SlideShare a Scribd company logo

US Digital Immigration Credentials Overview

Anil John
Anil John

USCIS Presentation at the 2022 Fed ID Conference on Using W3C VCs and W3C DIDs for Digital Immigration Credentials

1 of 11
Download to read offline
U.S. Digital Immigration Credentials Encouraging Innovation, Ensuring Diversity, and Enabling a Global Ecosystem Jared Goodwin, Division Chief U.S. Citizenship and Immigration Services Management Directorate, Office of Intake and Document Production
Why Digital Credentials? • USCIS issues high-value, authoritative credentials to immigrants and non-immigrants in the United States • This is where the world is going, where the agency is going, and what our Customers expect when it comes to ease and convenience • Ability to issue, renew, extend and revoke digital credentials in a standardized manner • Complements our physical credentials; does not replace them
Why Now? • Existence and maturity of open, global standards that enable our Customers to have visibility into, and control of their interactions • As a benefit-granting agency with global reach, using open standards to ensure broad acceptability and usage of our credentials is critical for USCIS • We now have multi-year experience and expertise in contributing to, supporting and learning from the open, global standards development and implementations • Global interoperability of solutions is an important consideration to prevent technology/vendor lock-in
USCIS Implementation Priorities • Not a requirement; a choice! • Starting with the digital Permanent Resident Card (PRC), immigrants will be invited to request a digital version when they receive the physical credential • Immigrant can continue to conduct all Government transactions with their existing physical credential • Eliminate “phone home” architecture/technology/implementations • Eliminate “back-channel” interactions between verifiers of the credential and the issuer (USCIS) which are not visible to the credential holder • Support for selective disclosure capabilities to provide the holder of the credential granular control over what information they can share and when • Encourage and support a plurality of independent, interoperable, standards-based implementations to counter vendor/technology lock-in, and mitigate perverse incentives that accrue market power to entities that can result in a gatekeeper functionality between the Government and its customers
USCIS Implementation Standards W3C Verifiable Credentials & W3C Decentralized Identifiers 5 W3C VC/DID architecture is an evolution of existing models that: • Enables an individual to have control over their data • Addresses the “phone home” problem • Provides selective disclosure capability with informed consent • Solves the issue where an identifier serves as both entity identifier and an authenticator (i.e. Social Security Number) • Supports global resolution of an Issuer’s identifier to its public key(s) & their retrieval • Encourages an open ecosystem with multiple implementations to foster competition • The W3C VC Data Model Standard identifies an abstract component called a “Verifiable Data Registry” which in our implementation we refer to as a “Metadata (or Public Key) Resolver” • USCIS supports and require a Bring-Your-Own-W3C-DID-in-Digital-Wallet in our implementation
US Immigration Credential Ecosystem 6 • Interactions between the Immigrant and Government • Interactions between the Immigrant and the private sector
7 https://www.w3.org/TR/vc-data-model/ https://www.w3.org/TR/did-core/ https://www.w3.org/TR/vc-data-model/ https://w3c-ccg.github.io/citizenship-vocab/ Online or In-Person Presentation Digital Permanent Resident Card
Global Support for W3C VCs & DIDs 8 Global acceptance and usage of W3C VC and DID Standards … • by Governments (Canada, EU, Germany, New Zealand etc.) and • the Private Sector (Microsoft, NACS, Square/Block etc.) of … … interoperability standards, technologies and approaches funded, refined, used and championed by DHS over the last 7+ years
9 https://canada-ca.github.io/ucvdcc/ US-Canada Collaboration USCIS & CBP <> TBS & ISED Opportunity to work together on: • Approaches to accept digital credentials issued by other Countries for benefits adjudicated by USCIS • Open and common security, privacy and interoperability baselines for digital wallets • Enabling wallet choice and selection capabilities for individuals • Enabling cryptographic agility in verifiable credential solutions
Deliveringan OperationalCapability Competitive Global Solicitation No .gov system + synthetic data in Phases 1-3 .gov system + operational data in Phases 4-5 Phase 1 •Delivery of a Minimum Viable Product Phase 2 •Full Capability Build Phase 3 •Red Team Testing Phase 4 •Operational Validation Phase 5 •Initial Operating Capability
11

