《世界經濟論壇（WEF）：2023重構數字身份報告（英文版）（40頁）.pdf》由會員分享，可在線閱讀，更多相關《世界經濟論壇（WEF）：2023重構數字身份報告（英文版）（40頁）.pdf（40頁珍藏版）》請在三個皮匠報告上搜索。

1、Reimagining Digital IDI N S I G H T R E P O R TJ U N E 2 0 2 3Images:Getty Images,Midjourney 2023 World Economic Forum.All rights reserved.No part of this publication may be reproduced or transmitted in any form or by any means,including photocopying and recording,or by any information storage and r

2、etrieval system.Disclaimer This document is published by the World Economic Forum as a contribution to a project,insight area or interaction.The findings,interpretations and conclusions expressed herein are a result of a collaborative process facilitated and endorsed by the World Economic Forum but

3、whose results do not necessarily represent the views of the World Economic Forum,nor the entirety of its Members,Partners or other stakeholders.ContentsExecutive summary 3Introduction 41 ID Overview 51.1 A brief history of ID 61.2 Digital ID 61.3 Fulfilling the identity life cycle 82 Decentralized I

4、D 92.1 Why is decentralized ID important?102.2 Principles 132.3 Underlying standards and proposals 142.4 The Digital ID risks this approach seeks to avoid 173 Barriers to implementation 193.1 Technical 203.2 Policy 223.3 Governance and implementation 234 Recommendations 254.1 Technical 264.2 Policy

5、274.3 Governance and implementation 30Conclusion 32Contributors 33Endnotes 36Reimagining Digital ID2Executive summary There are roughly 850 million people who lack legal identification(ID),which makes it difficult or impossible for them to fully engage with society.At the same time,many of those wit

6、h ID do not have privacy and control over how their data is shared.Several approaches to digital ID could help broaden access to goods and services and offer individuals greater privacy and control.This report explores one such approach:decentralized ID,which enables users to control their personal

7、data while allowing issuers to contribute attestations,or credentials,about them.If implemented in a trusted,privacy-preserving manner,decentralized ID can increase access and control while enhancing efficiency and effectiveness.Yet decentralized ID also poses risks and faces challenges.To help real

8、ize the benefits and mitigate the risks of decentralized ID,this report provides analysis,tools and frameworks,summarizing the barriers to implementation facing decentralized ID and offering a set of recommendations for stakeholders seeking to adopt this approach.1 ID overviewFor centuries,ID a mean

9、s by which people prove attributes about themselves has played a pivotal role in society.Recognizing this,the United Nations Sustainable Development Goals identify legal identity as a development priority.As peoples lives become increasingly mediated by digital technologies,there is a related need t

10、o develop digital ID,or a way to make claims about personal data through digital channels.Centralized,federated and decentralized ID systems,as well as hybrid approaches,each with unique advantages and disadvantages,can help fulfil this need.2 Decentralized IDDecentralized ID systems use cryptograph

11、y,digital wallets and related technologies to enable multiple entities to contribute credentials and empower individuals to manage their data.Properly implemented,decentralized ID could enhance privacy,control,efficiency and effectiveness.A wide variety of technologies,standards and proposals includ

12、ing verifiable credentials and decentralized identifiers,as well as principles and governance frameworks exist to realize decentralized ID.However,this approach also poses risks.3 Barriers to implementationEfforts are already under way to scale decentralized ID.Yet there are a host of barriers to im

13、plementation.A lack of widely agreed-upon technologies,standards and proposals limits the reach of these systems.The absence of enabling policy and regulation may curtail their efficacy.Decentralized ID also faces challenges of governance,communications and utility.4 RecommendationsFor stakeholders

14、who decide that decentralized ID is the right approach for their goals,this report offers technical,policy,governance and implementation recommendations.It advises industry that further technological innovation,standards alignment and talent development are necessary to achieve decentralized ID.Publ

15、ic-sector participants can contribute by exploring the development of enabling regulation,setting requirements for interoperability and portability,and fostering collaboration among key stakeholders.Reimagining Digital IDJune 2023Reimagining Digital ID3IntroductionRoughly 850 million people worldwid

16、e lack an official ID,making it difficult for them to get a job,access medical care,enrol in a school,open a bank account or cast a vote.1 At the same time,many of those with ID lack privacy and control over how their data is shared.Today,innovative approaches to digital ID have been developed that

17、could help expand access to goods and services while offering individuals privacy and control.This report focuses on one approach:decentralized ID,which seeks to enable users to control the sharing of their personal data while allowing multiple entities to contribute attestations,or credentials,abou

18、t them.These credentials may be as simple as a date of birth or as complex as a citizenship.If implemented in a trusted,privacy-preserving manner,decentralized models of digital ID can offer individuals a secure way of managing their personal data without depending on intermediaries.While decentrali

19、zed ID presents opportunities,and has already begun to be adopted,it also poses risks and faces challenges.Many of its underlying technologies,governance frameworks,trust ecosystems and standards are still emerging and remain relatively untested at scale.As with many digital technologies,a misalignm

20、ent between existing policies and regulatory frameworks and these models of ID could curtail their efficacy and create risks.Without public education,clear utility and incentives,decentralized approaches to ID may be unable to garner the broad stakeholder buy-in and user demand required for mass ado

21、ption.Though decentralized ID offers an opportunity to advance inclusion,effectiveness and privacy,without fit-for-purpose policy,regulation and technology,the potential for these systems to address the limitations of current global ID paradigm while having a socially useful impact will be severely

22、limited.The aim of this report is to provide an analysis of decentralized ID from a technical and policy standpoint.The product of an international collaboration among experts drawn from industry,government,civil society and academia,the report seeks to offer useful tools,frameworks and recommendati

23、ons for government officials,regulators and executives seeking to engage with this dynamic area of emerging technology.Recognizing that the objectives of governments,organizations,communities and individuals differ across jurisdictions,use cases,cultures and more,this report does not provide a one-s

24、ize-fits-all set of recommendations.Nor does it advocate using decentralized ID over other forms of digital ID or the use of any form of ID.There are instances in which any form of ID is deemed unnecessary,inappropriate or undesirable.Rather,this resource notes the advantages and disadvantages of de

25、centralized ID compared to other approaches to ID and flags important considerations for stakeholders in the hope that this approach can aid their development of an effective ID strategy.Should a stakeholder choose to take this approach,the report provides tools to help realize its benefits and miti

26、gate its risks.For people without official,or legal,identification,it can be difficult or impossible to fully participate in society.Reimagining Digital ID4ID Overview1For centuries,ID,a way for people to prove attributes about themselves,has played a central role in society.Reimagining Digital ID5T

27、his section provides an overview of important concepts pertaining to ID and digital ID.It offers a brief history of ID,an outline of different approaches to digital ID,and summarizes concepts including foundational and functional ID,the identity life cycle and levels of assurance.1.1 A brief history

28、 of ID ID is a means by which people prove that they are who they say they are and various attributes about themselves.For centuries,ID has played a pivotal role in the development of economies and societies around the world,2 with ID in many cases being required to cross borders,gain labour opportu

29、nities,access credit and more.In 1948,with the proclamation of the International Declaration of Human Rights,nations enshrined the right to recognition before the law and the right to have a nationality.3 Both rights can be facilitated by the possession of proof of legal identity.4 The UnitedNations

30、 defines legal identity as“.the basic characteristics of an individuals identity,e.g.name,sex,place and date of birth conferred through registration and the issuance of a certificate by an authorized civil registration authority following the occurrence of birth”.5In 2015,with the adoption of the Su

31、stainable Development Goals(SDGs),the international community recognized legal identity as a development priority.SDG 16.9 aims to“.by 2030,provide legal identity for all,including birth registration”.6 Indeed,as the World Bank posits,ID can be a direct or indirect enabler of many sustainable develo

32、pment goals(SDGs),including access to finance,gender equality and empowerment,and migration and labour market opportunities.7 While there has been significant progress,SDG 16.9 remains aspirational,with the World Bank estimating that roughly 850 million people lack an official ID.Providing proof of

33、legal identity to those without it will depend on a concerted,multistakeholder effort led by governments as well as the development of robust systems to ensure that credentials provide real-world value to holders.As stakeholders determine how best to achieve SDG 16.9,some are considering developing

34、decentralized ID systems in addition to efforts to provide proof of legal identity.Decentralized ID is a form of digital ID that enables individuals to control the sharing of their data,while allowing multiple entities to issue credentials to them.1.2 Digital ID Digital ID provides a means of making

35、 claims about personal data through digital channels.Many things can have a digital ID,from hardware such as internet of things(IoT)devices to organizations,including corporate entities.This report focuses on ID for individuals.The increasing use of digital technology and the development of AI make

36、the creation of digital ID important.According to estimates by the global financial crime watchdog,the Financial Action Task Force(FATF),the number of digital transactions is growing at roughly 12.7%annually.8 Whether purchasing an item or accessing an in-person service,transactions are increasingly

37、 mediated by digital technologies,necessitating the development of effective forms of digital ID.Developments in artificial intelligence(AI)have also increased the need for digital ID.AI poses a threat to privacy because it can analyse seemingly unrelated data to reveal attributes about an individua

38、l.9 AI also has the potential to break mechanisms for authentication.These capacities necessitate the development of models of digital ID capable of preserving privacy while providing reliable authentication.10 AI systems are also now generating content,making it imperative to develop models of ID t

39、hat can determine what was produced by an AI system.Despite a sustained focus on ID,the increasingly widespread use of digital technologies,and the rapid development of AI,the internet lacks an ID layer.11 To fill this gap,stakeholders offer centralized,federated and decentralized forms of ID to hel

40、p facilitate transactions.12 Centralized providers establish and manage data on behalf of individuals.Federated solutions allow a single organization or closed network to verify facts on behalf of an individual.Decentralized ID systems,by contrast,allow an individual to control their data,which is v

41、erified by other stakeholders.13 Decentralized ID has elsewhere been referred to as self-sovereign ID,user-managed ID,secure ID and more.The aim of this resource is not to add confusion to these terms,but to encourage standardization around a neutral term.The table below summarizes these system arch

