Trust Domains for Mobile ID Applications with LIGHTest
As the world is going more and more mobile, there is a growing need for mobile ID solutions supporting numerous use cases. Typical examples are e-government services, legally binding signatures, other public services and high-value e-commerce applications. In addition, many financial services are subject to regulation and therefore require trustworthy identity data as well. For these applications it is essential for the relying party to judge the assurance level of a presented identity or an identity attribute.
LIGHTest addresses these needs by designing a derived mobile ID concept that supports the propagation of assurance data throughout the process of identity derivation, storage of derived credentials and authentication to the relying party. The concept is based on the FIDO authentication protocol, enhanced with ID derivation assertions. Since the issuer of the primary identity, the ID derivation service, and the relying party can be part of different trust schemes, the whole environment becomes rather complex. At this point, LIGHTest can support the trust propagation of ID assurance by its core services like trust publication and trust translation. In addition, it allows the creation of trust domains with domain-specific trust information.
As an example, a specific authenticator used in a derived mobile ID scheme could be sufficient for authorisation of payment transactions, but may not be strong enough for e-government applications. With LIGHTest it is possible to create different domains (e.g. one for financial applications and one for e-government) that can publish different trust data to assess the level of assurance of this specific authenticator. Accordingly, a relying party can take the data received within the LIGHTest mobile ID scheme and look up trust information for its specific domain using the LIGHTest infrastructure. Trust domains can be regional domains (e.g. U.S., EU member states) as well as application domains (financial industries, e-government, retail etc.) or a hierarchical combination of regional and application domains.
Consequently, the LIGHTest infrastructure - in conjunction with the LIGHTest mobile ID scheme - offers a flexible framework to tailor sector-specific trust applications and to address the heterogeneous technologies in the mobile ecosystem in a flexible way.
Author: Dr. Frank-Michael Kamm, Technology Director R&D, Giesecke & Devrient Gesellschaft mit beschränkter Haftung, Germany