Digital Identity 101

The reality couldn’t be more different - how different people perceive the very idea of a digital identity is shaped by their personal experience, where they live, their comfort level and familiarity with technology and a whole host of other factors. 

This isn’t helped by the fact that there are so many terms involved in the space - each of which is used in a slightly different way depending on who you’re talking to. 

And while the differences between these usages may seem obvious to the people who use them every day, the truth is that the terms and concepts aren’t easily accessible to everyone. And this is a real problem - if people don’t understand a system, they’re never going to put their trust in it. 

We know we’ve been guilty of this in the past. But, we firmly believe that if we’re to play a part in creating a system that businesses, citizens and governments can all trust then we have to be clear and transparent in the way we communicate.  

So this is our starting point for that - a hopefully easy to understand guide to some of the key terms you’ll hear thrown around whenever someone talks about digital identity. This is by no means an exhaustive list but is instead to provide clear examples of some of the most commonly used terms.

Digital Identity Glossary 

Authentication 

Authentication is the process by which your identity is confirmed when you attempt to access a service. In some cases, you might confirm your identity using a password, or answering identifying questions, while in other cases you might use a biometric technique like a thumbprint or face scan. 

Attributes 

Every digital identity is made up of a range of attributes - items and factors which confirm the person is who they say they are. Every identity scheme and verification process will require a range of different attributes to act as proof of identity- while one site might rely on your date of birth and current address, another might require your mobile number or national insurance number. 

Biometrics 

Biometrics is a massive field of science - but in the field of digital identity, we almost always talk about biometrics as being a way to use something unique to an individual’s body to confirm their identity - for example, a face scan. They are becoming an increasingly important part of the verification and authentication process, but also raise legitimate security concerns about how this data is stored, processed and protected. There are also issues of inclusion in biometrics, such as discrimination or systemic bias.  

Behavioural Biometrics  

Behavioural biometrics is the field of study related to the measure of uniquely identifying and measurable patterns in human activities. The term contrasts with physical biometrics, which involves innate human characteristics such as fingerprints or iris patterns. Behavioural biometrics refers to any pattern of behaviour that is specific to the user, such as the rhythm and cadence with which a person types on their computer keyboard.  

Digital Identity 

The term digital identity is used as a catch-all to describe the wider system of verifying identity online, but it also has a specific meaning - your digital identity is the specific combination of attributes and documents which uniquely identify for a specific service or website. This means each of us can have a vast number of digital identities - every time we sign up to a new service we’re creating another digital identity for ourselves 

Identifiers 

Identifiers are what let each of us share our verified identities with a service. They could be a username, an email address, a unique string of numbers or some other form of unique information. What matters is that they are unique to an individual - the authentication and verification process falls down if two people share the same identifier.  You might also see them referred to as a token. 

Identity Proofing 

Identity proofing is a form of verification focused on confirming the unique identity of the individual in question. It can involve a range of factors - including confirming biographical information, reviewing official documents or matching biometric information. 

Reusability 

Most identity authentication and verification processes are confined to a single domain. When we talk about reusability in identity- we’re talking about a different approach - one which allows consumers to share the same identity with multiple institutions and businesses, who can see the verification work that has been done on it in the past.  

Verification 

The terms authentication and verification are frequently used interchangeably when discussing the digital identity space, but there is a difference. Verification is what happens when a user first signs up for a service and the process by which an individual’s identity is confirmed - taking the documents and information they provide as proof and vetting them using a trusted partner or database.  

 
Read more on GBG’s work on Digital Identity here in Raconteur or by exploring our State of Digital Identity report.