“I went to Geneva to understand what, if anything, people were saying regarding digital identity and standards in a governance-focused forum. My brain is now full.”

I’m an identity and standards geek. I adore the topic of identity and the standards development process; everything from the brilliant minds, the challenges, and the intense edge cases. (Well, some of the challenges. I could do without a few.)

But I also recognize that both the identity industry and the standards process have serious issues, especially when it comes to the diversity of representation and issues of governance. Too often, we hear from the same people in the same rooms, solving the same problems.

So, when I knew I’d be in Geneva for the first Global Digital Collaboration Conference (which, by the way, exceeded my expectations), I applied for accreditation to attend the WSIS+20 High-Level Event, hosted by the ITU. The WSIS+20 is, according to their website, “an existing multistakeholder United Nations (UN) process on digital governance and cooperation with a vision of fostering people-centered, inclusive, and development-oriented information and knowledge societies.” My goal was pretty simple: listen to people I don’t usually get to hear from. Try to understand why the worlds of digital identity, governance, and Internet policy remain so siloed, despite everyone’s insistence that this is all interconnected.

I’ve learned a lot. I’m not sure what to do with all of it yet, but I’m glad I came.

You can Subscribe and Listen to the Podcast on Apple Podcasts, or wherever you listen to Podcasts.

And be sure to leave me a Rating and Review!

Defending Our Voice: Participation ≠ Power

Let’s start with the first session I attended: “Defending Our Voice: Global South Participation in Digital Governance.” Kemly Camacho (Association for Progressive Communications) moderated the session, which included speakers from IT for Change, Derechos Digitales, the UN Human Rights Office, and the Brazilian Internet Steering Committee.

They were primarily discussing governance, not technical standards, but a lot of what they said seemed relevant for the standards world, too. Right out of the gate, the first speaker, Nandini Chamim, laid out a set of points I think everyone in identity and standards work should hear:

• Presence ≠ Participation: Just being in the room doesn’t mean having influence. Real participation means being able to shape agendas and priorities.
• Multistakeholder ≠ Public Policy: Equal status in dialogue doesn’t automatically create legitimate public policy. What matters is how different interests are mediated to reach consensus.
• The Mundial 2014 process raised this issue: Legitimacy in Internet governance must be earned, not assumed through default institutional formats.
• Trust deficit: Historical data shows ongoing public skepticism. Governance spaces are often dominated by powerful countries and corporations, sidelining the issues important to less-represented groups.
• Technical ≠ Apolitical: Since WSIS, we’ve seen how technical standards often embed political values. They shape not only systems, but also societal norms.
• Openness must be questioned: When we talk about openness, we should ask: Openness towards what (i.e., open to what kind of issues?), and for whom?

Even when civil society groups are invited, it’s often tokenistic; visa issues, language barriers, and lack of funding limit meaningful engagement. And when they do show up, there’s often no follow-up, no feedback loops, and no real seat at the agenda-setting table.

IAM Is a Multi-Tool. We’re Not the Whole Toolbox.

Another thing that became clear throughout the event was that many of the people here are tackling big problems, and digital identity isn’t exactly one of them.

This reminded me of a conversation I had with Andrew Hindle and Richard Bird at the bar during Identiverse 2025. (All the best conversations seem to happen at the bar.) We talked about how siloed the identity team is within most organizations, even though IAM touches every part of the business.

That conversation led me to understand that identity people often think in systems, but the rest of the organization thinks in functions. HR, finance, compliance, marketing—they’ve all got their own language and priorities. And understanding IAM isn’t in their job description.

WSIS+20 made me realize that the same kind of disconnect exists at the global level, too.

The people in these rooms work on global human rights, economic justice, equity, ethics, and environmental resilience. To them, identity is just one tool in a thousand-piece toolbox. Standards are just one governance process among many. Most of them have never heard of SAML, FIDO, or the W3C Digital Credential API, and don’t need to. They don’t use the terms CIAM, workforce identity, or even authentication and authorization. They have use cases that require things like identity verification, but it’s not on their radar.