More Related Content

US Digital Immigration Credentials Overview

  • 1. U.S. Digital Immigration Credentials Encouraging Innovation, Ensuring Diversity, and Enabling a Global Ecosystem Jared Goodwin, Division Chief U.S. Citizenship and Immigration Services Management Directorate, Office of Intake and Document Production
  • 2. Why Digital Credentials? • USCIS issues high-value, authoritative credentials to immigrants and non-immigrants in the United States • This is where the world is going, where the agency is going, and what our Customers expect when it comes to ease and convenience • Ability to issue, renew, extend and revoke digital credentials in a standardized manner • Complements our physical credentials; does not replace them
  • 3. Why Now? • Existence and maturity of open, global standards that enable our Customers to have visibility into, and control of their interactions • As a benefit-granting agency with global reach, using open standards to ensure broad acceptability and usage of our credentials is critical for USCIS • We now have multi-year experience and expertise in contributing to, supporting and learning from the open, global standards development and implementations • Global interoperability of solutions is an important consideration to prevent technology/vendor lock-in
  • 4. USCIS Implementation Priorities • Not a requirement; a choice! • Starting with the digital Permanent Resident Card (PRC), immigrants will be invited to request a digital version when they receive the physical credential • Immigrant can continue to conduct all Government transactions with their existing physical credential • Eliminate “phone home” architecture/technology/implementations • Eliminate “back-channel” interactions between verifiers of the credential and the issuer (USCIS) which are not visible to the credential holder • Support for selective disclosure capabilities to provide the holder of the credential granular control over what information they can share and when • Encourage and support a plurality of independent, interoperable, standards-based implementations to counter vendor/technology lock-in, and mitigate perverse incentives that accrue market power to entities that can result in a gatekeeper functionality between the Government and its customers
  • 5. USCIS Implementation Standards W3C Verifiable Credentials & W3C Decentralized Identifiers 5 W3C VC/DID architecture is an evolution of existing models that: • Enables an individual to have control over their data • Addresses the “phone home” problem • Provides selective disclosure capability with informed consent • Solves the issue where an identifier serves as both entity identifier and an authenticator (i.e. Social Security Number) • Supports global resolution of an Issuer’s identifier to its public key(s) & their retrieval • Encourages an open ecosystem with multiple implementations to foster competition • The W3C VC Data Model Standard identifies an abstract component called a “Verifiable Data Registry” which in our implementation we refer to as a “Metadata (or Public Key) Resolver” • USCIS supports and require a Bring-Your-Own-W3C-DID-in-Digital-Wallet in our implementation
  • 6. US Immigration Credential Ecosystem 6 • Interactions between the Immigrant and Government • Interactions between the Immigrant and the private sector
  • 8. Global Support for W3C VCs & DIDs 8 Global acceptance and usage of W3C VC and DID Standards … • by Governments (Canada, EU, Germany, New Zealand etc.) and • the Private Sector (Microsoft, NACS, Square/Block etc.) of … … interoperability standards, technologies and approaches funded, refined, used and championed by DHS over the last 7+ years
  • 9. 9 https://canada-ca.github.io/ucvdcc/ US-Canada Collaboration USCIS & CBP <> TBS & ISED Opportunity to work together on: • Approaches to accept digital credentials issued by other Countries for benefits adjudicated by USCIS • Open and common security, privacy and interoperability baselines for digital wallets • Enabling wallet choice and selection capabilities for individuals • Enabling cryptographic agility in verifiable credential solutions
  • 10. Deliveringan OperationalCapability Competitive Global Solicitation No .gov system + synthetic data in Phases 1-3 .gov system + operational data in Phases 4-5 Phase 1 •Delivery of a Minimum Viable Product Phase 2 •Full Capability Build Phase 3 •Red Team Testing Phase 4 •Operational Validation Phase 5 •Initial Operating Capability
  • 11. 11