The march is on to establish digital identities that fully mirror the real-life identities of individuals.
This achievement will unlock more secure, seamless, and reliable interactions online for individuals and organizations alike. While the myriad online activities, multiple social media accounts, and overall immersion of the modern person may make it seem as though identities have completely migrated into the digital ecosystem, the fact is that digital identities remain highly fragmented, context-dependent, and challenging to verify.
This deep dive into digital identity will describe the current digital identity landscape, examine the value that accurate and comprehensive digital identities promise, and outline four guiding principles for any organization interested in making the most of digital identity development.
What is digital identity?
No standard definition of digital identity currently exists. The World Bank, World Economic Forum, and NIST, among other organizations, each have distinct descriptions of the notion. However, most descriptions can be encompassed by the following:
Digital identity definition
A digital identity is a collection of features and characteristics associated with a uniquely identifiable individual — stored and authenticated in the digital sphere — and used for transactions, interactions, and representations online.
Pinning down an authoritative definition is difficult because the attributes that make up an identity are a mix between what is observed and what is disclosed, objective facts and subjective values, and self-assessments and appraisals by others.
Compounding the challenge is the fact that some elements of an identity are given to people (e.g. name, passport number, recommendations) and some are created by the individual (e.g. the content of social media and dating profiles).
Furthermore, the elements of identity that are useful in the digital sphere are highly context-specific, meaning that digital identity’s definition for one organization or department may be completely different from that of another.
The majority of digital identity interpretations can be summed up in four categories.
1. Digital identity as credential
This includes key information that people traditionally use to identify themselves. This information can be found on government issued documents like driver’s licenses, passports, birth certificates, or health cards.
In this category, digital identity simply means a digitized version of an individual’s:
2. Digital identity as character
This can be summed up as an individual’s self-portrayal online. This identity is controlled solely by the individual who shapes online profiles through their commentary, activities, and self-descriptions.
The information that comprises this identity category include:
3. Digital identity as user
This version is the collection of information related to an individual’s digital behavior. It is typically collected by counter-parties with which an individual interacts along with third parties to whom an individual has given permission. The picture of an identity is constructed through an accumulation of actions that reveal habits, interests, preferences, and priorities.
These actions include:
4. Digital identity as reputation
This is derived from information that is publicly available and created by reputable third-parties. An identity is revealed through an individual’s history. These records often follow an individual and can impact things like employment opportunities, renting opportunities, and more.
Examples of digital identity as reputation can include:
The traditional digital identity problems
While each of the four digital identity definitions has its uses, two problems exist. This two issues create the majority of problems when it comes to digital identity.
Digital identity isn't universal
Different digital identity definitions work in different contexts. One’s identity as a character, for instance, is not going to be sufficient to transfer money from a bank account, register to vote, or apply for government services. Conversely, identity as credential is not going to indicate to hiring managers whether a job applicant is suitable.
Accurate data ≠ accurate identity
Some identity data may be true of a person, while not communicating anything about that person’s preferences, history, or reputation. This is especially true for data related to identity as a credential.
Furthermore, in many cases — particularly those involving social media — there is no certainty that a person’s digital identity resembles anything like his or her real-life identity at all. Online profiles can be shaped to misrepresent or flatter the individual, and cannot be relied on to deliver a comprehensive account of a person’s identity.
Much of the evolution in digital identity can be considered to be a progressive consolidation of this patchwork of data to match the digital person with the actual person in an accurate and secure way.
The movement toward a unified digital identity
Through innovation, national initiatives, and other projects, digital identities are gradually being more closely tied to their real-life counterparts. In a number of instances, the line between the digital identity and physical person is being blurred. Here are some examples of how:
Accessing digital devices through fingerprints or facial recognition has almost become a norm. Tying digital access to physical characteristics in this way increases cyber security and convenience by ensuring that a person’s digital world is being accessed by the appropriate physical person.
Guest sign ins at companies, hospitals, and industrial facilities are being transferred from paper to self-serve digital devices. These are typically tablets with visitor management software that creates a comprehensive digital record of visits, contributes to access management, and integrates with other business software.
An individual’s physical presence on a site can now be made part of a digital profile that is combined with other accessible information to get a more accurate picture of a person’s identity.
Alexa and Echo can now differentiate voices within the same household, and tailor responses to each individual. Online preferences, shopping habits, and purchase histories are now being tied to an individual’s real life biology.