42、etypes and some of their strengths and weaknesses.It should be noted that the The World Bank estimates that roughly 850 million people lack an official ID.Reimagining Digital ID6opportunities and challenges presented by each archetype are dependent on context and use case.Likewise,these archetypes a

43、re not necessarily mutually exclusive.Hybrid approaches making use of centralized and decentralized elements,for example,can offer a pathway for stakeholders to take advantage of some of the benefits of decentralized ID systems without fully adopting them.ID system archetypes strengths and weaknesse

44、sTABLE 1Source:World Economic Forum,Identity in a Digital World:A New Chapter in the Social Contract,September 2018:https:/www3.weforum.org/docs/WEFINSIGHT_REPORT_Digital%20Identity.pdfEach system archetype summarized in Table 1 can support forms of ID that are foundational or functional.The United

45、States Agency for International Development(USAID)defines foundational ID as a national-scale official ID typically issued and managed by a government.15 For example,leveraging an enrolment process to develop a registry of citizens,governments can create foundational IDs.Issuers,including government

46、s,non-governmental organizations and private-sector enterprises,can also issue functional IDs,which are defined by their capacity to enable individuals to access a discrete good or service or perform a specific action.Drivers licences,health insurance documentation,credit and payment histories and p

47、assports are all instances of functional IDs.16While a useful distinction,the boundary between foundational and functional IDs can be blurry.Over time,certain functional IDs,such as the US drivers licence,may accrue such a high level of trust and utility that they become de facto foundational.Both f

48、oundational and functional IDs can be used in a decentralized ID system.For instance,systems can enable individuals to control their foundational ID credentials,facilitating access to services in a decentralized fashion.17 Likewise,decentralized ID systems can make use of government registries to pr

49、ovide individuals with official credentials while also allowing non-governmental stakeholders to issue other credentials to them.18System archetypesCentralizedFederatedDecentralizedDefinition A single organization establishes and manages the ID Different stand-alone systems,each with its own trust a

50、nchor,establish trust with each other Multiple entities contribute to a decentralized digital ID;user controls sharing of personal dataExamples Government electoral roll,bank,social media platform Swedish BankID,Gov.UK Verify,Meta,Google VCI,International Air Transport Association(IATA)travel pass,G

51、overnment of Bhutan National Digital Identity(NDI)Strengths Can be built for specific purposes or for general application Potential for organizational vetting of data Potential to enhance features including account recovery Technology is broadly understood and implementable Can enable users to acces

52、s a wide range of services Potential to enhance efficiency for organizations Can be convenient for the individual,with potential for reuse Can offer reduced risk for organizations Can increase user control,maintain privacy and reduce the amount of data stored by intermediaries Potential to enhance e

53、fficiency Can improve verifiability of data Can enable data minimization at scaleChallenges May limit user control and create centralization risk,potential for surveillance and liability May not be interoperable with other approaches Individual may not be able to reuse information across platforms M

54、ay create data“honey pots”and require high data security standards to prevent data breaches Can create over-disclosure May limit user control May not be interoperable with other approaches Individual may not be able to reuse information across platforms May create data“honey pots”and require high da

55、ta security standards to prevent data breaches Can create over-disclosure Can facilitate surveillance Governance can be complex Acceptance of and alignment on underlying technologies and standards currently limited,potentially constraining interoperability Evolving landscape of law and policy,creati

56、ng complex liability Can create data risks depending on ecosystem decisions High technical complexity and high demand on individuals Full benefit may require the possession of high-assurance credentials14Reimagining Digital ID71.3 Fulfilling the identity life cycle ID can be thought of as a process

57、for fulfilling the identity life cycle,which according to the World Bank encompasses registration,issuance,use and management processes.In a government ID program,for example,during registration personal data is provided,validated for accuracy,deduplicated to ensure uniqueness,and verified to confir

58、m that the data corresponds to the individual.An individual can then be issued credentials,which may themselves be based on pre-existing documents,and use those credentials to access a good or service.When they do so,they are authenticated,verified and authorized.All of these processes are ongoing e

59、vents subject to management maintenance,redressal and engagement.19Identity life cycleFIGURE 1RegistrationIdentity data is collected and proofedIdentity claimA person claims their identity by providing personal data and supporting documents or other evidenceProofingValidation:determining the validit

60、y,authenticity,accuracy and/or veracity of the identity data and evidenceDeduplication:1:N matching to ensure uniqueness(e.g.via biometric recognition or demographic deduplication)Verification:confirmation that the person is the true owner of the identityManagementMaintenance of identities and crede

61、ntialsMaintenanceUpdating,revoking,reactivating,retiring,etc.identities and credentialsGrievance and redressalResponding to and correcting errors and other issuesEngagementCommunication and consultation with people and other users(i.e.relying parties)UseIdentity is checked at the point of transactio

62、nAuthenticationTests of asserted credentials/factors to establish confidence that the person is who they claim to beVerificationVerifying attributes(e.g.name,age,address,etc.)specific to the purpose of the transactionAuthorizationAssigning the rights or privileges to access a service,resource,inform

63、ation,etc.as determined by the relying party(e.g.service provider)IssuanceOne or more credentials are issuedCredentialingCredentials and authentication factors are issued and bound to the person Identity registered and storedSource:The World Bank ID4D,Practitioners Guide:Identity Lifecycle:https:/id

64、4d.worldbank.org/guide/identity-lifecycleDepending on how it is performed,each step in the identity life cycle is executed to a different level of assurance.Assurance levels correspond with the degree of confidence attributed to a given form of ID,as well as to the number of IDs created.Government-i

65、ssued IDs can offer a high level of assurance depending on factors such as how well the government performed an identity-proofing procedure to establish uniqueness within a population.In a risk-based authentication process,transactions are conditioned upon meeting or exceeding a certain level of ass

66、urance.20 In general,the assurance level for a given transaction is the lowest assurance that has been achieved during the registration,issuance and use processes.As there can be a tendency to require overly high levels of assurance,setting assurance levels in line with the risks posed by a given us

67、e case is one approach stakeholders can take to minimize data collection.Reimagining Digital ID8Decentralized ID2Decentralized ID could enhance individual privacy and control,while increasing efficiency and effectiveness.Reimagining Digital ID9As described in Section 1,there are several approaches t

68、o digital ID that could expand access and improve user outcomes relative to the status quo.This report explores one approach:decentralized ID.Section 2 provides an overview of this approach,situating it in the context of the wider ID landscape and articulating the opportunities it creates as well as

69、 the risks it poses,then offers a summary of some of the key principles,technologies,proposals and standards that support it.2.1 Why is decentralized ID important?Decentralized ID uses cryptography,digital wallets and related technologies to enable multiple entities to contribute credentials and emp

70、ower individuals to manage their data.Decentralized ID systems create a trust triangle that links issuers,holders and verifiers:issuers are entities that digitally sign attestations and provide them to holders;holders,such as individuals,manage their credentials and use them to prove claims about th

71、eir data;and verifiers assess these attestations to determine whether they satisfy requirements.21 This process,which can be facilitated by a verifiable data registry,is discussed further in Section 2.4.Verifiable credential trust triangleFIGURE 2HolderManages credentials,uses them to create present

72、ations of proof for verifiersIssuerDigitally signs attestations;packages and gives credentials to holderVerifierRequests proof;verifies that issuer attestations satisfy requirementsIssuePresentVerifiable data registeryWriteReadSource:Alexis Hancock,Digital Identification Must Be Designed for Privacy

73、 and Equity,Electronic Frontier Foundation,31August 2020:https:/www.eff.org/deeplinks/2020/08/digital-identification-must-be-designed-privacy-and-equity-10 Decentralized ID could offer a means of improving individual control and access while enhancing efficiency and effectiveness.Decentralized ID sy

74、stems attempt to empower holders to manage their credentials,increasing their control.If a diverse,trusted system of issuers and verifiers exists,holders can use their credentials to access a host of goods and services.Decentralized ID may also increase efficiency.Instead of entrusting a third party

75、 to store,manage and transmit data on their behalf,individuals can use decentralized ID systems to exchange credentials directly with one another or a service provider,reducing the number of intermediaries and increasing efficiency.Decentralized ID systems may also enhance effectiveness by reducing

76、the number of times information has to be verified,which could increase convenience,reduce risk and diminish costs.Evolving use cases,such as education and skills credentials and public authority identity credentials,exemplify some of the benefits of decentralized ID(see Boxes 1 and 2).Reimagining D

77、igital ID10Education and skills credentialsPublic authority identity credentialsBOX 1BOX 2Decentralized ID offers a way for individuals to verifiably prove that they have attained a skills credential or received a degree or high-school diploma.Academic degrees and professional certificates can be is

78、sued on trusted,distributed,shared infrastructure that can enable individuals to prove facts about their personal data without compromising their pseudonymity.22 These systems can enable distributed,inexpensive proofs that lower the risk of identity fraud and enable an individual to receive attestat

79、ions from multiple entities.23Public authority identity credentials offer a means for individuals to manage credentials from public-sector agencies without depending on a centralized intermediary.For example,by using a wallet and decentralized identifier(see Section 2.3)within the European Self-Sove

80、reign Identity Framework(ESSIF),which is being implemented in collaboration with the European Commission,individuals can request credentials from public authorities that can then be used to attest to facts about their personal data in order to gain access to goods and services.Because ESSIF credenti

81、als are compliant with relevant public authorities,they can be used to facilitate access to services requiring high levels of assurance while still offering individuals control.24 The benefits of decentralized ID may be best understood by contrasting this approach with the contemporary ID paradigm.2

82、5 While there is no monolithic global ID regime,a collection of laws,policies and practices varying across jurisdictions,use cases and cultures underpin ID practices today.This report refers to this status quo broadly as the contemporary ID paradigm and draws examples of it from Web3,social media co

83、mpanies and financial services providers.In this section,it briefly summarizes the challenges created by this paradigm and considers how decentralized ID could address them.To identify the opportunities created by decentralized ID,it is illustrative to consider the state of privacy in the blockchain

