Digital Identity 101
What do we mean when we talk about digital identity? It’s such a broad concept that can be applied in so many different ways, that it’s easy to assume whoever you’re talking to shares the same thinking, assumptions and background knowledge as you.
The reality couldn’t be more different - how different people perceive the very idea of a digital identity is shaped by their personal experience, where they live, their comfort level and familiarity with technology and a whole host of other factors.
This isn’t helped by the fact that there’s so many terms involved in the space - each of which is used in a slightly different way depending on who you’re talking to.
And while the differences between these usages may seem obvious to the people who use them every day, the truth is that the terms and concepts aren’t easily accessible to everyone. And this is a real problem - if people don’t understand a system, they’re never going to put their trust in it.
We know we’ve been guilty of this in the past. But, we firmly believe that if we’re to play a part in creating a system which businesses, citizens and governments can all trust then we have to be clear and transparent in the way we communicate.
So this is our starting point for that - a hopefully easy to understand guide to some of the key terms you’ll hear thrown around whenever someone talks about digital identity. This is by no means an exhaustive list but is instead to provide clear examples of some of the most commonly used terms.
Digital Identity Glossary
Authentication is the process by which your identity is confirmed when you attempt to access a service. In some cases you might confirm your identity using a password, or answering identifying questions, while in other cases you might use a biometric technique like a thumbprint or face scan.
Every digital identity is made up of a range of attributes - items and factors which confirm the person is who they say they are. Every identity scheme and verification process will require a range of different attributes to act as proof of identity- while one site might rely on your date of birth and current address, another might require your mobile number or national insurance number.
Biometrics is a massive field of science - but in the field of digital identity we almost always talk about biometrics as being a way to use something unique to an individual’s body to confirm their identity - for example a face scan. They are becoming an increasingly important part of the verification and authentication process, but also raise legitimate security concerns about how this data is stored, processed and protected. There are also issues of inclusion in biometrics, such as discrimination or systemic bias.
Behavioural biometrics is the field of study related to the measure of uniquely identifying and measurable patterns in human activities. The term contrasts with physical biometrics, which involves innate human characteristics such as fingerprints or iris patterns. Behavioural biometrics refers to any pattern of behaviour that is specific to the user, such as the rhythm and cadence with which a person types on their computer keyboard.
The term digital identity is used as a catch all to describe the wider system of verifying identity online, but it also has a specific meaning - your digital identity is the specific combination of attributes and documents which uniquely identify for a specific service or website. This means each of us can have a vast number of digital identities - every time we sign up to a new service we’re creating another digital identity for ourselves
Identifiers are what let each of us share our verified identities with a service. They could be a username, an email address, a unique string of numbers or some other form of unique information. What matters is that they are unique to an individual - the authentication and verification process falls down if two people share the same identifier. You might also see them referred to as a token.
Identity proofing is a form of verification focused on confirming the unique identity of the individual in question. It can involve a range of factors - including confirming biographical information, reviewing official documents or matching biometric information.
Most identity authentication and verification processes are confined to a single domain. When we talk about reusability in identity- we’re talking about a different approach - one which allows consumers to share the same identity with multiple institutions and businesses, who can see the verification work that has been done on it in the past.
The terms authentication and verification are frequently used interchangeably when discussing the digital identity space, but there is a difference. Verification is what happens when a user first signs up for a service and the process by which an individual’s identity is confirmed - taking the documents and information they provide as proof and vetting them using a trusted partner or database.