What they do understand is that technology is not neutral. Technologists and policymakers must shape it around a platform of human rights. Where I’ve previously written that “the technology is ready, the governance is not,” what I saw here is that the governance work is happening, but it’s happening in a different room, with a very different vocabulary.

So what do we do about the gap?

It’s tempting to say we need to get technologists into policy rooms and policymakers into technical working groups. But I don’t think that’s the answer, at least not by itself. This isn’t a matter of “getting in the room.” It’s about figuring out how to share power, information, and influence across two very different systems.

The only halfway-satisfying idea I have right now is this: mandated consultation, in both directions.

• Policy decisions should be reviewed by expert technical groups.
• Technical standards should be reviewed by policymakers and civil society.

Even that solution frustrates me. It’ll slow processes down further in a time when everything else is speeding up. It may leave even more room for de facto standards to take root via market dominance. But I can’t think of another way to bridge the growing legitimacy gap between how we make standards and how people expect governance to work. Consultation also won’t be enough if there’s no way to track what feedback was given, what was included, and, critically, what was left out and why. That’s not just a process problem. That’s a legitimacy problem.

If you have other suggestions, I’m listening.

📩 Want to stay updated when a new post comes out? I write about digital identity and related standards—because someone has to keep track of all this! Subscribe to get a notification when new blog posts and their audioblog counterparts go live. No spam, just announcements of new posts. [Subscribe here] 

Transcript

[00:00:04]
Welcome to the Digital Identity Digest, the audio companion to the blog at Spherical Cow Consulting. I’m Heather Flanagan, and every week I break down interesting topics in the field of digital identity—from credentials and standards to browser weirdness and policy twists.

If you work with digital identity but don’t have time to follow every specification or hype cycle, you’re in the right place.

Let’s get into it.

---

Defining the Governance Gap

---

[00:00:30]
So I went to Geneva for the World Summit on the Information Society (WSIS) meeting. It’s a multistakeholder United Nations process, organized by the ITU, that focuses on digital governance and cooperation.

My goal? To understand what, if anything, people were saying about digital identity and standards in a governance-focused forum.

And it was… really interesting. I’m very glad I went.

Now, if you know me, you know I’m an identity and standards geek. I love the process—well, most of it. The brilliant minds, the weird edge cases, the moments where it feels like we’re collectively inching the Internet forward? I live for that.

But I also recognize the industry’s flaws:

• Representation gaps
• Governance issues
• Repetition of the same voices and perspectives

And that’s not how progress works.

---

Finding WSIS and Listening Beyond the Norm

---

When I found out I’d already be in Geneva for the Global Digital Collaboration Conference (which far exceeded expectations), I applied for accreditation to attend the WSIS+20 High-Level Event.

According to its official description, WSIS is about:

“Fostering people-centered, inclusive, and development-oriented information and knowledge societies.”

In real terms? It’s the room where governments, civil society, and international organizations gather to talk about the future of digital governance on a global scale.

My objective was simple:
Listen to people I don’t normally hear from.
And try to understand why identity, governance, and Internet policy feel like separate worlds, even though they’re clearly interconnected.

---

The Session That Set the Tone

---

[00:02:43]
The first session I attended was titled:
Defending Our Global South Participation in Digital Governance.

It was moderated by Kemli Camacho from the Association for Progressive Communications, with panelists from:

• IT for Change
• Derechos Digitales
• UN Human Rights Office
• Brazilian Internet Steering Committee

They weren’t there to talk about standards, but what they said resonated powerfully.

A speaker named Nadini Chowni offered some compelling truths:

• Presence ≠ Participation
  Just being in the room doesn’t mean influencing the agenda. Real participation means shaping the priorities—not just reacting to them.
• Multistakeholder ≠ Public Policy
  Equal footing in a discussion doesn’t guarantee fair policy outcomes. What really matters is how interests are mediated and resolved.
• Legitimacy Must Be Earned
  She referenced the Mundial 2014 process, which emphasized that governance legitimacy is earned—not assumed—just because a structure looks inclusive on paper.
• There’s a Public Trust Deficit
  Long-standing skepticism exists due to powerful countries and corporations dominating governance spaces, often sidelining less-represented voices.

