Global Trusted Identity Framework (GTIF)

A open-standard digital identity solution leveraging the DNS and postal operators to empower user control over their personal data globally.

The conventional approach to digital identity has been for organizations to aggregate personal data in silos, creating a multitude of “honeypots” for hackers. Our solution incorporates federated digital identities, where personally identifying information is validated through a compatible digital identity provided by a user’s preferred Identity Provider (IdP) instead of being aggregated by various online providers. A user’s personal data is held in an escrow that is accessible by online providers only under an established framework of localized rules to provide greater ability to balance various consumer privacy, commercial drivers with other considerations (such as national security and law enforcement needs, due process and evidentiary requirements, data residency and similar requirements), which may vary across jurisdictional borders. Access to the escrow is also subject to challenge under an “ex post” dispute resolution process, and enables providers to confirm or access a user’s personal data in real-time for as long as there is a designated legitimate purpose for doing so.

Our solution is based upon an open standard, technology agnostic framework that is globally discoverable so that it can be used with virtually any user that has access to the Internet. Our solution also enables a user to incorporate verified credentials with their digital identity, where the user may have their identity or specific qualifications confirmed by a trusted source so that it may be relied upon by online providers for services requiring those verified credentials. The solution can be used to verify individuals, their devices, or their sites or content available online.

To illustrate this, we are currently building a prototype for our solution to use for managing access to non-public WHOIS data by verified third parties in manner that is privacy compliant globally, which we will be demonstrating at the ICANN64 global meeting in Kobe, Japan in March 2019.

The prototype proposed in this submission is designed to be implemented by individual national post offices. This solution would not only encompass the digital identity and credentials described above, but would also incorporate the use of a .POST email address.  The .POST top-level domain (TLD) is administered by the Universal Postal Union (UPU), a specialized agency of the UN. In 2009, the UPU was granted the right to operate the .POST TLD by the Internet Corporation for Assigned Names and Numbers (ICANN).

Under the security requirements imposed on the use of all .POST domains, this email account would require email authentication, e.g. DKIM and/or SPF. This approach is modeled in part upon the national digital identity framework of Estonia where, in addition to each digital identity, there is a corresponding .ee email address assigned to each national individual.

Using the S68 Postal identity management trust framework standard that the UPU has published, InfoNetworks solution looks to leverage this framework with the OpenID Connect specification, and use of the existing DNS for discovery services. This approach is modeled in part on the EU’s eIDAS Regulations.

InfoNetworks is seeking to leverage the legal and governance structure of the Universal Postal Union (UPU), a specialized agency of the UN and the world’s second oldest intergovernmental organization. In 2009, the UPU was granted the right to operate the .POST top-level domain by ICANN.  InfoNetworks’ solution utilizes OpenID Connect compliant digital identities that are globally discoverable using the Internet’s existing domain name system (DNS), coupled with the ability to added verified credentials from a trusted source. Postal Operators will be able to use the .POST domain to allocate a unique digital identity and corresponding email to its national citizens.

A key privacy feature of our solution is the incorporation of pseudonymized identifiers that can be used to engage in transactions with online providers, for which a provider (or certain verified third parties) may request the user’s personal data from the escrow under the established “due process” rules. The user is empowered to determine with whom, for how long and under what circumstances their personal data may be shared based upon the user’s consent, and empowers them to determine when they exercise the right to be forgotten, subject only to the ongoing consent to for a provider or verified third party to access their personal data retained in escrow for designated lawful purposes.

The use of these pseudonymized identifiers, facilitate and expand global trade by providing individuals businesses the ability to engage in cross border transactions without fear of violating national privacy laws. While our solution works under the existing GDPR and various other privacy regulations, it is equally compliant with other national governments that have enacted  data localization laws.

InfoNetworks’ solution is currently compatible with OpenID Connect based digital identities, but the key components of our platform technology (e.g., verified credentials, retained escrow of personal data, and localized “due process” rules) can be integrated with other digital identity technologies, such as client certificates or more the more recent “DID” and Verifiable Credentials being promulgated by the W3C based on distributed ledger technology. InfoNetworks approach is based on the common technologies underpinning these various technologies and various trust frameworks, such as the Universal Postal Union S68 Postal identity management trust framework.

InfoNetworks’s solution leverages the OAuth based user experience that many social media companies have successfully assimilated a large portion of Internet users with OpenID Connect. In addition, it is specifically designed for compatible digital identities to be managed by users in a variety of common formats for mobile devices and common browsers with which users are already comfortable.

Yes, the use of open standards is fundamental to our approach, along with the ability for users to store their personal data with their preferred IdP. This is subject only to the terms of escrow and retaining the ability access that identifying information for legitimate purposes subsequent to transactions engaged in using a pseudonymous identifier (such as in the case of a legal dispute).

Our platform, by its nature, it is an enabling technology for accessing online services. However, our platform will operate in any connectivity environment available to the user. Because our platform enables the use of common user formats for managing identity credentials, the user experience may be easily tailor to address the literacy and numeracy levels of a particular user base.

Our vision is for our open-standard, global framework to be adopted by identity providers and online service providers globally to empower people from all circumstances to transaction online more easily and with greater confidence in their privacy, while also offering businesses greater opportunity to provide value to their customers with less cost and risk for the information that they are entrusted with from their customers.

ID4me.org

There is a list of additional supporting organizations that cannot be disclosed at this time, however, they will be available on the website after March 7th.

Over the past twenty years, Michael Palage has provided consulting services to various registration authorities within the domain name ecosystem for the private sector as well as inter-governmental entities (ITU, UPU, and ESCWA); and has held numerous leadership positions, including a three-year term on the ICANN Board of Directors.

With over twenty years of experience driving legal and business best practices of global Fortune 500 companies, Frank Cona has been actively involved in driving Security and Privacy by Design with leading “IoT” organizations and best practices for IoT devices and systems.

More information is available at https://infonetworks.global/about/.

With growing privacy concerns among both regulatory bodies and the general public, coupled with the continuing rise in online fraud, a paradigm shift is occurring in the way personal data is managed online. The risks and costs associated with the aggregation of personal data in multiple honeypots will give way to the management of personal data across “ecosystems” using federated digital identities. InfoNetworks opportunity for long term growth is founded on providing services to support the management of localized “due process” based access to personal data within an open-standard based globally interoperable framework.

InfoNetworks believes that by leveraging the respective strengths of the DNS and UN governance framework, there is the potential to create a unique public private partnership to achieve multiple SGDs: 1, 3, 8, 9 and 16.  

Key potential barriers to success for our solution would be a lack of interest by organizations in adopting a common, open-standard based global framework for interoperable digital identities in favor of various proprietary and/or fragmented approaches; or in adopting the use of IdP’s and the escrow of personal data for users in favor of continuing retain data silos. What is necessary to overcome these barriers is demonstrating the value of our approach in reducing risk and costs, and in empowering individuals to both private and public sector organizations.