84、-enabled ecosystem known as Web3 where,on the one hand,open,public protocols such as Bitcoin and Ethereum provide transparency,enabling anyone with sufficient expertise to access detailed information.On the other hand,protocols such as the virtual currency mixer Tornado Cash offer anonymity by aggre

85、gating several transactions to obfuscate their origins and destinations.26 Decentralized ID attempts to strike a balance between these two paths:to protect individual privacy and control while facilitating compliant access to goods and services.Just as decentralized ID provides a counterpoint to the

86、 poles of transparency and obscurity that characterize Web3,it also presents an alternative to the centralized and federated models of ID that dominate the internet.Today,platforms and corporations,such as social media companies,provide federated ID services.These services pervade the web.This centr

87、alization of power has precipitated what the Electronic Frontier Foundation and many others view as the rise of surveillance and data harvesting at the expense of institutional security and individual control.27 As the scholar Shoshana Zuboff has argued,these practices may not only imperil privacy,b

88、ut could also threaten the basic principles of democracy.28The centralizing tendencies that suffuse the internet also permeate parts of the global economy.Although ID laws,regulations and processes vary across jurisdictions,organizations,use cases and more,many share an emphasis on intermediated com

89、pliance,where governments collaborate with industry actors to enforce policies.For example,the US Bank Secrecy Act(BSA)and an expansive set of related laws mandate that financial institutions collect customer identity(ID)records and report crime to governmental agencies.Carrying out know your custom

90、er(KYC),anti-money laundering(AML),combating the financing of terrorism(CFT)and other due diligence processes requires financial intermediaries to collect and process personal data.As some have argued,regulations and guidance may have the effect of compelling financial services providers to compromi

91、se individual privacy by divulging personal information.29 While these centralizing systems play an important role in preventing crime and tax evasion,they may also have the effect of undermining individual privacy and access and creating insecurity and high costs.By contrast,decentralized ID aims t

92、o restore control of their data to individuals,while increasing access and security and lowering costs.Privacy is important to individuals and governments,alike.A 2019 survey conducted by the digital communications corporation Cisco of 2,600 adults worldwide revealed that 32%of respondents said they

93、 care about privacy,are willing to act to enhance their control of information and have done so by switching companies or providers over data or data-sharing policies.30 This consumer sentiment is mirrored by recent regulatory developments.The European Unions General Data Protection Regulation(GDPR)

94、,California Consumer Privacy Act(CCPA)and more recent regulatory frameworks attempt to realize greater privacy and consumer protection for individuals.Decentralized ID attempts to strike a balance between two paths:to protect individual privacy and control while facilitating compliant access to good

95、s and services.Reimagining Digital ID11Nonetheless,the current ID paradigm continues to centre on intermediated compliance,compelling organizations to collect,store and disclose personal data.Indeed,the current paradigm may even encourage organizations to over-collect personal information and in man

96、y cases duplicate the efforts of other stakeholders,resulting in a profusion of personal data in multiple places and creating cybersecurity risks.Decentralized ID could address these challenges by enabling individuals to securely manage and reuse credentials across use cases.The contemporary ID para

97、digm also creates exclusion.According to the World Bank,as of 2021,24%of adults around the world do not have an account at a bank or regulated institution.31 According to the Financial Action Task Force(FATF),of these 1.7 billion unbanked adults worldwide,26%cite lack of documentation as the primary

98、 barrier.32 Policies can magnify this challenge by requiring ID,exacerbating exclusion in countries where adults lack an official ID.33Addressing the ID gap will require extensive effort and collaboration on the part of governments,international organizations and other stakeholders to provide access

99、 to official ID.It may be possible to additionally use decentralized ID to help expand access while preserving privacy and control.For example,decentralized approaches to ID make possible the use of attestations from multiple parties,which when used over time may be able to accrue a high level of as

100、surance.This model of layered credentials could present an opportunity tosupport government-led efforts to close the global ID gap.Existing ID compliance regimes are also extremely costly.According to some estimates,the total cost of financial crime compliance across financial institutions worldwide

101、 was$274.1 billion in 2022,up from$213.9 billion in 2020.34 This may be due in part to the tendency to use manual processes,over-collect personal data and redundantly perform due diligence checks.35 Compliance costs also accrue to the public sector.Enforcement of due diligence and data protection ru

102、les,for example,can create high costs for government departments.Properly implemented and regulated decentralized ID could reduce costs stemming from compliance checks by enabling institutions to reuse high-assurance credentials to fulfil their obligations.Nonetheless,the efficacy of these processes

103、 will depend in large part on legal and regulatory considerations.In contrast to the status quo,decentralized ID systems attemptto empower individuals while enhancing public-and private-sector efficiency and effectiveness.By enabling individuals to manage their information,decentralized ID systems e

104、nhance privacy,control and the ability to verifiably prove data.Decentralized ID systems can also reduce the amount of data shared by enabling individuals to share information in a more granular way.Rather than storing data with intermediaries,individuals can present credentials directly to service

105、providers.Likewise,instead of repeatedly performing due diligence checks,actors can reuse credentials,which could diminish costs and reduce risks.Limiting the amount of data stored by centralized intermediaries could also reduce their liability and diminish their data-management responsibilities.Sti

106、ll,realizing these benefits requires not just technical innovation but also enabling policy and regulation.Section 4 provides an overview of the crucial steps needed to achieve this vision.According to the World Bank,as of 2021,24%of adults around the world do not have an account at a bank or regula

107、ted institution.Reimagining Digital ID122.2 PrinciplesThe objectives of those choosing to adopt decentralized ID systems,in whole or in part,will likely differ across jurisdictions,security systems,use cases,cultures and more.However,many implementations share a common set of principles.This section

108、 offers an overview of some of the essential principles underlying this approach.This report is not proposing a new set of principles rather,it emphasizes the values of privacy,security,inclusiveness,utility,appropriateness and choice,and asserts the importance of undergoing a principle-setting exer

109、cise to identify priorities and mitigate risks.36 Resources such as the World Economic Forums Digital Identity Ecosystems:Unlocking New Value may aid this process.37 Likewise,mechanisms to certify compliance with principles can help stakeholders achieve their goals.ID2020 certification,38 for exampl

110、e,provides a means of evaluating solutions against its technical requirements and principles,which aresummarized below.Digital ID principlesFIGURE 3UsefulInclusiveSecureOffers choiceFit for purposeSource:World Economic Forum,Identity in a Digital World:A New Chapter in the Social Contract,September

111、2018:https:/www3.weforum.org/docs/WEF_INSIGHT_REPORT_Digital%20Identity.pdfWhile there are differences among existing sets of principles,they generally converge on the importance of privacy,data minimization,user-centricity,choice,security and inclusiveness.For example,in the Laws of Identity39 and

112、Principles of SSI,40 authors outline the importance of agency,consent and minimal disclosure.These principles align with those of the Omidyar Network,which prioritizes five features of ID to support individual empowerment and equity:privacy,inclusion,user value,user control and security.41The World

113、Banks Identification for Development(ID4D)initiative advocates for 10 principles on identification for sustainable development under three pillars:inclusion,design and governance.ID4D calls for ensuring universal access,planning for financial and operational sustainability,establishing clear institu

114、tional mandates and accountability and more.42 The ID2020 Alliance,a public-private partnership focused on improving lives through digital identity,offers a manifesto on digital ID along with a set of technical requirements detailing how to implement digital ID systems that adhere to its principles

115、in practice.43Reimagining Digital ID132.3 Underlying standards and proposalsDecentralized ID uses cryptography,digital wallets and related technologies to enable multiple entities to issue credentials,while empowering holders to manage their data.If implemented in a trusted,privacy-preserving manner

116、,this could provide a means of enhancing control and access while improving efficiency and efficacy.A variety of innovations underpin decentralized ID.For readers new to the topic,this section offers a brief overview of the standards and proposals that support this approach;for more technical reader

117、s,it also analyses their potential and limitations.Verifiable credentials(VCs)are cryptographically secured digital credentials that aim to be tamper-proof,secure and verifiable.VCs enable issuers to make provable statements about subjects while making it possible for verifiers to assess the authors

118、hip of these statements without depending on intermediaries.44 The VC data model was developed by the World Wide Web Consortium(W3C)to enable issuers to create credentials,holders to manage their credentials and verifiers to check that the holders attestations meet basic requirements(see Figure 2).4

119、5In this model,issuers create credentials by digitally signing attestations.Once received,verifiers retrieve the cryptographic public keys of the issuer to run cryptographic calculations on the proof of the cryptographic signature of the VC contained in the verifiable presentation.Issuers and holder

120、s are commonly identified in the VC by decentralized identifiers(DIDs),which provide a mechanism for cryptographic key resolution.A verifiable data registry may be used to enable DID resolution or the discovery of other data required in credential validation(for example,retrieving lists of trusted i

121、ssuing authorities or checking the revocation status of the VC).The W3C VC standard46 defines only a common base data model for VCs;it does not define how to issue,exchange or prove ownership of a VC.Nor does it define the protocols that connect issuers,holders and verifiers.Issuers are expected to

122、extend the W3C base data model to support their own use cases.The W3C Credentials Community Group(CCG),Decentralized Identity Foundation(DIF),OpenID Foundation(OIDF)and Hyperledger Aries have been working to develop the missing protocol layers among the different roles a crucial step towards interop

123、erability.47Reimagining Digital ID14The W3C CCG supported the development of the Verifiable Credential API to enable large institutions that already have established business processes to use this API as the issuance and presentation protocol for VCs among the different roles.48The OpenID Foundation

124、(OIDF)defined OAuth2 and OpenID protocol extensions for the issuance and presentation of VCs.These extensions are also known as OpenID for Verifiable Credentials(OpenID4VC).49 While OAuth2 and OpenID are often associated with centralized ID providers,OpenID4VC can be implemented in a fully decentral

125、ized fashion.50 The Architecture Reference Framework(ARF)that was proposed as a technical framework for the implementation of the proposed electronic identification and trust services(eIDAS)2.0 regulation in Europe requires the OpenID4VC specifications for online use cases.51Although VCs are fairly

126、mature compared to related innovations,they still have their limitations.For example,a VC approach does not,in and of itself,guarantee interoperability and data portability.However,semantic interoperability52 may be achieved through JavaScript Object Notation for Linked Data(JSON-LD)data representat

