THANK YOU FOR SUBSCRIBING
Trusted interactions are key to well-functioning digital economies. Across the globe, we’ve seen the emergence of national digital identity programmes, aiming to establish this trust. Such schemes are generally created with the intention of facilitating trusted interactions between individuals and relying parties (for goods and services), however these trusted digital identities can also be used to strengthen security within organisations – to both improve security and user experience.
A digital identity is digital representation of verified attributes and credentials that can be used to transact online. Generally housed on a smartphone and based on a range of evidence types checked against authoritative sources that may include biometric matches and liveness tests, digital identities increase assurance that someone is who they claim to be.
When combined with organisations’ identity and access management (IAM) systems, a trusted digital identity can increase security and reduce risks associated with user names and passwords and at the same time offer a consistent and frictionless user interaction.
“A digital identity is digital representation of verified attributes and credentials that can be used to transact online”
This interaction of digital identities with IAM is illustrated in the diagram below. My digital identity confirms who I am. When used with IAM, it specifies my persona within an organisation-specific context. The IDAM system manages what I can do within the organisation.
As an individual, I can have multiple person as when dealing with different organisations or even within the same organisation, but my “identity” always remains the same. For example, I access my bank account online as a customer (persona), but as an employee (persona) of the same bank, I need access to different systems to perform my job. In both cases, who I am (my identity) does not change, but in the context of the bank, each persona has different permissions.
For individuals, the real power of a digital identity is a simple, trusted and consistent interaction to prove identity regardless of which organisation they are dealing with. In the bank example, my digital identity can be used to interact with the bank, removing the need for a separate customer identifier and employee identifier. Likewise, my digital identity can be used to interact with my university as a studentor with my local government as a resident.
Only information relevant to a specific interaction needs to be requested and shared with express consent, putting the individual in control of their identity information. This not only enhances trust, but also reduces organsiations’ storage and management of personally identifiable information (PII). As a customer purchasing alcohol online, I can share an “18+” attribute to prove my age, rather than my exact date of birth, protecting my sensitive personal information.
For organisations, once the relationship has been established between digital identity and permissions, the digital identity subsequently be used as a high assurance, password less authentication factor. It can also be used as part of organisational workflows to verify that the person with relevant authority is in fact the individual performing specific tasks like approving spend or electronically signing a contract.
Used as part of employee onboarding, a digital identity can confirm identity, but also qualifications or entitlements, like a police check or a forklift licence. A digital employee credential linked to the digital identity could replace physical ID cards and be scanned to access buildings. These could also be combined with real-time biometric checks for higher risk interactions like entering high security areas. All provisioning and lifecycle management becomes completely online, removing the need to manage plastic cards.
As digital identity programmes continue to evolve and grow in popularity, there is an opportunity for IAM providers and organisations to consider how they can leverage trusted digital identities to both improve security and experience. This requires thinking about identity interactions more broadly than today. Rather than optimising for and within a single organisational context, consideration must be for unifying the identity experience across ecosystems with the individual at the core; enabling multiple person as to seamlessly interact with multiple services – all using a single, trusted digital identity.