Who Am I? Identity Requirements in a Modern World

If you are anything like me, and you have any type of online presence (I am aware that some people do not), you probably don’t show all aspects of your personality equally across all of your platforms. For example, your LinkedIn profile probably shows — and arguably should — a different set of your personality traits compared to what you share on Facebook or Instagram.

aerial view of people walking in city center

Digital Identity follows the same principles. What one organization (or relying party) needs to know about me is often quite different to what another organization needs to know about me. The example about which many of us are familiar is related to the purchase of age-restricted goods, such as alcohol. In that scenario, the cashier or bartender only needs to know that I am old enough to make the purchase and does not need to know my exact age, much less my address and other information that is often over-shared in these scenarios.

Contrast this with a bank that, due to heavy regulation (Know Your Customer or KYC regulations), really needs to know their customers before allowing them to open bank accounts in order to prevent money laundering or other illegal activities to take place using their services. Even then, there is probably some information that the bank does not need to know about me and that I would probably prefer not to share.

In fact, a lot of the time when we are asked to “prove our identity,” what we are, in fact, being asked to prove is whether we are entitled to perform a transaction or receive a good or a service.

Digital identity can help with all of this by creating a proven and authenticated source identity at the start of the process — using this trusted “anchor” to prove that we are entitled to buy a beer, open a bank account, or enter an establishment — that contains only the information that that particular relying party needs to verify in order to complete the “transaction.”

In this way, good digital identity enhances citizen privacy, as well as user control and consent, by regulating who gets to see what. Some other principles of good digital identity solutions include:

  • They must be designed with privacy protection in mind from the start (Privacy by Design or PbyD)
  • At origination, they are verified to high degree of assurance
  • They provide user control and consent over how, when and what personally identifiable information (PII) is shared (i.e. they are user-centric)
  • Not only do they enhance privacy as described above, but they also enhance security with no trade-off between the two
  • They can be read or verified by digital identity verification solutions from different vendors (i.e. they are interoperable); and in that sense, they are platform-agnostic. Similarly, they should be holistic and useable across different types of service.
  • They are portable, in that I own my own digital identity; and, if I decide that I don’t like the service I am using to manage my digital identity, I can “pick it up” and take it somewhere else.

Of course, there is a significant chicken-and-egg situation here; for there to be the required uptake of digital identity products, there needs to be a network of service providers that accept them — but for these service providers to exist, there needs to be sufficient digital identity products available in the first place. There is little doubt, however, that this dilemma will resolve itself over time; it also means that, at least during this transition period, we will still need to rely on physical legacy systems that do not (yet) operate in the digital world, including physical IDs.

Read more about how HID Global transforms the future of identity in our brochure Beyond Citizen Identity.

Darren Lal has worked in the government identity solution industry for over 20 years in a variety of roles including bid and commercial management, sales and business development, and major project implementation. He is currently Regional Director in CID’s Bid, Commercial and Business Solutions team.