The OpenID Foundation has submitted its comments on Utah's Request for Information (RFI #AE26-1) regarding the State-Endorsed Digital Identity (SEDI) program. This submission reflects the OpenID Foundation's ongoing commitment to supporting governments worldwide as they develop digital identity frameworks that prioritize security, privacy, and interoperability.

Gail Hodges, Executive Director of the OpenID Foundation, said: "The OpenID Foundation recognizes that the State of Utah is a thought leader on both privacy and digital identity, and we applaud their proactive approach to ensure protections for individuals are in place. Utah's approach is strongly aligned with our longstanding vision to help people assert their identity wherever they choose, and our development of specifications that enable consent based and privacy enabling capabilities. We are honored to provide our comments on their State-Endorsed Digital Identity RFI, and we hope our views help Utah realize its goals of security, privacy, and autonomy for its residents, while fostering strong engagement with industries, such as the financial sector and wallet providers."

Wayne Chang, Founder and CEO of SpruceID, added: “We’re excited to see the State of Utah take an approach in the spirit of constitutional rights to ensure freedom in the digital world. This aligns with our mission to let people control their data across the web, and also the work on verifiable digital credentials protocols from the OpenID Foundation, which allow for more decentralized and privacy-preserving modes of digital interaction.“

Part of a broader practice

The due diligence that Utah is pursuing addresses concerns broadly similar to those of over 60 countries currently developing digital identity programs. By sharing our comments on Utah’s RFI in this blog, we hope those other jurisdictions will benefit from proven interoperability patterns and avoid common pitfalls.

Over the past year, the OpenID Foundation has offered similar guidance to the European Commission, Australian government, New Zealand, the UK Government, the Japanese government, and NIST, among others. This reflects the Foundation's ongoing role as a technical resource for jurisdictions developing digital identity systems and a vital “safe space” for public and private sector thought leaders to convene and ensure their deployments interoperate.

Key recommendations

In our comments, we emphasized several technical considerations:

Proven standards: We recommend adopting specifications already deployed in production, including OpenID4VP, OpenID4VCI, and HAIP, paired with ISO/IEC 18013-5/-7 standards to ensure broad compatibility.

Financial sector interoperability: Aligning with NIST NCCoE interoperability patterns would give Utah residents faster access to using state issued credentials with federally regulated financial institutions. Critical work on how US-state issued credentials can comply with US CIP and KYC regulations is being led out of the eKYC and IDA Working Group, with granular reports relevant to not only US issuers, but extensible to global financial interoperability goals.

Open testing tools: Our open source test suites help implementers achieve conformance at no cost, reducing barriers while maintaining security and interoperability.

Privacy by design: We emphasized approaches supporting selective disclosure and unlinkability to protect individual privacy while enabling verification.

An ongoing conversation

OpenID Foundation leaders were delighted to meet with the Utah delegation attending the Internet Identity Workshop October 21-22, and we welcome the opportunity for continued dialogue with Utah as the state refines its approach to digital identity. As with our other jurisdiction partnerships, we're committed to ensuring full understanding of our recommendations and providing ongoing technical support for those governments and private sector implementers of our specifications.

The full text of our comments to the State of Utah is available here for other stakeholders who may find value in our technical perspective as they consider similar initiatives. We believe that open, transparent discussion of digital identity architecture benefits the entire ecosystem and helps advance interoperable, privacy preserving solutions.

Jurisdictions interested in discussing digital identity frameworks can reach the OpenID Foundation at director@oidf.org. We also encourage direct participation in our Working Groups and Community Groups, which are open to all at no cost. Of particular relevance to Utah and its peers are the work of the Digital Credentials Protocols Work Group, eKYC and IDA Working Group, and the Ecosystem Support Community Group. 

About the OpenID Foundation

The OpenID Foundation (OIDF) is a global open standards body committed to helping people assert their identity wherever they choose. Founded in 2007, we are a community of technical experts leading the creation of open identity standards that are secure, interoperable, and privacy preserving. The Foundation’s OpenID Connect standard is now used by billions of people across millions of applications. In the last five years, the Financial Grade API has become the standard of choice for Open Banking and Open Data implementations, allowing people to access and share data across entities. Today, the OpenID Foundation’s standards are the connective tissue to enable people to assert their identity and access their data at scale, the scale of the internet, enabling “networks of networks” to interoperate globally. Individuals, companies, governments and non-profits are encouraged to join or participate. Find out more at openid.net.