127、ion within VCs as a way of supporting data legibility across contexts.For example,using the Credential Transparency Description Language(CTDL)hosted by Credential Engine,higher education institutions are working to develop a vocabulary for all credentials across US higher education.Nonetheless,JSON-

128、LD signature suites remain novel compared to more mature standards.Some have also criticized the VC model for lacking an adequate incentive model to achieve scale(see Section 3.1).Moreover,without a well-designed and implemented privacy strategy,VCs can be over-requested by parties,which could contr

129、ibute to data exploitation(see Section 2.4)and may fail to comply with regulatory requirements.53 Issuers can,for instance,hold data on the credentials they issue while verifiers tend to store data due to business and regulatory requirements.VC-based approaches may also encounter challenges in low-a

130、nd no-connectivity environments,although there are efforts to develop workarounds for such contexts.The W3Cs decentralized identifiers(DIDs)standard defines a minimum viable mechanism for creating,reading,updating and deleting identifiers that enable cryptographic verification.DIDs are strings,like

131、URLs,that resolve to DID documents.While VCs are stored with an individual or organization,DID documents can be stored on a blockchain,in a DNS record,at a web address or generated from the DID itself.DID documents can also be stored on non-blockchain verifiable data registries such as decentralized

132、 databases.DID documents typically contain information about public cryptographic key material that can be used to authenticate the controller of that DID.VCs and DIDs may be used together.DIDs may be used to identify and authenticate the issuer and the holder of a VC.One DID can be associated with

133、multiple VCs.DIDs are created and optionally registered on a verifiable data registry such as a blockchain,and represent an entity,such as an organization or an individual.VCs contain data written about that user,and can be stored locally or in an encrypted cloud database that the users keys control

134、.When combined with VCs,DIDs attempt to offer a means of fulfilling the identity life cycle.VCs allow for flexible signature suites,including options enabling selective disclosure,or the ability to share information granularly.In paper-based ID systems,an individual may be required to overshare by d

135、efault.For example,when attempting to gain access to an age-gated service such as a bar,individuals may use an ID card that contains more information than a binary yes/no attesting to whether they are of age.Selective disclosure enables an individual to demonstrate only the minimally necessary amoun

136、t of information to gain access to a service.54 While selective disclosure is not an inherent capability of the VCs and DIDs approach,when used in combination with zero-knowledge proofs and novel signature schemes such as SD-JWT BBS+,this feature can be achieved.55 However,techniques for realizing s

137、elective disclosure are still evolving and may fail to pass regulatory barriers.56 Without a well-designed and implemented privacy strategy,VCs can be over-requested by parties,which could contribute to data exploitation.15Reimagining Digital IDThe trust model supporting the mobile drivers licence(m

138、DL)standard(ISO 18013-5)is based on X.509 certificates and uses a public key infrastructure(PKI)provided by each issuing authority.The credentials are secured using conventional cryptography and support selective disclosure of individual claims from the mDL.Stakeholders are taking steps to clarify t

139、he benefits and drawbacks of mDL compared to VCs.57Recently,stakeholders have begun to define a new standard series(ISO/IEC 23220)to normalize building blocks for identity management via mobile devices that will reuse the mobile identity document credential format and protocols from the ISO 18013-5

140、standard.58 ISO 18013-5 offers an optional feature to enable a verifier to request data from an issuer via an online protocol.This feature allows parties to access fresh data,but,if used,it may compromise user privacy.Nonetheless,it is optional and discouraged by certain jurisdictions because it can

141、 lead to data tracking.Regular updates to the mDL guidelines are published that do not recommend using this protocol.Ultimately,it is up to issuers and wallet vendors to decide whether to support this feature.Zero-knowledge proofs(ZKPs)have been proposed as offering a way to enable private transacti

142、ons.A ZKP allows one party to convince another party that a certain statement is true,without revealing the underlying data that proves the statement is true.For example,an individual could demonstrate that they are eligible to receive a discount,such as a senior citizen discount,without demonstrati

143、ng anything else about their identity,including their exact age.In this case,they would prove in zero knowledge that they are of requisite age.59 The European Parliament has noted the potential value of ZKPs to complete processes without identifying an individual.60However,as some have noted,ZKPs re

144、main relatively immature.Their underlying standards are still evolving,and it may take years for the cryptography underlying ZKPs to be documented and standardized.Their deployment may create security risks in implementations at scale.61 New control mechanisms will also likely need to be developed f

145、or use in regulatory contexts,or depending on the risk profile of a given application.62Soulbound tokens(SBTs)are a proposal for enabling non-transferrable cryptoassets that represent commitments,credentials and affiliations.SBTs were proposed by E.Glen Weyl,Puja Ohlhaver and Ethereum co-founder Vit

146、alik Buterin to address limitations in Web3.63 Internet-native,community-governed decentralized autonomous organizations(DAOs),for example,face ID challenges in voting processes.64 Likewise,a lack of verifiable ID can create platform dependency;some non-fungible token(NFT)artists,for instance,are re

147、liant on platforms such as OpenSea and Twitter to prove provenance.SBTs attempt to solve these problems by providing a crypto-native way of proving facts about oneself.SBTs are receiving attention in part because they can be readily adapted.SBTs are natively readable by smart contracts,or automatica

148、lly executing promissory code,which means they can be used to automatically enable or disable access to goods and services.SBTs provide a means of offering crypto-native credentials.By contrast,VCs currently lack native Web3 wallet support as there is no equivalent widely adopted standard that allow

149、s VCs to be instantly recognizable and usable in a Web3 context.On a related point,some organizations are developing approaches that bind VCs with tokens in such a way that tokens are bound to an identity owner,a form of ID-bound NFTs.65 A ZKP allows one party to convince another party that a certai

150、n statement is true,without revealing the underlying data that proves the statement is true.Reimagining Digital ID16Through the issuance of publicly visible,non-transferable SBTs,individuals could prove ownership over assets and,over time,develop a rich array of verifiable personal data,from affilia

151、tions to memberships.Individuals who meet certain criteria are eligible to mint SBTs to their wallets,and the ownership of that SBT can be used to unlock certain privileges for example,access to gated online community spaces.SBTs face a host of challenges.By design,SBTs are public,meaning that the i

152、nformation contained in an SBT is conveyed to all,which could limit the use of privacy-enhancing features such as selective disclosure.There are considerable privacy and data-protection challenges with storing anything on-chain.This is especially alarming in the context of sensitive personal data.Gi

153、ven the immutable nature of cryptoassets,SBTs may not be changeable or revokable.Moreover,as with many cryptoassets,SBTs face an uncertain regulatory landscape.Another concern with SBTs is lack of consent from the user.The issuing of smart contracts can be programmed to mint the token to a receiving

154、 address,but the recipient must receive the token and any data attached to it.Many proponents of SBTs argue that this is a feature,not a bug,yet this may come into conflict with privacy and user control.Nevertheless,stakeholders are developing proposals to address this challenge.2.4 The Digital ID r

155、isks this approach seeks to avoidJust as decentralized ID has the potential to address the shortcomings of the current ID paradigm,increasing efficiency and privacy while expanding access,it also poses significant risks.This section offers an overview of some of the risks created by digital ID,gener

156、ally,that decentralized ID systems seek to avoid.It identifies when decentralized ID systems share the same risks and when they may offer a way to mitigate them.It is worth noting that many of the risks discussed below also apply to analogue,or paper-based,forms of ID.While decentralized ID may miti

157、gate some of these,requiring any form of ID risks exacerbating fundamental social,political and economic challenges as conditional access of any kind always creates the possibility of discrimination and exclusion.66 That is why,in some cases,providers may choose to avoid the use of ID altogether.Cer

158、tain humanitarian organizations,for instance,may opt to provide services to beneficiaries irrespective of their possession of an appropriate ID.As Access Nows#WhyID campaign advocates,governments,organizations and other stakeholders engaging with any approach to ID should carefully weigh the costs a

159、nd benefits of implementing any approach to ID.67 Nonetheless,the use of ID is in many cases required by law.The tension between the opportunities and risks created by decentralized ID is further explored in Section 3.Political risksThe Trust Over IP Foundation,an initiative focused on advancing int

160、ernet digital trust hosted by the Linux Foundation,has recently released a paper warning that,in some cases,digital ID may weaken democracy and civil society.68 For example,digital IDs issued by social media companies can contribute to political polarization by reinforcing group identities.While dec

161、entralized ID offers a way for individuals to exercise greater control over their personal data,depending on its use context,it could still contribute to polarization.Data exploitationCertain forms of digital ID risk opening the door to data exploitation.If credentials are stored centrally,or access

162、ible by organizations seeking to commodify data,then creating expansive digital ID ecosystems could increase the risk that personal data becomes marketized.69 Sensitive data,such as biometrics,carry a high risk of exploitation.For instance,biometrics can be exploited through“man-in-the-middle”attack

163、s,where attackers gain access to biometric data that they can in turn use to access an individuals financial resources.This is especially concerning in the case of marginalized communities such as refugees because it can facilitate discriminatory targeting.70 Generally,the best policy when it comes

164、to highly sensitive data such as ethnic affiliation is to not collect it at all because these are likely vectors for marginalization or oppression.Decentralized ID aims to mitigate this risk by enabling individuals to store their data themselves or in a way that provides greater user control,prevent

165、ing organizations from accessing their information without consent.A crucial aim of decentralized ID,but one that is difficult to achieve,is to create accessible,easy-to-use tools that enable anyone to exercise control over their information.However,if individuals use third-party intermediaries to h

166、elp manage their data,the risk of data exploitation could return.Given the immutable nature of cryptoassets,SBTs may not be changeable or revokable.Moreover,as with many cryptoassets,SBTs face an uncertain regulatory landscape.Reimagining Digital ID17Much of this risk stems from linkability.If a par

167、ty can link data across domains through the use of a common identifier,then individuals may be tracked by parties seeking to exploit their data.This challenge stems from the use of the same identifier,or from data being stored in the same location.Implementation choices,including how wallets manage

