Digital Identity

Lockstep’s founder and Principal Stephen Wilson is a pioneer in digital identity. Lockstep Consulting provides cut-through strategy advice in all aspects of identity management.

Steve is a leading authority on digital identity and online authentication.

The highest calibre advice on strategy

For over 25 years Steve has helped organisations in government, healthcare and banking throughout the Asia Pacific establish effective authentication systems, providing the highest calibre advice on strategy, architecture, policy, privacy, technology selection and governance.

He has been a key player in Australia’s emerging national authentication frameworks, including the Gatekeeper PKI, the National Smartcard Framework, the National Electronic Authentication Council, and the Law Reform Commission’s Emerging Technology Advisory Committee. Steve has published and spoken widely on all issues to do with digital identity.

Upload Stephen Wilson Resume Aug 2023.

“Steve is one of the world’s most orginal thinkers in digital identity today”

Tricia Wang
Digital Ethnographer
Co-Founder, Sudden Compass
Fellow, Berkman Center for Internet & Society, Harvard University

“Steve is a one of kind deep thinker about complex technology and business problems and an innovative solution creator.”

Mark Bower
VP of Product Development, Voltage Security

“Stephen is a true thought-leader in Information Security, combining deep understanding of the technology with a balanced and pragmatic view of what will work commercially and in terms of user acceptance, based on many years of industry experience.”

Ian Christofis
Principal Consultant, Verizon Business



Seeing the potential of PKI for electronic credentials

In the late 1990s, after working on several pioneering PKI projects, Steve realised that online authentication was really more about credentials and relationships than identity per se; see for example his presentation to the Information Outlook ’98 Conference in Canberra. From that time onwards he has pioneered digital credential governance and technologies, to improve the security of online transactions, the autonomy of businesses and the privacy of users.

From 1998 years he sat on the APEC eAuthentation Task Group, and was a major contributor to APEC’s Electronic Authentication: Issues Relating to Its Selection and Use (2003). He was a ministerial appointment to Australia’s National Electronic Authentication Council (NEAC) and helped drive the early National Authentication Authority (1999).


Pioneering digital credential frameworks internationally

In 2003 Steve published a detailed healthcare credentialing system for the American Bar Association. Over 2004 and 2005 he was retained by the Australian Government Information Management Office (AGIMO) to reform the federal Gatekeeper PKI framework. There he introduced one of the earliest forms of verifiable credentials, which he called Relationship Certificates, and subsequently piloted them with Medicare Australia. He worked out the fundamental liability arrangements for healthcare professional digital credentials with Medicare’s legal counsel, and drafted Medicare’s Relationship Certificate Policies which remain in use today.

Over 2005 to 2007 Steve was retained by several leading federated identity programs. He developed the SAML architecture for the Internet Industry Association (IIA) proposal for an industry-based authentication hub; he researched the digital identity marketplace and drafted the smartcard marketing strategy for the Trust Centre inter-bank federation.

Internationally, Steve has provided formative strategic advice on authentication to the governments of Hong Kong, New Zealand, Malaysia, Indonesia, Singapore, Kazakhstan and Macau, and to the eASEAN secretariat. He represented OASIS at the Asia PKI Forum (2005-08), and chaired the international OASIS PKI Adoption Technical Committee (2007-08).


Developing a unified vision and theoretical framework for data protection

The early ‘noughties saw major federated identity proposals come and go, including Identrus, the IIA authentication hub, and the Trust Centre. OpenID never took off as expected, the wonderful Cardspace died, and the Laws of Identity failed to deliver the envisaged rich marketplace of “identity providers”. There seemed to be no unifying explanation for these failures. So Steve drew together his decade and half’s experience to develop an incisive new ecological theory of digital identity which he presented at the AusCERT 2011 information security conference. Through 2013 he presented his ecological analysis to MIT’s legal hackathon, and the Cloud Identity Summit.

In parallel, Steve continued his independent R&D within Lockstep Technologies on Privacy Enhancing Technologies and PKI-based verifiable credentials, leading to several patents.

In December 2016, Innovate Identity named Steve in the top 10 of “The Most Influential Thought Leaders in Digital Identity”. In January 2017, One World Identity named Steve as one of the “Top 100 Leaders in Identity”.


Since 2018 Steve has been working to generalise verifiable credential technologies from “identity” to the bigger and more impactful arena of data protection.  His thinking has evolved from attributes (as presented to the 2013 Cloud Identity Summit) to verifiable data more broadly (Identiverse 2020-23, the GS1 U.S. Innovation Summit 2021 and FIDO Authenticate 2021-23).

He foresees infostructure being built at global scale in the next five years, leveraging personal cryptographic wallets and managed security services, to enable individuals to move their verified data around the economy as easily and as safely as they move their money.  “Digital Identity” as an abstract concept will give way to verifiable data, propelled by the international drive for safe data sharing, and making safe reliable information as available as stable electricity or clean drinking water.

Since 2020 Steve has played influential roles within:

  • New South Wales Digital Identity Ministerial Council (DIMAC)
  • World Health Organisation digital vaccination certificate working group
  • Identiverse Conference Program Committee.


Lockstep’s notable digital identity clients include:

  • U.S. Department of Homeland Security contracted over 2016-19 to develop a mobile verifiable credentials wallet for First Responders, using modified X.509 deployed under a private PKI (Lockstep is the only Australian company to be awarded a DHS commercialisation contract)
  • NSW Digital Driver License independent identity security adviser for Australia’s first mobile driver licence
  • Australian Payments Network facilitator for the Australian banking sector identity working group, and co-editor for the strategy paper that became TrustID
  • IBM strategic product adviser to the IBM Blockchain Identity team
  • Evernym subject matter expert on cryptographic key management in the DHS-funded project to develop the first Sovrin / Hyperledger Indy solution
  • Digital Transformation Agency of Australia, key adviser on Trust Digital Identity Framework
  • Biometrics Institute undertook a feasibility study for a new international privacy trust mark, designed implementation plan, technical criteria and governance framework
  • Australia Post when it undertook R&D in new Internet based digital communications offerings; Lockstep developed the trust & privacy strategy and privacy engineering manifesto
  • Westpac’s inter-bank Trust Centre where we provided market analysis for digital identity services and a smartcard product strategy
  • Australian Government Management Information Office (AGIMO), where we helped with a range of topics including national authentication frameworks, smartcards and PKI; we were responsible for a major strategy review of Project Gatekeeper and we developed the Relationship Certificate framework
  • National eHealth Transition Authority (NEHTA), where we developed the business case for the national authentication service for health (NASH), a PKI-based smartcard planned for 600.000 healthcare providers.

A capability statement and client list is attached below.

Stephen Wilson Digital Identity profile March 2024