For a long time, digital authentication has posed several problems. The methods for strong electronic authentication currently in use are expensive to the government and private service providers alike. The need for passwords makes accessing digital services cumbersome. Special groups, such as minors and those under guardianship, are excluded from using electronic services. Also, accessing Finnish digital services is slow and complicated for foreign individuals and companies, which has a negative impact on Finland’s competitiveness.
Last year, Nixu, Suomen Tilaajavastuu and Digital Living International launched a pilot project, Sandbox of Trust, with a view to solving these problems in digital ID verification and creating a national authentication method. The first stage of the project was completed in May, and the results are promising.
During the first six months of the project, the parties succeeded in creating shared rules for digital authentication, developing a new open-source authentication method (the SisuID app), and testing its suitability in five pilot projects.
The Sandbox of Trust project involves more than 30 private and public sector organizations. These organizations are brought together by a shared goal: to make electronic authentication cost-efficient, easy, and safe. During fall 2019, the community will establish a cooperative focusing on digital identity verification. The collaboration model is unique even on the global level.
“Problems in digital authentication can’t be solved by a single operator or sector alone. That’s why we are extremely pleased that the project was so successful, and we already have results to show,” says Joonatan Henriksson, Nixu’s Head of Digital Business. “For example, the community members jointly agreed that the solution must support the Strong Customer Authentication requirements set out in the new Payment Services Directive, PSD2”.
Shared authentication rules compiled in rulebooks
At the first stage of the project, the SisuID community convened several times for open meetings to discuss shared rules for digital authentication. During the meetings, the parties agreed on the pricing model, steering of development, and features to be implemented. As a result of these discussions, the community created rulebooks for authentication services, which all parties committed.
“The work process was exceptionally open and participatory. Everybody had the opportunity to influence the principles of the service. This is the only feasible way to guarantee an authentication service that benefits all parties involved, while truly promoting the rapid development of digital society,” explains Pirkka Frosti, the CEO of Digital Living International.
Private and public sector results
In addition to the rulebooks, the SisuID community conducted several pilot projects, which involved testing the SisuID authentication in practice. More than ten private and public sector organizations participated in five pilot projects to influence the development the authentication solution.
Results of the public sector pilots:
• In the school and education sector pilot, the goal was to test how an underage student could, with the guardian’s consent, access e.g. educational and health care services. The participants recognized the need to create an individual digital ID that could be used to bring together the electronic services provided by both private and public sector service providers. This ID could also facilitate rapid development of digital lifelong learning services provided by private employers and training providers.
• International students’ digital customer journey was analyzed in its entirety, from the start of the application process to the arrival at the university. An electronic ID would enable students to transfer information between authorities and other operators, for example from the Studyinfo service to the Finnish Immigration Service’s residence permit system and the university’s internal systems.
• The international corporate collaboration pilot focused on analyzing the service path to starting a business in Finland that a foreign entrepreneur identified by electronic means has to take. The pilot project involved testing how a foreign entrepreneur could establish a company in Finland without the need even to visit the country.
Results of the private sector pilot projects:
• In the travel sector project, the participants analyzed how an air passengers’ customer journey could be arranged so that there would be no need to present travel documents at the airport. Instead, a passenger’s identity would be verified with the assistance of biometric facial recognition methods, with the identification data linked digitally to all the travel ecosystem’s services.
• In addition, the pilot project involved testing self-service identification in connection with collecting a package from mail and the use of an extensive private-sector service network as the party granting authentication.
The SisuID community will publish more detailed results from the pilot projects in autumn 2019.
Next stages of the digital authentication project
During 2019, the SisuID community will establish an authentication cooperative, which will produce the service. The cooperative will jointly cover the service costs, maintain the service, and develop it further.
The cooperative’s operations will remain open, in line with the goals set by the community. Any party, whether private or public, may join the cooperative as a member or procure services provided by it. The technologies applied in the SisuID service will be developed further in line with the principles of human-centered and ethical data processing defined as part of the MyData and Sitra’s IHAN projects.
The SisuID service is slated to move on to the production stage in early 2020. All service providers can influence the schedule by signing up on SisuID’s website at https://sisuid.com and by signing a letter of intent that will be utilized in the project’s funding negotiations.
The goal is to make the service’s pricing model significantly cheaper than the current model, thereby stopping passwords and the need for strong authentication presenting a bottleneck to the digitalization of services.
SisuID - Consortium
Joonatan Henriksson, Head of Digital Business, Nixu
joonatan.henriksson (at) nixu.com
Pirkka Frosti, CEO, Digital Living International
pirkka.frosti (at) digitalliving.fi
Sami Sinisalo, Director of Product Management, Suomen Tilaajavastuu
sami.sinisalo (at) tilaajavastuu.fi
SisuID website www.sisuid.com
SisuID is a digital authentication solution hosted and governed by the open SisuID community. It is a low-cost authentication solution that allows service providers to choose between normal and strong levels of security. It also enables linking data and digital services with user’s consent. It can be used to replace passwords and cumbersome 2-factor authentication mechanisms in your services. For citizens and foreign end-users, it's free.
Launched in 2018, Sandbox of Trust is a Finland-based digital authentication project, involving Nixu Corporation, Suomen Tilaajavastuu, Digital Living International and Technology Industries of Finland. The project is funded by the Finnish Innovation Fund Sitra and pilot organizations, and it is part of the Real-time Economy Ecosystems project of Technology Industries of Finland.