168、decentralized identifiers(see Section 2.3),can enable decentralized ID systems to minimize these risks.Decentralized ID systems are not a panacea for the risk of data exploitation,but,through careful choices,they can help mitigate it.Technical risksDigital ID also creates technical risks.Even if dat

169、a collection is minimized,digital ID systems still give rise to the possibility of data leakage or theft.These risks can be compounded by digital technologies.A stolen digital credential can be used to rapidly access services against the wishes of the holder.Likewise,issuers of credentials may not b

170、e able to maintain the identity life cycle,which could weaken the trustworthiness of the credential.Although decentralized ID aims to minimize data collection and data storage,it still risks increasing the collection of sensitive personal data,opening the possibility of theft or leakage.Moreover,dec

171、entralized ID systems have technical risks and limitations of their own,as discussed in detail in Section 2.3.Risks of exclusion,marginalization and oppressionPerhaps the greatest risks arising from digital ID are exclusion,marginalization and oppression.As Privacy International has argued,the poten

172、tial social risks of digital ID are great;it could enable discrimination and exclusion and magnify existing forms of discrimination,exclusion and inequality.71 These challenges are not limited to low-and middle-income countries,but are prevalent across many jurisdictions.Indeed,about 21million Ameri

173、cans do not possess official ID.72 Several reports have identified a link between a lack of official ID and exclusion from full participation in society.Yet by reifying conditional access,ID is,by its very nature,exclusionary.It is often members of historically marginalized groups who face the harsh

174、est forms of exclusion.73 The majority of digitally excluded individuals worldwide are women.74 In cases where sensitive data is collected,there are also risks of marginalization and oppression,with ID being used to facilitate the identification,surveillance and persecution of individuals or groups.

175、75Moreover,even if a programme is designed with inclusion as an explicit goal or requirement,implementations may encounter challenges of coerced consent stemming from power imbalances.Indeed,mandating inclusion does not necessarily address the risk of bad actors using data maliciously.As an ID syste

176、m expands,the consequences of not participating in it can become so severe as to make registration effectively unavoidable.76 When access to a good or service is conditioned upon the possession of a form of ID,and that ID is widespread,individuals may be effectively coerced into obtaining that form

177、of identification,even if there is no legal basis for requiring it.Likewise,for populations lacking digital literacy,it may be impossible to obtain meaningful informed consent.As Section 4 explores further,stakeholders must critically examine the benefits and risks of an ID system and act accordingl

178、y.Although possible features of decentralized ID such as selective disclosure may offer individuals more opportunities to reduce information-sharing,broader social,economic and political considerations may make non-registration effectively impossible.While many of the above risks are a product of so

179、ciopolitical dynamics,some can be mitigated by technology,policy and governance.Section 4 provides recommendations on how to do this.Reimagining Digital ID18Barriers to implementation3Efforts are already being made to scale decentralized ID.The European Digital Identity initiative,for example,will o

180、ffer a personal digital wallet for EU citizens,residents and businesses to gain access to public and private EU services.Reimagining Digital ID19The principles of the European Digital Identity align with the vision of decentralized ID,and its adoption could provide access to this model for hundreds

181、of millions of EU citizens.77 Similar efforts are ongoing in other regions across the globe.Yet despite the many years of work by government,industry,civil society and academia to address the problems with the current ID paradigm,alternative approaches to ID have yet to achieve mass adoption.To unde

182、rstand how to address the shortcomings of the current ID paradigm,it is useful to explore why decentralized ID,one approach to potentially enhancing privacy,access and effectiveness,has not yet been widelyadopted.3.1 TechnicalA variety of technical challenges are slowing the development of these sys

183、tems.This section focuses on technical immaturity and a lack of standards alignment,fit-for-purpose user-experience design and more.Perhaps most critically many of the underpinningtechnologies(outlined in Section 2.3)remain relatively immature.The underlying standards and proposals remain subject to

184、 redesign and redevelopment,which can necessitate changing protocols and sometimes even entire solutions.For example,developers are still experimenting with ZKPs to make features such as revocation,recovery and back-ups practicable.78The quickly evolving nature of these technologies can make some or

185、ganizations hesitant to engage with decentralized ID.Because models of decentralized ID necessitate a paradigm shift with respect to how data is verified,recorded,stored and released,switching to a decentralized model can require high upfront development costs and even in some cases necessitate the

186、overhaul of legacy systems.While a hybrid approach,where providers gradually shift from centralized to decentralized,or use decentralized components,may be possible,these strategies are still likely to face technical challenges.For example,the VC data model and key technical standards underpinning d

187、ecentralized ID continue to undergo revisions.The W3C VC Data Model v1.0 was approved in September 2019 and subsequently updated to v1.1,released in March 2022.However,the W3C Verifiable Credentials Working Group was reconvened in September 2022,and a V2.0 standard is expected in September 2024.Even

188、 if robust standards do exist,stakeholders may not be aligned on their approach.Challenges of standardization can create obstacles to achieving interoperability,or the capacity of systems to exchange information.Without interoperability,digital ID systems risk creating vendor lock-in,effectively for

189、cing individuals to use a single provider or set of providers due to the high costs of switching to a new vendor.Without the ability to port data from system to system,decentralized ID implementations cannot achieve their vision of user-centricity.Many decentralized approaches also lack effective us

190、er-interface and user-experience design.The difficulties of managing cryptography-based assets using present-day technology are well documented.79 Developing similar systems for the management of ID credentials could result in many of the same challenges.Some of these challenges stem from a lack of

191、technical development.For instance,user account key changes and recovery continue to be areas requiring fit-for-purpose technical solutions.Others require the attention of designers,users and other stakeholders.80 Still,even if these technologies become easier to use,their scale will depend in part

192、on user education and the extent to which individuals are able to develop the skills necessary to manage wallets and private keys.Switching to a decentralized model can require high upfront development costs and even in some cases necessitate the overhaul of legacy systems.This section offers an ove

193、rview of some of the major possible reasons why decentralized ID has not yet been widely adopted.The causes can be divided into technical,policy,and governance and implementation challenges.Where helpful,case studies are provided to ground the analysis in practice.These case studies span centralized

194、 and decentralized systems and are intended to illustrate the points being made.Section 4 provides a set of recommendations for how to implement and scale decentralized ID by addressing these challenges.20Reimagining Digital IDIATA Travel PassBOX 3IATA Travel Pass was a decentralized ID system desig

195、ned to enable airlines,governments and others to verify credentials while preserving the privacy and security of personal data.It was devised in 2020 by the International Air Transport Association(IATA),a trade association representing roughly 300 airlines in 120 countries carrying 83%of the worlds

196、air traffic.Travel Pass,a response to the COVID-19 pandemic,used a decentralized credential exchange platform developed by decentralized digital identity company Evernym(now part of Gen Digital Norton/Avast)to enable users to control their data while gaining access to services.81The Travel Pass app,

197、now decommissioned and absorbed into IATAs OneID initiative,was created to help citizens,airlines and governments facilitate a safe return to travel during the pandemic.The International Civil Aviation Organization(ICAO)estimates that the COVID-19 pandemic resulted in the loss of roughly$372 billion

198、 gross passenger operating revenues for airlines in 2020 alone,as compared with 2019 levels.82 By providing credentials attesting to the veracity of claims of an individuals COVID-19 status,Travel Pass aimed to help airlines access information on individuals without compromising individual privacy.R

199、ather than use analogue documents,Travel Pass provided VCs to facilitate airline processes.Likewise,Travel Pass used a decentralized approach to data storage,where personal data was stored by individuals on their local device.Individuals controlled access to their data,with no information stored in

200、a central database.83Travel Pass implemented privacy-enhancing techniques through the use of VCs and DIDs.With Travel Pass,a test lab issued a credential to an individuals local device.With a new identifier generated for each interaction,every relationship was unique,decreasing the chance of reident

201、ification through correlation.With the COVID-19 pandemic dramatically reducing air travel,a moment of crisis created the opportunity to implement Travel Pass as the losses accruing to the travel industry galvanized an effort to create a safe return to travel.Initiatives such as the Good Health Pass

202、Collaborative offered a forum for creating cross-sectoral collaborations to this end.84Nevertheless,Travel Pass encountered user-experience and system-development challenges.Its design was not user-friendly,which made it difficult for some users to take advantage of its privacy-preserving benefits.T

203、ravel Pass also faced business limitations that made it difficult to scale.As countries and airlines recovered from the impacts of COVID-19,the Travel Pass project was retired.The learnings and feedback from this new credentials-based approach to digital ID have been transferred to other parts of IA

204、TA,including the New Distribution Capability(NDC)85 and OneID86 programmes.Further work on travel standards and passenger experiences using verifiable credentials continues.Some decentralized ID systems may also confront infrastructure limitations.Although only some decentralized ID systems use dist

205、ributed ledger technology(DLT),those that do may face issues of technical scalability.As has been well explored,due to its computation-intensive nature,blockchains that use certain consensus mechanisms,such as the proof-of-work-driven Bitcoin blockchain,may face scaling challenges.87 Likewise,blockc

206、hains using alternative consensus mechanisms may risk centralization.Nonetheless,a wide variety of efforts are under way to try to address the scaling challenges faced by blockchains.88Certain supporting technologies,proposals and standards for decentralized ID may also encounter their own privacy c

207、hallenges.VCs,for example,if over-requested by many parties,could contribute to data exploitation and may encounter regulatory challenges.89 If issuers decide to hold data about the credentials they issue and verifiers store data to fulfil business and regulatory requirements,data can become partial

208、ly centralized,which risks recreating some of the challenges of the contemporary ID paradigm.Likewise,decentralized ID is also adversely affected by proprietary technologies and centralizing practices.The widespread use of federated ID systems managed by large,centralized organizations using proprie

209、tary technologies can engender practices of control that favour the status quo,reinforcing the current ID paradigm.This can have the effect of creating vendor lock-in,limiting individual choice and habituating users to legacy approaches to ID.Reimagining Digital ID213.2 PolicyThere are also policy c

210、hallenges to the development of decentralized ID;this section offers a summary of these,including a lack of high-assurance official ID and enabling policies.Policy objectives vary by jurisdiction;when presenting a policy challenge limited to a specific jurisdiction,the report notes it as such.This s

