Primary elements
There are four primary elements within the Digital ID Framework that users can leverage to gain access to California’s many services and benefits.
Digital ID
A Digital ID is a way to prove your identity online, designed to simplify access to services and information that are meant only for you. A Digital ID is like a digital counterpart to your physical identification documents such as a passport or driver's license; it's an electronic proof of your identity that you can “present” online to prove who you are and that you are eligible to access information, services, and benefits.
You “present” your Digital ID by providing information only you should have access to. This may include entering something you know, like a username and password, or personal details such as your name, birthdate, or social security number. You can also verify something you have, by inputting a code sent to your mobile device or by taking an image of your physical identification documents. Lastly, you can also prove something you are, by using your smartphone camera to verify it is you behind the screen, or by scanning your fingerprints. Because only you should be able to provide this mix of personal data, these websites can be reasonably certain that it’s really you attempting to gain access.
The digital identity framework standardized the adoption of Digital ID acceptance across state agencies and ensures that the digital ID you have can be created and reused for all the state benefits and services you are eligible for.
CDT-built technology platform
The California Identity Gateway (ID Gateway) is a CDT-built technology platform that facilitates the interaction between various digital entities (including state websites and identity and eligibility providers) for the purpose of securely sharing the information needed for identification and eligibility verification. The ID Gateway federates the authentication performed by Identity Providers using the OpenID Connect authentication protocol, allowing eligibility providers and state agencies to trust that users are who they say they are, and allowing users to utilize a single sign on (SSO) with the Identity Provider to access services, benefits, and information from any integrated client agency across California. The ID Gateway is the state’s preferred service for this purpose, allowing state agencies to securely access critical information about the individuals they seek to serve.
Digital artifacts built off of CDT governance and overseen by CDT’s Office of Digital Services
A digital credential is a digital artifact that can be presented by individuals online (or in person, using a device with a mobile wallet) to share important attributes about themselves to third parties. The Digital ID Framework will standardize key attributes of state-issued digital credentials (such as their appearance), and ensures that all state-issued digital credentials are compatible with widely used mobile wallets.
Digital credentials contain relevant information about an individual's attributes, either by providing means to verify the attribute with the issuing entity, or by storing these attributes on a user's device and presenting them in a manner that is independently verifiable. Digital credentials may be presented in many different formats, including web, mobile apps, native mobile integrations, or even in proprietary solutions. Examples of digital credentials include state park passes, state-issued professional licenses, vaccine records, transit passes with embedded discounts, electric vehicle charger access cards, and mobile driver's licenses (mDL).
A digital wallet is a secure space on your electronic device that stores sensitive digital artifacts. Digital wallet interfaces vary; some are built into the native software of digital devices (such as the “wallet” on an apple or android phone), while others are housed in a mobile or web-based application. Any kind of digital wallet may play a role in the interactions that make up the Digital ID Ecosystem.
Digital wallets contain many kinds of digital artifacts (bank cards, membership cards, mobile driver's licenses, etc.), and can facilitate secure interactions with these artifacts, allowing users to pay for goods online or in-person by securely transmitting payment information, or to confirm their eligibility for a benefit or discount by presenting identity information. Digital wallets typically incorporate security functionality that ensures only the primary user may access and share what is contained inside, including by requiring passcodes, biometric verification (facial recognition or fingerprint scan), or multi-factor authentication.
Core Principles
There are four core principles that guide the Digital ID Framework:
World-class security
To ensure the highest level of privacy protection and data security for Californians, the CDT holds all participants in the Digital ID ecosystem to international standards of responsible data management. These include adherence to standards such as the Open ID Connect identity authentication protocol and the ISO / IEC standards relating to identity management and digital verification.
Privacy by design
The CDT advocates for the integration of data and privacy protection measures directly into the development of technology and the design of verification policies, processes, and programs. In a practical sense, this means minimizing collection and storage of all data that is not strictly necessary, implementing technical and organizational measures to protect data safety, and incorporating practices such as pseudonymization, encryption, and user authentication in a way that is responsive to the risks and context of the data processing use case.
Access and equity All Californians should be able to securely and conveniently access digital services and benefits from the government - to uphold this vision, the CDT strongly encourages all Digital ID ecosystem participants to prioritize intuitive design and accessible interfaces, and to consider the technical, demographic, and socio-economic disparities that still exist between many Californians when designing their programs.
Openness and transparency As stewards of the public’s data and as a key facilitator of government service provision, the CDT has a responsibility to uphold the highest standards of honesty and integrity in all of our work. We also hold our partners to the same standards, and believe that transparency not only increases the trust and confidence in our work, but is also a precursor for innovation and collaboration for the betterment of all. We also have a preference for open-sourced software whenever possible.