Digital identities are set to revolutionise how we transact with business, with governments and with each other. A secure binding of our real world identity to a secure digital token that will allow us to perform trusted transactions online.
At the moment, there is a lot of focus on how we onboard the real world identities and create the initial trusted binding to the digital token. In India, the Aadhaah identity scheme have been creating a national register of identities for over 6 years – collecting the biometrics of over 1 billion residents. In the UK, the GOV.UK Verify scheme has 8 private sector identity providers competing for the enrolment of citizens at the point in time when service provision is required. Norway, Sweden and Canada use Bank issued identity credentials. The different models used are based on national circumstances, customs and practices. Though the common theme is that this initial registration process is a huge commitment for both the identity provider and the end users.
The other area of focus is on authentication; once we’ve bound the real world identity to the digital token, how we allow the end user to assert their ownership time and time again. Credentials range from the humble password, through the convenient if you have it to hand usb key, to mobile apps / codes. With the war on the password recently being stepped up by Google, we’ll start to see biometrics, behaviour and characteristic probability added to the mix.
The biggest challenge though is how to maintain the link between the real world and the digital token. Things in the real world have an annoying habit of changing – so how to keep the digital token in sync whether through genuine change or fraudulent use is an area that needs to be addressed before the hard work of on boarding is corrupted. The monitoring, fraud controls and background rechecks that are sufficient today will be lacking tomorrow as more trust and more services become reliant on the digital identities that exist.
Using authentication to strengthen the binding of the real world identity to the digital token over time is an exciting opportunity. If the identity provider can distinguish to a high degree of probability that I am the one authenticating against my digital token then they no longer need to check against mortality records to ensure that I am still alive in the real world. If they know that I sign in from my home location, they can also confirm to a high degree of probability that my real world address is still valid. The reverse of this is that they can also identify that my digital token may be being used fraudulently, either by me or another party (identity theft).
The propagation and growth of the digital identity market makes the need for more intelligent re-proofing and re-checking back to the real world identity a higher priority than it currently is. Time or frequency based checks that are sufficient today will be reduced to real time verification. Whilst the authentication services may not be sufficiently mature yet (in terms of implementation) to allow our behaviours and characteristics to be used for asserting our identity now is the time to start looking at how they can be used for protecting and verifying the link between our real world identity and the digital representation of it.
There are certainly challenges around privacy and data consent to be addressed – though if we don’t start doing the thinking now we’ll lose the trust and therefore the hard work that went in to establishing the original link. Otherwise, how confident will service providers be in 2 years time that my digital identity is still the person I used to be?
Read my other posts
Defining the Business Analyst – Better job descriptions for Business Analysis
Unexpected Customer Behaviour – The role of self-service in your customer service strategy
Rip it up and start again – The successful Business Transformation
Too Big To Fail – Keeping the heart of your business alive
The upstarts at the startups – How startups are changing big business
In pursuit of mediocrity – Why performance management systems drive mediocrity
Bryn Robinson-Morgan is an independent Business Consultant with interests in Identity Assurance, Agile Organisational Design and Customer Centric Architecture. Bryn has near 20 years experience working with some of the United Kingdom’s leading brands and largest organisations.
Follow Bryn on Twitter: @No1_BA
Connect with Bryn on Linked In: Bryn Robinson-Morgan
Source: bryn blog