211、ection also provides examples of government-led ID programmes and an overview of resources offering guidance for addressing these limitations.One reason why policy can limit the utility of this approach is that certain jurisdictions may not be committed to providing high-assurance official ID.Roughl

212、y 21 million Americans,for instance,do not possess official ID.90 Those who do have a form of ID are often dependent on functional IDs,such as drivers licences and passports,to vote,cross borders,open bank accounts and more.Many of these functional IDs lack high-assurance verifiability,increasing th

213、e possibility of identity fraud and exclusion and limiting utility.Although decentralized ID is inherently multistakeholder,governments are likely to play an important role in ID ecosystems,given their ability to provide official ID for identity binding,which is the process by which a holder and a c

214、redential are linked.While users may benefit from decentralized ID without an official ID,its utility may be curtailed.Government of Kazakhstan GovTechBOX 4As part of its GovTech Pyramid,which consists of infrastructure,data,business processes,identification and service layers,the Government of Kaza

215、khstan reports that it has transferred 90%of its public services online while providing access for citizens through a centralized ID system.Via their digital ID,people can perform functions such as registering for e-government services and obtaining digital signatures and services.Through an easy-to

216、-use app,they can obtain digital documents to access services for example,they can submit an electronic application for marriage registration.Registration certificates are issued and revoked by the relevant ministry.In some cases,lawmakers may face challenges when creating regulatory frameworks that

217、 support the use of this approach to ID.For example,in the US,an absence of sufficiently enabling policy effectively discourages leveraging reusable credentials to fulfil know-your-customer processes.91 More broadly,existing regulations that are premised upon the existence of an intermediated compli

218、ance regime could obviate many of the benefits of decentralization.92Reimagining Digital ID22Opportunities and Challenges of New Technologies for AML/CFTLouisiana WalletBOX 5BOX 6The Financial Action Task Force(FATF),an intergovernmental organization focused on developing policies to combat money la

219、undering,has produced guidance on digital ID policies,providing recommendations for virtual asset service providers and other stakeholders to help them implement new technologies in pursuit of effective AML/CFT measures in their operations.The FATF argues that properly implemented digital ID can enh

220、ance the efficiency,accessibility and security of financial transactions.It identifies money laundering,terrorist financing and other forms of financial crime as risks.To combat these risks,FATF recommends that digital ID be accompanied by the development of robust,fit-for-purpose AML/CFT regulation

221、s.FATF recommends that government and industry keep pace with technological change by encouraging stakeholder engagement,implementing uniform regulations where possible,developing technical and cybersecurity expertise to improve data management,and attempting to educate and raise awareness of the po

222、tential of these technologies.Louisiana Wallet,an implementation of the mDL standard,was released in 2018 as a multi-credential digital identity wallet.Upon its initial release,some residents did not find the wallet useful,though later usage rates were significantly higher.At release,Louisiana Walle

223、t encountered difficulties due to a lack of enabling policy,utility and app errors.Initially,the mobile drivers licence contained in the app was only legally required to be accepted in interactions with law enforcement.As of 2021,many retail establishments and restaurants still did not accept the ap

224、p as a form of identity/age verification,even though the state had since passed legal requirements to do so.93 Many of these establishments cited a lack of enforcement penalties,combined with the technical difficulty of retaining identity and age verification logs for compliance purposes,as the main

225、 reason why they continued to refuse the app for verification even after being required to do so by law.Moreover,the app continues to have technical errors.94 There has been an improvement in enforcement since 2021,and many technical issues have been addressed since release.Some Louisiana residents

226、have found the multi-credential digital ID wallet useful.Now,in addition to drivers licences,it can hold hunting and fishing licences and has been downloaded on roughly 1.5 million Louisiana residents smartphones.95A lack of political will may also be an obstacle to achieving decentralized ID.Withou

227、t a mandate to foster innovation,stakeholders may not be sufficiently incentivized to take the steps necessary to achieve enhanced user privacy and security.Without action from policy-makers to provide incentives for the development of privacy-enhancing technologies,such systems may not be realized.

228、Existing regulations such as the EUs GDPR and proposed regulations such as the American Data Protection and Privacy Act(ADPPA)attempt to help fill this gap.While these privacy regulations are not directly related to digital ID,developing privacy-preserving models of ID could help fulfil their goals.

229、There remains a need for policy to help realize the principles articulated in section 2.2.To this end,Section 4 offers several recommendations for policy-makers.3.3 Governance and implementationThere are several reasons in addition to technology and policy why it remains difficult to realize decentr

230、alized ID.This section offers an overview of the governance and implementation barriers,which include communications,utility,economic viability and exclusion-related obstacles.It also provides examples spanning centralized and decentralized ID,where helpful,to further illustrate the analysis.Broadly

231、,decentralized ID systems face a communications challenge.Explaining the benefits of any novel technology can be difficult;this is especially true for a solution such as decentralized ID that combines several technologies.Yet in the case of ID,there is an especially high communications barrier,made

232、worse by the myriad conspiracy theories linking digital ID to untrue and malicious speculations.96 Moreover,although many institutions and individuals continue to push for enhanced privacy,many may not recognize the relationship between digital ID and personal data and how developing decentralized I

233、D systems could help improve individual privacy.Additionally,while individuals may in theory want greater privacy,convenient technologies that offer less privacy may be more appealing to them in practice.A lack Reimagining Digital ID23of recognition of the importance of digital ID can create a lack

234、of user demand,stymieing efforts to scale decentralized ID.The communications challenge stems in part from a lack of clear utility.While ID underpins many critical social,economic and political activities,it is fundamentally a means to an end;developing a compelling case for any form of digital ID r

235、equires demonstrating clear utility to important stakeholders including governments,organizations,communities and individuals.Without an understanding of how ID will help achieve tangible goals,implementers will likely continue to face challenges.Decentralized ID stakeholders also face the challenge

236、 of developing effective business models.Without a viable set of incentives,networks of issuers and verifiers may not be able to scale.Some stakeholders believe that ID ought to be a public good.Scaling decentralized ID,they argue,requires public-sector investment in ID.97 For example,some nations a

237、re beginning to understand digital ID as a prerequisite to developing a central bank digital currency(CBDC)and other payment innovations.If approached as a digital public good,with governments shouldering the burden of cost,decentralized ID may be able to achieve scale without an effective business

238、model.For those who believe that these systems require a viable commercial model to succeed,a prevalence of closed-loop applications and a lack of open ecosystems create challenges.It can also be difficult for participants to align on a trust or governance framework for implementation.Governance fra

239、meworks provide tools for decision-makers and implementers to specify the policies and rules that the members of a community must follow to enable effective,trustworthy implementations.Such governance frameworks may help address questions of liability in decentralized systems.However,since the effec

240、tiveness of a decentralized ID system is dependent upon the stakeholders participating in an ecosystem,developing governance models that incentivize each participant while providing effective rules of the road is imperative.Another difficulty is the absence of effective mitigation strategies for the

241、 challenge of exclusion.Even in implementations that explicitly focus on advancing inclusion,exclusion remains a persistent challenge.Without effective guardrails against exclusion,making the case for any form of digital ID becomes more challenging still.Fully addressing the challenge of exclusion r

242、equires grappling with the digital divide and developing systems that can function in low-and no-connectivity environments.Fragmented and uneven access to digital tools and services,as well as a lack of basic digital literacy,can stymie the progress of any technical solution,especially one as comple

243、x as decentralized ID.Indeed,even in areas with connectivity,individuals can be excluded from participation in the digital world due to factors including cost,language and literacy.Fully addressing the challenge of exclusion requires grappling with the digital divide and developing systems that can

244、function in low-and no-connectivity environments.Reimagining Digital ID24Recommendations4Technical,policy,governance and implementation tools are available to stakeholders seeking to realize decentralized ID.Reimagining Digital ID254.1 TechnicalThere are a variety of ways in which stakeholders can c

245、ontribute to the development of decentralized ID systems from a technical standpoint,including investing in technology and standards development,sharing lessons learned and collaborating with designers.1 Invest in technology development and implementationTo mature this approachs underpinning technol

246、ogies,stakeholders can invest in their development and,if necessary,close funding gaps that prevent scaling this vision.Areas that require continued technical development include developing technology and proposals to support key changes,recovery and revocation.Stakeholders can derisk upfront invest

247、ment in technical development by taking an ecosystem approach to funding,reducing upfront costs for individual participants,and by considering market dynamics in structuring such approaches.Several resources exist to aid this process.98 Likewise,by committing to piloting and implementing these syste

248、ms,stakeholders can further support their development.2 Allocate resources to standards development and alignmentDirecting financial and knowledge capital can help fill crucial gaps in the decentralized ID environment.Developing fit-for-purpose technical standards may also have the effect of improvi

249、ng other models of digital ID.It may be useful to engage existing public-private partnerships and standards-setting organizations in developing technical standards and generating buy-in to help realize shared objectives such as interoperability.For example,the OpenWallet Foundation is a consortium c

250、ollaborating to advance the adoption of secure,interoperable digital wallets.Likewise,governments can work to create greater collaboration between industry-led standards-setting bodies and public-sector agencies.In this process,existing organizations such as the W3C can be helpful resources.In addit

251、ion to developing standards,it is also critical that stakeholders collaborate to align on standards.On a related point,stakeholders developing technical standards should consider whether there is a possibility to apply specifications across use cases.3 Support a multi-ecosystem approachWhile converg

252、ence on underlying standards is crucial to digital ID,future implementations will likely feature multiple distinct ecosystems of verifiers and issuers,each of which may need to develop or adapt its own technical standards,governance frameworks and more.Developing foundational standards that can supp

253、ort this multi-ecosystem approach to ID could help scale this approach.Likewise,creating processes to foster a robust ecosystem of verifiers,such as standards on trusted verifiers,can help decentralized ID scale.4 Capture and share lessons Generally,there is a need to move beyond a one-off pilot-bas

254、ed approach to decentralized ID.If an organization is piloting technology relevant to this model,it can benefit the ecosystem by ensuring that pilots are not only open-sourced but also sufficiently well documented so that learnings can be disseminated widely.Attempts to develop decentralized ID enco