Examples of digital citizenship around the world
Several countries are developing digital identities for their citizens and forging a more robust link between the digital and the real world. Among the countries and regions pursuing initiatives are:
By 2020, the country will integrate biometrics into its National Digital Identity system. This will allow “Singapore residents and businesses to transact digitally with the Government and private sector in a convenient and secure manner.”
The integration will use biometric information — including fingerprints and facial recognition — for logins and will increase access to services and reduce “form-filling and the need for users to provide verifying documents.”
The European Union
In 2018, the EU permitted electronic identification to be applicable across borders, meaning citizens can access services, share information, perform transaction from throughout the region.
Canada & the Netherlands
In a project called the Known Traveller Digital Identity, citizens of Canada and the Netherlands will be able to travel between the two countries using passport information stored on a phone and authenticated using biometrics.
The principles guiding the development of digital identity
Two sets of guidelines inform the development of digital identities: the Windhover Principles for Digital Identity and Trust and the NIST Digital Identity Guidelines.
1. Windhover Principles
The Windhover Principles were developed by the Institute for Data Driven Design and center on the notion that “Individuals and groups should have control of their digital personal identities and personal data.” This means that individuals should have full access to the data that is associated with their digital identity along with maximum knowledge and control of who can access it.
2. NIST Digital Identity Guidelines
The NIST Digital Identity Guidelines delineate the requirements for US federal agencies intending to use or implement digital identity services. The guidelines provide a framework to balance the need for the successful authentication of an individual with an individual’s need for privacy, and can be considered best practices.
The value of digital identity
For businesses, agencies, and individuals alike, the development of a standard, comprehensive digital identity promises several major benefits. These include:
1. More streamlined processes
The number of usernames and passwords that users are required to store or remember has become overwhelming. It is now a point of friction between the user and organizations. A singular, reliable digital identity can remove this hindrance.
|Related: Learn more about the elements of a strong password and how to actually remember it.|
2. Increased access
A standard digital identity means that more people, records, and services can be accessed digitally and remotely. If digital identities can be designed to meet standards in multiple countries, access to services can also transcend borders, simplifying international commerce and travel.
3. Better understanding of the user
A digital identity that maps more accurately to an individual’s real-life identity will enable companies to achieve more personalized promotion and more seamless omnichannel marketing.
4. Improved security
Identity theft arises from the compromise of personal information, PINs, or answers to security questions. For victims, the consequences can be severe. A robust digital identity scheme can reduce exposure to this risk by eliminating the requirement for such easily-comprisable authentication techniques.
How companies can take advantage digital identity development
Companies can embrace and help usher in developments in comprehensive digital identity and begin enjoying the benefits associated with it early. Discussions about digital identity as it relates to operations should involve a large portion of the executive suite. CEOs, CMOs, CIOs, and CSOs all have a stake in the technology. Some of the actions a company can take to prepare include:
1. Expanding the definition of digital identity
An organization may have one notion of digital identity for security purposes, another for marketing, and yet another for human resources. Consider how these can be consolidated — and added to — to provide a full picture of the real-life user.
2. Breaking down silos
Ensure that critical information about users does not stay contained within departments. Uncover ways to share information across the organization in order to enhance digital security, discover cross-selling opportunities, and understand the guest that visits, whether digitally or physically.
3. Adopting relevant technology
Automate the expansion of digital identity through software. Employing something as simple as an identity and access management management system can help your company streamline user access to information to increase security and efficiency
It also allows you to customize access privileges for users, centralize the storage of employee information, and speed up the onboarding process for new employees. When you implement a identity and access management system, the benefits can be seen by every team and multiple stakeholders.
4. Establishing a set of digital identity values
Compliance requirements aside, the development and use of digital identities always requires a discussion of the appropriate balance between privacy and utility.
It is important to determine:
Taking these actions today will contribute to more comprehensive and accurate digital identities and lay the groundwork for the time when a universally recognized version is established.
Digitizing the human experience is the way of the future
The world is gradually moving toward a time when individuals’ online identities matches their real-life identities and provide a global and accurate view of who the are, what they do, and how they see themselves.
Consolidating the currently fragmented versions of digital identity promises to make more informative, secure, and streamlined processes for companies and agencies and a more convenient, accessible, and manageable world for individuals.