How to achieve interoperable digital identity across Asian countries

Transcript

1. How to achieve interoperable digital identity across Asian countries 2025/10/6

   Chairman, OpenID Foundation Japan WG co-chair, OpenID Foundation eKYC&IDA WG Naohiro Fujie

2. Self-introduction Over 20 years of experience in the digital identity

   space, including consulting, architecture design, and project management experience for global digital identity platforms for various customers. In 2018, I joined the OpenID Foundation Japan as a board member and established the KYC working group. In 2020, I was appointed WG Co-Chair of the eKYC and Identity Assurance working group at the OpenID Foundation. In 2021, I was appointed chairman of the OpenID Foundation Japan. Roles and activities Chairman at the OpenID Foundation Japan Working Group co-chair at the OpenID Foundation, eKYC & IDA WG Liaison officer between the OIDF and the Japanese Government Member of various councils in the Japan Government Research director at ITOCHU Techno Solutions(CTC) Researcher at the Keio Research Institute at SFC Visiting Faculty at the University of Osaka graduate school Naohiro Fujie Copyright © 2025, Naohiro Fujie, All Rights Reserved 2

3. The reason why we’re developing standards “Standard” doesn’t mean interoperability

   Today’s talk 3 Copyright © 2025, Naohiro Fujie, All Rights Reserved

4. Different languages Different tribes Different cultures Different systems The Tower

   of Babel 4 Copyright © 2025, Naohiro Fujie, All Rights Reserved Picture: Rex Sorgatz

5. We are living in silos. 5 Copyright © 2024, Naohiro

   Fujie, All Rights Reserved Picture: Doc Searls

6. We want 6 Copyright © 2025, Naohiro Fujie, All Rights

   Reserved To communicate across {countries, jurisdictions, systems, etc.} Source: SIDI Hub 2024 Strategy

7. Source: https://onekeyresources.milwaukeetool.com/en/construction-software-interoperability

8. No one have objection for this, right? Copyright © 2025,

   Naohiro Fujie, All Rights Reserved 8

9. Every SDOs and rule makers work so hard 9 Copyright

   © 2025, Naohiro Fujie, All Rights Reserved SDOs and Technical Standards Regulators, rule makers

10. Risks of implementing without standards Design/implement every time, every interfaces

    Own responsibility for security issues, incidents Reason of technical standards adoption Easy to connect to other services (not perfect, but simpler and easier) Reviewed by domain experts Formal security verification, Conformance testing, etc. Accountability Bugs, issues on the standard: not responsibility of the implementors Bugs, issues on the implementation: responsibility of the implementors Importance of standards adoption 10 Copyright © 2025, Naohiro Fujie, All Rights Reserved

11. By supporting a single technical standard, some implementers claim to

    achieve perfect interoperability. We support W3C VCDM, so we are compliant to the standard, and we have interoperability! Examples: Open Badges 3.0 Uses W3C VCDM 2.0 as credential container but uses own transport protocol. In some case, people misunderstand that credentials using the Open Badges 3.0 specification can be installed on VC-supporting identity wallet. Japanese National ID on smartphone Issued with mdoc format but can be verified only authorized verifiers. But, in some cases… 11

12. To achieve interoperability, it is not enough to support a

    single standard; we need a combination of standards. 12 Copyright © 2025, Naohiro Fujie, All Rights Reserved SDOs and Technical Standards Regulators, rule makers But it isn't easy to understand Which standards are related to what I am trying to do? How can I use the standard? There are many params… How can I combine multiple standards?

13. Approaches and examples Trust Frameworks Operation and implementation rules for

    member entities Academic Federation(Gakunin, InCommon, etc.) Technical Profiles A combination of multiple technical specifications and their options HAIP(OpenID4VC High Assurance Interoperability Profile) IPSIE(Interoperability Profiling for Secure Identity in the Enterprise) Current approach to enable interoperability 13 Copyright © 2025, Naohiro Fujie, All Rights Reserved

14. Technical Identifier format Transportation protocol Data model(schema, signature algorithm, etc.)

    Non-technical Semantics Trust framework, rules Understand what interoperability contains 14 Copyright © 2025, Naohiro Fujie, All Rights Reserved

15. Attribute(s) to identify an entity in a group. Depends on

    size scope(group) Local International Global Must consider about privacy and persistency Identifiers 15 Copyright © 2025, Naohiro Fujie, All Rights Reserved Technical

16. How to communicate each other For digital credentials Issuance Presentation

    Revocation check Transport protocols 16 Copyright © 2025, Naohiro Fujie, All Rights Reserved Technical

17. Schema claim type Name space Signature algorithm Data model 17

    Copyright © 2025, Naohiro Fujie, All Rights Reserved Technical

18. For interoperability, more than standardized technologies are needed. Parties must

    use the same technologies. A profile is a combination of these technologies. Using a profile is much simpler than choosing each technology individually. We need profile 19 Copyright © 2025, Naohiro Fujie, All Rights Reserved Technical

19. Agreement on the meaning of attribute values is more important.

    Example) using M/F or 0/1 for gender. A qualification framework will be required, too. For example, the National Qualification Framework for Education is based on the UNESCO Convention. Semantics 20 Copyright © 2025, Naohiro Fujie, All Rights Reserved Non-Technical

20. Can you “TRUST” an entity only by verifying a digital

    signature? For example, can you believe that the issuer of the graduation certificate is a university that really exists? To achieve interoperability, agreeing on a trust framework between the relevant entities is necessary. Trust Frameworks, Rules 21 Copyright © 2025, Naohiro Fujie, All Rights Reserved Non-Technical

21. For interoperability, more than standardized technologies are needed. Parties must

    use the same technologies + frameworks(qualification, trust). A profile is a combination of these technologies + frameworks. Using a profile is much simpler than choosing each technology and framework individually. We need profile 22 Copyright © 2025, Naohiro Fujie, All Rights Reserved Technical Non-Technical

22. SIDI(Sustainable and Interoperable Digital Identity) Hub Comprehensive initiatives, including Trust

    Framework mapping, use- case studies such as cross-border education, opening bank accounts, etc. Global initiative supported by governments and SDOs. APDI(Asia Pacific Digital Identity) Consortium New initiative focuses on Asia Pacific region interoperability. Planning to consider a small number of use-cases such as education, travel, etc. Starting with a small step will lead us to success. Related activities for interoperability 23 Copyright © 2025, Naohiro Fujie, All Rights Reserved

23. Maps National ID Trust Framework across countries SIDI Hub/Trust Framework

    mapping 24 Copyright © 2025, Naohiro Fujie, All Rights Reserved 212 212 Overview of DNA of Digit al ID UK - Digital Identity and Attributes Trust Framework (DIATF) EU - eIDAS2 US - NIST Version 4 draft Canada - DIACC Pan Canadian Trust Framework Sweden - Bank ID Thailand - ETDA Trust Framework Singapore - Singpass 213 213 Trust Frameworks share common “Charact erist ics” Charact erist ics may have many more “values”... Japan - DS-500

24. Interoperability is more than just a technical problem. For technical,

    identifier format, transport protocol, and data model are essential elements. For non-technical, semantics and a trust framework are crucial. Start with a small step will lead us to success. Collaboration with existing initiatives will be good opportunity to start thinking how we achieve interoperable digital identity across Asian countries. Summary 25 Copyright © 2025, Naohiro Fujie, All Rights Reserved