255、unter barriers to mass adoption.Section 2 offered an overview of this approach to ID and Section 3 theorized on the obstacles to realizing it.This section offers practical recommendations for stakeholders seeking to realize decentralized ID.Rather than advocate for the development of these systems,t

256、his report advises stakeholders to carefully weigh the benefits and drawbacks of different approaches to ID,including using none at all.For those who decide that adopting decentralized ID,either in whole or in part,is the right approach for their goals,this section offers a set of recommendations.Cr

257、itically,though this section is divided into technical,policy and governance and implementation recommendations,digital ID requires collaboration across technology and policy.Indeed,developments in policy,technology and implementation will have important ramifications for one another.Thus,while this

258、 section divides these recommendations into three sections,it also includes recommendations for each key audience(policy-makers,regulators and executives)across these categories as a way of advocating for a holistic approach to the development of an ID strategy.Reimagining Digital ID265 Invest in pr

259、ivate-sector talent developmentTo address the challenges of change and process management,stakeholders may benefit from investing in talent development focused on decentralized ID.Where helpful,training and certification programmes can provide a mechanism for development as well as a means of provid

260、ing incentives for individuals.Supporting and resourcing cross-organizational collaboration such as in open-source,open-standards and co-development organizations is one way to bolster skills and cultural development.6 Collaborate with designersTo overcome design obstacles,stakeholders can collabora

261、te with experienced product leaders,human-centric design researchers and other experts to develop enhanced user-interface and user-experience designs for these systems.One area of development that could benefit from design thinking is simplifying user-management processes for ID credentials.4.2 Poli

262、cyPolicy objectives,as well as available mechanisms,vary by jurisdiction.This subsection provides generic policy recommendations that can be adapted according to locale.1 Evaluate existing regulatory frameworksA crucial first step towards realizing the benefits and mitigating the risks of this appro

263、ach to ID is to examine existing regulatory frameworks for any alignment or misalignment with the objectives of decentralized ID.Lawmakers should consider whether laws,policies or regulations entrench systemic barriers to this approach.They should also consider what unique benefits these systems cou

264、ld bring to their constituents for example,such approaches to ID facilitate dynamic policy refresh,where policies can be updated at predetermined intervals.2 Consider altering existing policiesIf specific laws and policies curtailing this approach exist,such as policies preventing or discouraging re

265、usable credentials,officials may seek to alter them.Critically,stakeholders should attempt to understand how any policy changes would affect the liability of the various parties in a credential Reimagining Digital ID27exchange.Addressing issues of liability may require governments to establish rules

266、 and processes for trusted issuers and validators,creating criteria regarding which stakeholders can become validators and how validation ought to occur.3 Explore the development of enabling regulationGovernments can also explore the development of enabling regulation.For instance,there remains a ne

267、ed for governments to define requirements for verifiers and wallets.Developing an auditing process can also help to ensure conformity with requirements.Certification processes developed through public-private collaboration can help implement policies on trusted validators.Authorizing legislation can

268、 enable governments to provide clear objectives for industry without prescribing specific technologies or approaches.Governments should resist the tendency to look at decentralized ID as primarily a banking and KYC issue,and consider the broad contexts in which ID is used in society.They should seek

269、 to understand how decentralized ID could further policy objectives and how enabling regulation could help progress them.Furthermore,governments should seek to balance competing priorities,such as security and privacy,in developing enabling regulation that suits a given set of policy objectives.One

270、example of government-led enabling regulation is the European Unions eIDAS,which ensures that individuals can use national ID schemes to access public services across the EU and creates a European internal market for trust services.99 Building upon this effort,the proposed EU-wide digital wallet ini

271、tiative is an effort to initiate a scheme for member countries to create interoperable digital wallets for EU citizens.European digital identity wallets will need to be approved and built with privacy-by-design,security-by-design and open-source software.The European Digital Identity Framework Board

272、 will develop an updated governance framework and collaborate with the European Union Agency for Cybersecurity in applying eIDAS regulation in relation to cyberthreats.1004 Provide incentives for the development of privacy-enhancing technologiesWhether creating new policies or enforcing existing one

273、s,government stakeholders can help realize the benefits of decentralized ID by providing incentives to develop privacy-enhancing technologies.For instance,sweeping data-protection regulations such as the EUs GDPR designed and enforced at the national level can create incentives for parties to produc

274、e technologies in line with privacy and user-centricity.Without new rules,it may be difficult to achieve adequate incentives for the development of these technologies.Moreover,by addressing centralizing practices that entrench current approaches to ID,governments can help avoid vendor lock-in and en

275、courage innovation.Governments can also explore funding projects where there is the possibility of developing advances in privacy-enhancing technologies.101 28Reimagining Digital ID5 Consider developing data portability policiesBy enshrining and enforcing policies on data portability,governments can

276、 help ensure that ID systems are open and competitive.For example,to avoid lock-in effects,the European Digital Identity wallet mandates that users must have full control of their data.6 Set requirements for interoperabilityRather than attempting to develop these systems themselves,governments can s

277、et requirements for the development of an interoperable,open ID system and allow industry to develop solutions according to set criteria.Such an approach is being trialled in the European Union with the proposed EU Digital Identity Wallet initiative.7 Explore the use of transitional mechanismsPolicy

278、-makers and regulators may find benefits in transitional mechanisms such as the creation of a regulatory sandbox to enable innovators to experiment with new technologies,gaining useful insights and then improving upon them.And policy-makers may find the use of safe harbour provisions to support inno

279、vation in sandboxes advantageous.However,if governments decide to develop a sandbox,they should seek to provide clarity to stakeholders about its role in broader efforts.These transitional mechanisms can enable governments to explore hybrid approaches to implementing decentralized ID systems that in

280、tegrate some components of legacy systems with newer models.8 Consider creating specialized regulatory unitsGovernments may benefit from developing specialized regulatory units with qualified staff to undertake these efforts to create a decentralized ID system.Through collaborating with industry and

281、 other governments,such units can draw attention to areas in need of review.A nuanced understanding of the benefits of decentralization is crucial to the development of an effective ID strategy.To facilitate this,governments can consider funding research efforts to clearly identify the benefits for

282、their citizens of decentralized ID,while also flagging its risks.9 Consider equipping agencies to develop future-forward policiesThere is considerable dynamism in digital ID,and the technologies,policies,standards,markets and stakeholders are continuously evolving.To shepherd positive outcomes in di

283、gital ID and other fast-moving technology sectors,government entities should consider equipping existing agencies with the tools required,or in some cases creating agencies,to support the development of future-forward technologies capable of achieving policy objectives.10 Invest in public-sector tal

284、ent developmentBroadly,governments and regulatory agencies may find benefit in investing in developing in-house expertise on these topics.There is a need for more educational opportunities for policy-makers focused on different models of ID,especially programmes capable of articulating the connectio

285、n between digital ID and various policy objectives.By using existing training programmes,as well as fora for collaboration,agencies can upskill their staff to better keep pace with technical developments.Further,by promoting opportunities for technologists and policy-makers to communicate directly a

286、nd learn from each other,both groups will be better able to articulate the relevant technical and policy capabilities and goals,leading to technical artefacts that will be better crafted to meet current and future policy requirements.11 Encourage public-private collaborationGovernment stakeholders c

287、an also foster collaboration across the public and private sectors,where possible using existing initiatives,to ensure a robust flow of information between government and industry.These efforts should help to clearly articulate the benefits and risks of this vision of ID to lawmakers and their const

288、ituencies.Governments can also use international fora to ensure that their efforts and any lessons learned are shared across jurisdictions to facilitate a flow of best practices and other useful information.Policy-makers may also need to consider allocating funds to subagencies to modernize IT infra

289、structure to ensure it conforms with the principles articulated inSection 2.2.Reimagining Digital ID2912 Develop high-assurance credentialsAlthough decentralized ID makes possible an approach in which credentials are issued by participants throughout the system,official IDs issued by governments rem

290、ain a crucial ingredient if individuals are to receive the full benefits of digital ID.In jurisdictions where individuals lack an official ID,government stakeholders may address this by increasing access to high-assurance credentials.These efforts should seek to evaluate the level of assurance of th

291、e credentials created,considering factors such as the method of identity-proofing.13 Leverage governance frameworks Another approach to enhancing these systems is to use governance frameworks,which provide tools for decision-makers and implementers to specify the policies and rules that the members

292、of a community must follow to enable effective,trustworthy implementations.Examples of governance frameworks include the Trust Over IP Foundations Governance Architecture Specification and Governance Metamodel Specification.102 Forthcoming outputs will offer stakeholder-specific recommendations for

293、developing trustworthy ID ecosystems.103 These governance frameworks may also be helpful in addressing questions of liability in decentralized systems.4.3 Governance and implementationBeyond policy and technology,there are a variety of ways in which stakeholders can help realize a decentralized appr

294、oach to ID.This subsection offers governance and implementation recommendations on topics ranging from communications to utility to ethical standards,which stakeholders may draw upon to develop effective decentralized ID systems.1 Clearly communicate the benefits and risksAs explored in Section 3.3,

295、one obstacle to decentralized ID is a lack of user demand,stemming in part from communications challenges.To address this,stakeholders can create and disseminate accurate,coherent explanations of this approach and how it can help individuals,highlighting benefits such as privacy,control and efficien

296、cy.These communications campaigns should explain the link between privacy and digital ID and seek to counter misinformation and conspiracy theories related to digital ID.They should also clearly articulate the risks of these systems.2 Increase system utilityAnother way to address the issue of user d

297、emand is to develop decentralized ID with a clear use case or function.By increasing the utility of decentralized ID Reimagining Digital ID30systems,stakeholders will be able to demonstrate their benefits more clearly.For example,governments wishing to develop a useful ID system could create systems

298、 that enable access to public assistance.Linking ID with a variety of uses can also expand the network of stakeholders committed to this.Existing initiatives may offer an opportunity for governments to modernize their approach to ID,by creating enabling environments for the development of trusted,pr

