Learning Series – What is a digital identity?

Part 1 – Fundamentals

Introduction

What is identity, and what makes you, you? What are aspects of a person that may be used to describe them uniquely? Is there an aggregate set of consolidated information about someone, when distilled, can still constitute a dependable representation, distinguishable from all others?

With the rapid evolution of emerging technologies and the onset of the information age, we have all felt the need to catch-up to certain trends and terms. The advent of computing, and its increased sophistication described by Moore’s law, has left us constantly adapting to an ever-changing landscape that is virtually inescapable in our daily lives and modern interactions.

Among the numerous implications of integrating such innovations into our routines in a safe and practical manner, the topic of digital identity has become of great interest across personal, enterprise and government levels. In an effort to continually improve the way it offers its programs and services to citizens, the Canadian federal government has adopted a roadmap for a more digital government, aspiring to be among the best of digital nations.

With the adoption of digital options supplanting analog counterparts, representing a person this way has been a topic of great interest, but we are getting ahead of ourselves. Instead of describing the entire concept of digital identity, the first part of this learning series will define identity, introduce key terms and their relationship to each other, then illustrate these concepts in a real world setting.


What is identity?

You have an identity as an individual, independently of the paper, plastic, or other forms of representation of this identity. Your identity is a claim of who you are, how you proceed through the world, and interact with it. We should also consider who, or what, can have an identity. While we all intuitively understand that a unique, physical person has an identity, the term can also apply to other things, such as an organization (e.g., a business or more informal association) or a device (e.g., your refrigerator in an IoT network of household devices). We will call anything that can be identified in a specific context an entity. Context can be used to establish permissions, rights, or to convey characteristics such as a specific competence or achievement.

Identity can also be subjective or objective. The set of psychological and physiological properties that make an entity unique to us as we perceive them is subjective identity. It is a personal mental construct allowing us to relate to the elements around us while maintaining their distinctiveness. At IDLab we are primarily interested in the objective identity of an entity.

Identity is the starting point of any relationship. It sets the stage for building trust in ongoing interactions between individuals, businesses, governments and even devices. In those interactions, however, we require the capacity to prove things, which fall into two categories. Identification, a confirmation that you are who you say you are, and credentials that demonstrate everything from level of education to permission to operate a motor vehicle.


Key terms

There are two different types of evidence of identity:

  • Foundational evidence is built on fact-based foundation events, or more specifically, the existence of a legally recognizable person or organization. Great examples are birth or immigration for persons, and incorporation for a registered business entity. In Canada, issuing foundational identity is the exclusive prerogative of the public sector.
  • Contextual evidence is used for a specific purpose, in a specific context. Examples of contextual identity and associated evidence include banking credentials, driver’s licence, or even something as basic as a valid social media account.

An identifier is an indicator that points towards a specific entity. An identifier may be unique in a defined system, like a Social Insurance Number (SIN) in Canada. Other examples of identifiers include driver’s licence numbers and employee numbers. For organizations, similar examples might include corporate registration numbers.

An attribute is a property, or characteristic, likely to be shared by many entities. Attributes can be professional designations, like lawyer or architect, affiliations (e.g. employee of a company, alumni member), or physical characteristics (e.g., eye colour, height). Attributes can also be in relation to corporate entities, like business size (e.g., small and medium).

Binding an identifier or attribute to an entity implies that the entity must have a way to legitimately claim the identifier or attribute. Binding is the action of reliably recording the relationship between a set of identifiers or attributes and the person or organization. The sum total of this recorded information,  a set of attributes and identifier(s) bound to an entity, is referred to as a credential.

With the binding identifiers and attributes to an entity, a credential can be used to make a claim regarding identity. This may include access to a service or establishing an interaction. Every time an identity is claimed by someone or something, there is an assertion of the existence of that identity and the evidence that supports it.

Validation is the process of confirming the accuracy of the information presented. Verification is the process of confirming that the identity claimed uniquely belongs to the entity claiming it.


Illustration of these concepts in a real world setting

Let us imagine you encounter a police roadside check on your way home and the officer first asks who you are and where you live. You put forward your name and provide your driver’s licence as proof. At this point you have self-asserted your identity and supplied supporting credentials. The officer then returns to their car with your licence and consults the Provincial driver registry to further ensure that you are who you claim to be, and the claim is accurate. This secondary check tells the officer that the driver’s licence number exists and a trusted third party (i.e., the driver’s licence bureau) has gone through its own process of verifying the existence of your identity.

There was a validation of the attributes and identifiers used to support the identity claim that your credential represents. In this case, the name you claimed was checked against the licence. Approximate age and other attributes available on the licence have also been checked to confirm the accuracy of the information presented.

The officer performed an initial verification by comparing the picture on your licence to you, believing that a person’s face is relatively unique. A secondary verification was done when the officer consulted the provincial driver’s licence bureau to ensure the evidence presented was valid and not revoked, and by extension, they gained the knowledge that a trusted third party had also done their own validation and verification process before issuing the driving licence.

These validation and verification efforts allowed the officer to accept the assertion of identity, as represented by the credential.


Conclusion

Before introducing digital identity, it is important to understand the principles upon which identity is founded. Afterwards, at its simplest level, digital credentials are the electronic equivalent of the physical credentials we already use today; claims to an identity or attributes of that identity and are presented to make an assertion. With digital identity comes additional possibilities and concepts such as self-sovereign identity and selective disclosure. The next part of this learning series will describe digital identity in greater detail and begin to outline its benefits and the technology that enables it.

What interests you most about digital identity? What are your unanswered questions, or concerns? We would love to hear from you and address the most popular topics in subsequent learning series.