And perhaps most importantly:
Being technical is not apolitical.
The design of standards reflects values. It shapes systems. It sets social norms.

---

Tokenism, Risk, and Real Costs

---

[00:04:39]
Even when civil society is invited, participation is often tokenistic:

• Visa problems
• Language barriers
• No travel funding
• No translation or agenda
• No follow-up mechanism

As one speaker said:

“Participation is costly. And it’s risky.”

Sometimes, just showing up carries political risk. And even then, there’s no guarantee your voice will shape the outcome.

As a working group chair in a standards organization, this hit hard. I try to be inclusive—but I often rely on those who are willing to speak up.

Clearly, I need to do better.

---

Identity Isn’t the Toolbox—It’s Just a Tool

---

[00:06:01]
Here’s the realization:
Identity and access management (IAM) is like a multi-tool—it’s handy, flexible, and powerful.
But it’s not the whole toolbox.

At the WSIS event, most people weren’t even thinking about digital identity.

Instead, they were focused on:

• Human rights
• Economic justice
• Environmental resilience

Digital identity was just one small piece of their broader challenges.

This reminded me of a conversation I had at Identiverse earlier this year—with Andrew Hindle and Richard Bird—about how siloed IAM projects tend to be inside organizations.

Even though identity touches everything (HR, finance, compliance, security), it often goes unacknowledged across domains.

Why?

• IAM folks think in systems
• Others think in functions

Different language. Different priorities. Different goals.

And at a global level, it’s the same. The WSIS crowd? They’ve never heard of SAML or FIDO. They’re not discussing consumer or workforce identity.

They’re talking about:

• Data sovereignty
• Rights
• Accountability

They expect technologists to embed human rights into the systems they build.

---

Governance Is Happening… Somewhere Else

---

[00:07:42]
I used to say:

“Technology is ready; governance is not.”

Now, I’m not so sure. Governance is happening—just in other rooms, with very different vocabulary.

And that’s overwhelming.

We’ve got:

• WSIS
• IGF
• Global Digital Collaboration
• National frameworks
• Regional strategies

Even experts struggle to keep up.
For civil society groups, trying to monitor all that—on tight budgets, in multiple languages—it’s nearly impossible.

That’s not just a risk. It’s already causing:

• Fragmentation
• Incompatibility
• Conflicting outcomes

And no one wins.

---

The Gap Isn’t Just Presence—It’s Power

---

[00:08:45]
So how do we bridge that gap?

It’s tempting to say:
“Just bring technologists into policy rooms and policymakers into technical working groups.”

But that’s not enough.

Why?

Because it’s not about presence. It’s about power—and how to share it across two very different systems.

One half-formed idea:
Create mandated consultations in both directions.

• Policy decisions get reviewed by expert technical groups
• Technical standards get reviewed by policymakers and civil society

That should be baseline practice.

But even that frustrates me—because it’s going to slow us down. And we’re already struggling to keep up.

And the slower we go, the more room there is for de facto standards—those not built on consensus, but on market dominance.

Still, I can’t see another way to address the legitimacy gap.

And consultation alone isn’t enough without accountability.

---

What Happens Next?

---

[00:09:53]
One of the speakers noted that the WSIS Elements Paper—the framework guiding these discussions—barely included strong human rights language.

It was, in their words, “legally timid.”

So we need more than just listening.

We need:

• Traceability
• Transparency
• Accountability

We need to track:

• What feedback was given
• What was included
• What was excluded—and why

This isn’t just a process gap.
It’s a legitimacy problem.

If you’ve been in one of these policy rooms, or tried to bring identity work into broader governance conversations, I would truly love to hear from you.

Because honestly? I don’t see how we get from two parallel worlds to one where we can truly collaborate.

But I’m listening.

---

Final Thoughts

---

[00:10:48]
And that’s it for this week’s episode of the Digital Identity Digest.

If this made things a little clearer—or at least more interesting—share it with a friend or colleague. Connect with me on LinkedIn.

And if you enjoy the show, please subscribe and leave a rating or review on Apple Podcasts, or wherever you listen.

You can also find the full written post at sphericalcowconsulting.com.

Stay curious. Stay engaged.
Let’s get these conversations going.