299、ivacy-preserving ID systems.3 Target use cases with low barriers to entryIn developing a utility-based approach to scaling decentralized ID,it is worth considering what use cases exist with relatively low barriers to entry.For example,efforts to develop education or skills credentials are likely to

300、encounter fewer regulatory barriers than financial services use cases.Groups such as the Digital Credentials Consortium and Learning Economy Foundation are already exploring these use cases.When considering use cases,it can be helpful to take a risk-based approach,mapping out potential obstacles to

301、scale and identifying achievable goals for instance,easier-to-adopt use cases that can be implemented by private-sector providers and provide clear utility.4 Develop and enact strategies to mitigate exclusion,marginalization and oppressionThere remains a need for industry,government,civil society an

302、d academia to develop strategies to address exclusion,marginalization and oppression.Basic functional requirements for digital ID systems can serve as a starting point for doing so.For example,stakeholders can consider reducing barriers to the development of digital ID by lowering the costs of found

303、ational technologies and working with designers to make these solutions accessible for users with minimal digital literacy.This is especially crucial in environments where a lack of infrastructure and connectivity limits the effectiveness of digital tools.Likewise,by developing trusted wallets that

304、are easy to use,stakeholders can enable broader access to services.Fully addressing the issue of exclusion also requires closing the digital divide.By providing digital tools,services and education to individuals who need them,stakeholders can broaden access.Where providing digital tools is not poss

305、ible,stakeholders may also find benefit in using analogue approaches to ID that preserve privacy.In developing strategies to address these challenges,stakeholders should seek to assess whether a given use case requires ID at all.Just because the technologies exist to support these approaches does no

306、t mean that they should be required in all cases.Indeed,there are some instances where requiring any form of ID is deemed unnecessary or undesirable.5 Leverage localized research and ethical standardsStakeholders seeking to implement this vision can also benefit from context-specific,on-the-ground r

307、esearch assessing the potential for exclusion and developing mitigation strategies.Resources modelling a human-centric approach to ID research exist.104 Assessing exclusionary potential should be done on a regular basis as circumstances can shift rapidly due to sociopolitical factors.Law and policy,

308、as well as governance frameworks,can also be used to help counter the risk of exclusion.Nonetheless,efforts aimed at addressing exclusion should carefully consider the potential for coerced consent,especially among vulnerable populations.Likewise,using established and trusted ethical standards throu

309、ghout the design,development and implementation phases can help mitigate risks.Reimagining Digital ID31ConclusionDecentralized ID has the potential to increase access and privacy while improving efficiency and effectiveness.Yet it also poses risks of its own and faces obstacles.Central to developing

310、 effective approaches to ID is asking what purpose ID should serve in modern society.While the existing laws,policies and practices to which this report refers as the contemporary ID paradigm are central to safeguarding individuals and institutions,they also create inefficiencies and risks,undermine

311、 privacy and exclude the roughly 850 million people worldwide without any form of official ID.105 Decentralized ID is one approach that has the potential to address some of the shortcomings of this paradigm.Yet it also poses risks and faces significant obstacles in scaling.This report has provided a

312、n assessment of decentralized ID from a policy and technical standpoint.It has offered tools,frameworks and recommendations for lawmakers,regulators and industry leaders seeking to engage with decentralized ID.Recognizing that ID strategies will vary across jurisdictions,use cases,cultures and more,

313、it has not provided a one-size-fits-all set of recommendations but an overview of the advantages and disadvantages of decentralized ID compared to other models of ID.For stakeholders choosing to take this approach,tools and recommendations were provided to help them realize its benefits and mitigate

314、 its risks.As with all forms of ID,implementing this model is a complex undertaking that should not be separated from its social,political and economic contexts.It remains to be seen whether this approach will achieve mass adoption and what its real-world impact will be.While proponents see it as a

315、means of expanding access and enhancing privacy,critics view it as immature and risk-prone.If efforts to realize decentralized ID have yet to provide answers to fundamental questions about the role of ID in modern society,they have raised important considerations that can be used to help stakeholder

316、s reimagine and perhaps even realize ID in a manner that is more effective,inclusive and empowering.Reimagining Digital ID32ContributorsAcknowledgementsWorld Economic Forum Lead AuthorAiden SlavinProject Lead,Crypto Impact and Sustainability Accelerator,World Economic Forum,USAWorking Group ChairsKi

317、m Hamilton DuffyDirector of Identity Standards,Centre,USA;Chair,Technical Working Group,World Economic Forum Digital ID InitiativeJustin NewtonChief Executive Officer,Netki,USA;Chair,Policy Working Group,World Economic Forum Digital ID InitiativeEthan VeneklasenHead of Advocacy and Communications,ID

318、2020,USA;Chair,Impact Working Group,World Economic Forum Digital ID InitiativeSincere appreciation is extended to the following working group members,who committed hours to offering expert insights and providing feedback on drafts.Their efforts are foundational to the success of this work.Sylvia Ara

319、n Technical Sales Director,Polygon Labs,Switzerland Daniel Bachenheimer Global Lead Unique Identity Services,Accenture,USAMoushmi Banerjee Senior Software Architect,Okta,USAJustin Banon Co-Founder,Boson Protocol,United KingdomChancellor Barnett Chairman,Jewel Bank,USAErick Xavier Franco Bass Sr Asso

320、ciate Technical Sales,Polygon Labs,SpainDuane Block Managing Director,Accenture,USAJoni Brennan President,Digital ID&Authentication Council of Canada,CanadaJuan Caballero Executive Director,Chain Agnostic Standards Alliance,GermanyBen Cessa Chief Technology Officer,AID:Tech,MexicoWayne Chang Chief E

321、xecutive Officer,Spruce Systems,USAPaola Del Vitto Digital Identity&Artificial Intelligence Strategy Lead,Italian Banking Association,ItalyEugenio DiMira Vice-President Revenue and Product Strategy,Finclusive,CanadaAmos Doornbos Director of Strategy&Systems,World Vision,United KingdomEdward Duffus D

322、irector of Product Strategy and Sustainability,OpenCRVS,FranceJohannes Ebert Business Developer,Spherity,GermanyCecilia Emilsson Policy Analyst,Organisation for Economic Co-operation and Development,FranceChris Ferreira Senior Program Manager,Digital ID&Authentication Council of Canada,CanadaTom Fis

323、her Senior Research Officer,Privacy International,United KingdomMerryl Ford Digital Transformation Specialist,Council for Scientific and Industrial Research,South AfricaLucia Gallardo Chief Executive Officer,Emerge,United KingdomDaniel Goldscheider Founder,OpenWallet Foundation,SwitzerlandDakota Gru

324、ener Independent,USAReimagining Digital ID33Trev Harmon Director of Technology,ID2020,USANicky Hickman Advisor,cheqd,United KingdomJake Hirsch-Allen Advisor,Readocracy,USASanjay Jain Partner,Bharat Innovation Fund,IndiaTaylor Kendal President,Learning Economy Foundation,USANichanan Kesonpat Head of

325、Platform,1kx,ThailandSina Kian Chief Operating Officer,Aleo,USATobias Looker Chief Technology Officer,MATTR,New ZealandDane Lund Head DAO Architect,Alliance DAO,USAViky Manaila Trust Services Director,Intesi Group,ItalyVictor Mapunga Chief Executive Officer,FlexID Technologies,SingaporeNiall McCann

326、Policy Advisor,United Nations Development Programme,IrelandLuke McIntyre Chief Product Officer,MATTR,New ZealandJohn Medel Public Policy Manager,Coinbase,USACalanthia Mei Co-Founder,Masa Protocol,USAOtto Mora Tech Sales Lead,Polygon,Costa RicaMassimo Morini Chief Economist,Algorand Foundation,ItalyM

327、onique Morrow Independent Board Director,Hedera,SwitzerlandDarrell ODonnell Technology&Strategy Advisory,Continuum Loop,CanadaScott Onder Chief Investment Officer,Mercy Corps,USAAlex Popowycz Chief Information Officer,Hedera,USAJohn Reynolds Product Manager,Aleo,USABryn Robinson-Morgan Vice-Presiden

328、t,Mastercard,United KingdomNilmini Rubin Head of Global Policy,Hedera,USAJonathan Rufrano Public Sector&Institutions Lead,Spruce Systems,USAErica Salinas Principal Tech Leader Web3,Amazon,USAPierre Samaties Partner,Roland Berger,United Arab EmiratesClive Smith Executive Director,ID2020,United Kingdo

329、mJamie Smith Product Director,Gen Digital,United KingdomMax Song Chief Executive Officer,Carbonbase,Hong KongCarsten Stcker Chief Executive Officer,Spherity,GermanyElisabeth Sylvan Managing Director,Berkman Klein Center for Internet&Society at Harvard University,USALinda Taylor Technical Program Man

330、ager,Digital Square at PATH,South AfricaStephen Taylor Chief Delivery Officer,Simprints,United KingdomJoel Telpner Chief Legal Officer,IOHK,USAOliver Terbu Director Identity Standards,Spruce Systems,GermanyYiannis Theodorou Global Lead Digital Identity,Tony Blair Institute for Global Change,United K

331、ingdomTomicah Tillemann Chief Policy Officer,Haun Ventures,USAAndrew Tobin Commercial Director Digital Trust Services,Gen Digital,United KingdomBarbara Ubaldi Acting Head of the Division on Open and Innovative Governments,Organisation for Economic Co-operation and Development,FranceJacques von Benec

332、ke Chief Technology Officer,Druk Holdings and Investments,BhutanBenjamin Welby Policy Analyst,Organisation for Economic Co-operation and Development,FranceTom Wilkinson Chief Data Officer,The Scottish Government,United KingdomDanielle Zimmerman Special Counsel,Coinbase,USAReimagining Digital ID34Sin

333、cere appreciation is also extended to the Crypto Impact and Sustainability Accelerator(CISA)team,CISA Steering Committee and the following expert reviewers and advisers for offering insights and providing feedback on the drafts.Hayley Anna Program Assistant,Blockchain Law for Social Good Center,University of San Francisco School ofLaw,USAShlomit Azgad-Tromer Chief Executive Officer,Sealance,USAKim