Today we present an article submitted by DIACC guest blogger Patrick Cormier, VP of Business Development and Sales at Notarius. DIACC member guest bloggers share their unique insights and expertise. Guest blogger articles do not represent a formal opinion of the DIACC. This guest blog is shared under the Creative Commons BY-ND terms. (texte français)
At DIACC and IdentityNorth, strong claims are made that digital identities will unlock considerable growth and innovation in the Canadian economy. The far-reaching ramifications of that assertion beg the question: What are digital identities? Can you explain in simple terms what digital identities are or even answer the question “What is an identity?” Take a moment… Stop… Try putting your thoughts into a clear definition.
If you can’t come up with a definition or remain unsure, don’t feel bad! In recent years, I have asked that question routinely and have never got a simple, concise and precise answer, although there are some online references such as The Field Guide to Identity by Identity Woman (Kaliya “Identity Woman” Young [formerly Hamlin]) that are great references when exploring the multifaceted aspects of identity.
So, plainly put, I am motivated to define digital identities in a simple and straightforward manner because absent a common semantic ground on digital identities it would be more challenging to unlock economic growth and innovation that can be unlocked with robust digital identities.
What is Identity?
Simply put, an identity is a representation of who you claim to be and who you are. A digital identity is an electronic representation that claim. And finally, a trusted digital identity is a representation of you that can be relied on with confidence for high value transactions such as signing a contract or applying for a passport.
Identity is at the core of the authenticity of social interactions and the integrity of business processes. Identity is the starting point of any relationship, trust and confidence in ongoing interactions between individuals, organizations, and government. Identity is also dependent on context. Within an identity context, it is critical to be able to distinguish individuals from one another so that services can be delivered to the right individual.
A person’s Identity can be subjective or objective. The set of psychological and physiological properties that make me and you unique as we perceive ourselves is subjective identity. It is a mental construct allowing us to relate to one another while retaining our distinctiveness. That is all I have to say about subjective identity because I am primarily interested in the objective identity of a person: a social convention that binds identifiers and attributes to persons. Let’s deconstruct that definition to see how it holds.
A social convention: if you are the sole survivor of the Mars One mission and live alone on Mars without communication to Earth, identity – your name for example – becomes meaningless because you cease to relate to others. When people relate to others in society, in a group or online, they need to refer to one another, hence the social convention of assigning names to infants when they are born. The convention is social because its primary function is to allow persons (both physical and organizations) to relate to one another. It has more the flavour of a convention because some group members may refer to one another using identifiers appropriate to the context, i.e. usernames on a web site or the children of a family calling the father of a family Dad.
An identifier is a pointer that points towards a specific person. An identifier may be unique in a defined system, for example, a Social Insurance Number (SIN) in Canada. Two persons should never possess the same SIN. Although an identifier is intended for a specific person, it may in fact not be unique, for example, my name “Patrick Cormier” is shared by a lot of people. It may not even be related to real-world social convention (my online alias could be Fidel5351). Given this, some types of identifiers (such as our names or aliases) may not be unique in a given context and may point at more than one person. Other examples of identifiers: SIN/SSN, driving licence numbers, employee numbers… I will tackle a little later the need to uniquely identify persons in a given system.
An attribute is a property likely to be shared by many persons. Attributes can be professional (e.g. Lawyer, CPA, engineer, architect). Attributes can also be affiliations (e.g. employee of a company, alumni member), physical characteristics (e.g. eye colour, sex, height), etc.. Finally, attributes can also be in relation to corporate persons, like size (e.g. “Small & Medium Businesses”).
A person may be a physical or corporate person – any entity with standing in court. A person here is not a concept – it literally is a physical person (or organization). For greater clarity, I am not referring to marketing persona – generic roles.
Binding an identifier or attribute to a person generally implies that the person must have a way to legitimately claim the identifier or attribute. In addition to claims and in some contexts, binding may also imply that an identifier or attribute be legitimately associated with a person in the absence of a claim.
Binding is the action of reliably recording the relationship between a set of identifiers or attributes and the person. In modern societies, for identifiers, this is often made possible by the possession of state-issued documents such as a certificate of birth and, later, driving licences and passports. People also claim identifiers and attributes using community recognition (when a lot of other persons agree the claim is legitimate) and using Knowledge-Based Authentication (KBA). The premise underlying KBA – that only the person corresponding to an identifier would logically know the answers to specific questions – is losing credibility because of past massive data breaches. Finally, identifiers and attributes may also be assigned to persons without any claims intervening.
An identity is therefore a social convention that binds identifiers and attributes to persons. From this definition and above explanations, we can draw the following inferences:
The above inferences are just some of the inferences that should be clarified before considering what are digital identities. Digital identities are technological conventions that bind digital identifiers and attributes to persons. They necessarily exist in the technological realm. Digital identities can come in the following flavours:
To the question “what are digital identities”, one can also complete the answer by referencing the purpose they serve. A digital identity is intended to be a legally equivalent alternative to presenting yourself in-person with paper documents. A digital identity is intended to ensure that a specific person is at the other end of a transaction or at the origin of a signed document, for example, digital identities can be used to sign birth certificates, passports, University transcripts and diplomas, contracts, engineering drawings and plans, affidavits… Any document requiring proof of its origin weeks, months or even decades later.
Canada’s economy is fuelled by millions of transactions completed and documents signed every day. Now, imagine a world in which, over time, all these transactions and signatures could be completed digitally, legally and reliably. Imagine that for each transaction completed and document signed digitally, considerable savings have been realized because you can finally dispense with in-person appearances and paper processes inefficiencies. Imagine the range of new commercial activity that could be unlocked because the online market is a worldwide market as opposed to doing business locally.
Digital identities can, and will, unlock a modern, forward-looking and technologically advanced society. It is up to us to build the required trust frameworks to make this vision a reality. Get involved in DIACC now and attend IdentityNORTH next year!