The Review of Non-Technical Assumptions in Digital Identity Architectures

The literature on digital identity management systems (IdM) is abundant and solutions vary by technology components and non-technical requirements. In the long run, however, there is a need for exchanging identities across domains or even borders, which requires interoperable solutions and flexible architectures. This article aims to give an overview of the current research on digital identity management. We conduct a systematic literature review of digital identity solution architectures and extract their inherent non-technical assumptions. The findings show that solution designs can be based on organizational, business and trust assumptions as well as human-user assumptions. Namely, establishing the trust relationships and collaborations among participating organizations; human-users capability for maintaining private cryptographic material or the assumptions that win-win business models could be easily identified. By reviewing the key findings of solutions proposed and looking at the differences and commonalities of their technical, organizational and social requirements, we discuss their potential real-life inhibitors and identify opportunities for future research in IdM

EXPLAINING AN E-IDENTIFICATION FRAMEWORK IMPLEMENTATION USING DIALECTICS

This article analyses the challenges of implementing a new electronic identification (eID) framework in Finland. We employ the theoretical lens of dialectics to explain how two opposing forces in the form of public and private actors, the government and banks respectively, engaged in a process of resistance and acquiescence. By interviewing the key organizations from both sides, we identify the rationale of the conflict, mechanisms that have led and may lead to further conflict, and the outcome. The root cause of the problems with the framework include the conflicting goals of the government and banks: the regulators’ interests to create more competition in the market, generate cost savings, decrease the dependence on banks vs. the objectives of the banks to maintain the status quo. Moreover, the framework implementation practices, such as the hard enforcement strategy, an inherent infrastructuring mindset of the government and communication problems, have considerably contributed to further conflict development. As a result, divergent views on the framework architecture and the pricing models are the outcomes of the confrontation. Our findings emphasize the importance of strategic and operational coherence in the governance of a changing ecosystem with a proprietary banking platform playing a role in a national eID scheme

How do Practitioners Understand External Platforms and Services? A Grounded Theory Investigation

In this article, we investigate how practitioners understand external platforms, whose core offering is shared and utilized by a number of heterogeneous and interconnected organizations in an ecosystem. We especially look into situations where organizations wish to extend their own capability instead of building services that extend the functionality of the platform. Such dependencies to external platforms can be envisioned as the contemporary evolution from traditional outsourcing service models. We interviewed twenty-four practitioners from eight IT organizations and discovered a considerable ambiguity in understanding of what are the external platforms utilized by the organizations. We further elaborate that the diversified meanings that various stakeholders give to the concept of external platforms, can hinder efficient communication and may have implications on important strategic decision making

Love and Hate Relationships in a Platform Ecosystem: A case of Finnish Electronic Identity Management

There has been a substantial interest among scholars in digital platforms and their governance. This paper proposes a different perspective on the phenomenon, by providing observations on non-focal firms’ dependencies to external platforms. Using the case study results of Finnish firms’ utilization of a monopolistic BankID authentication platform, we describe the platform ecosystem and its transformation on organizational and technology aspects. We show how legislation can transform the roles and relations between ecosystem participants and lead to the long-time dominant legacy platform weakening. Our study extends existing research on platforms and contributes new knowledge about the enforced adoption of the platform by heterogeneous organizations. These findings have important managerial implications, as they inform how non-focal firms can understand the use of existing and coming digital platforms

Managing change in a dominant infrastructure for digital identification

The public defense on 5th June 2020 at 12:00 will be organized via remote technology. Link: https://aalto.zoom.us/j/64652125712 Zoom Quick Guide: https://www.aalto.fi/en/services/zoom-quick-guideEnterprise information systems and applications no longer exist as stand-alone entities, but instead, they interact with other information systems inside and outside the company boundaries. The success of many businesses is dependent on their ability to leverage the innovations coming from the outside, which are often global, remote and dynamic. The challenge attributed to industry platforms is that when they become dominant, integration with them is critical to the thriving of smaller, non-focal organizations.This thesis studies the case of a digital identity management (IdM) platform as an example of a dominant digital infrastructure. IdM is a crucial component in any software-based service that needs to identify, authenticate and authorize the access of its users and it is an important step towards the successful advancement of digital services in a society. The goal of this thesis is to identify the factors that affect the dynamic phenomenon of change in dominant digital infrastructures. The question is observed through the case of BankID infrastructure in Finland. Empirical research methodologies are applied in the study. The data has been collected through case studies and semi-structured interviews with practitioners and policymakers. This thesis consists of three phases and four sub-problems. First, the study explores the issue by analyzing the characteristics of the dependencies upon a dominant digital infrastructure. Second, the study gives a comprehensive account of the evolutionary dynamics of a dominant infrastructure by explaining how they transform. Next, the study concentrates on extracting the governance lessons learned from the Finnish IdM case. Lastly, the study proposes the overview of architecturally significant components when managing the development of IdM infrastructures. The results of the study reveal that as platforms gain dominance, they often become the de facto choice in the market. Furthermore, given the recursive relation between platforms and infrastructures, industry platforms that fail to anticipate wider ecosystem needs and adapt to them, evolve into industry infrastructures. The governance of the successful transformation of dominant (IdM) infrastructures requires cooperation and dialogue between the stakeholders. In addition, the following architecturally significant criteria can be used as an evaluative framework when assessing the design and development of large-scale, dominant IdM infrastructures: technology choice, identity provision, human-user integration, provider choice and the business model, governance structure and strategy in relation to the digital heritage. The results help advance current knowledge in the management of large-scale IdM infrastructures from both technology and organizational perspectives and could be used by software architects, business professionals, executive management as well as policymakers

From platform dominance to weakened ownership

Background: There is substantial interest among scholars in digital platforms and the ecosystems around them. Digital platforms are open, continuously evolving, sociotechnical structures that can be sensitive to various changes. Aim: We take one-step further and investigate the post-dominance phase of platforms. The electronic identification (eID) ecosystem in Finland provides a good example of ecosystem transformation due to external changes from EU and national regulation. Method: We engage in an extensive case study of a nation-wide monopolistic eID platform. We first take a retrospective view to understand the historical context and then examine in detail how an external driver leads to changes in the ecosystem. Results: We explicate the platform evolution process, from a phase of dominance with centralized control structures to a more federated governance approach. We find that the introduction of intermediaries between the platform and its users contributes to a weakening of the dominant platform owners. Conclusion: This finding that platforms can transform into industry infrastructures has an important implication for our understanding of the dynamics underlying digital platforms.Peer reviewe

BLOCKCHAIN-BASED ELECTRONIC IDENTIFICATION: CROSS-COUNTRY COMPARISON OF SIX DESIGN CHOICES

Electronic identification (eID) solutions constitute a critical element in digitalised society. As such, eID has been studied from a variety of perspectives, yet most, if not all existing solutions that have been studied rely on a centralised approach. With the introduction of decentralised technologies such as the blockchain, new avenues for designing eID solutions become feasible. In order to accelerate the creation of blockchain-based eID solutions and their study, this paper offers a comparison of two traditional eID initiatives in Finland and Sweden and one blockchain-based eID initiative in Taiwan. Based on this comparison, we derive insights in the form of design choices for a blockchain-based eID initiative. The findings show that the repertoire for design choices in eID solutions is expanded by the application of the blockchain. These findings are used as a foundation for discussing the design of blockchain-based eID solutions and the need for future research