownership and witnessing.
• COVID-19 lockdowns should have shown identity working, but it did not.
• If all the above are satisfied, we will see digital identity in use.