Identity
Everybody has an identity
Lets talk about identity and associated topics in the context of digital software systems.
What is identity
A person's identity is not a fixed concept; it is highly dependent on context.
Identity (ID)
(a) information about a specific Individual in the form of one or more attributes that allow the Individual to be sufficiently distinguished within a particular context;
(b) a set of the Attributes about a Person that uniquely describes that Person within a given context.
👉 distinguish an individual
- Example:
- Fingerprint of a person
👉 describe an individual
- Example:
- firstname = John
- lastname = smith
- dob = 10/10/1990
Identity documents
Documents that identify an individual are identity documents.
Almost all of us have some form of identity documents.
They can be classified into 3 types as below:
Commencement of Identity (CoI)
The first registration of an Individual by a government agency in a country. Also called cardinal documents.
In most cases these documents do not change during the lifetime of an individual.
- Example:
- Birth certificate
- Citizenship certificate
Use In the Community (UitC)
A government issued document, or a document issued by a reliable and independent source used to demonstrate the use of an Individual's Identity in the community over time. These documents ensures that the user's identify is in operation.
- Example:
- Driver's License
- Student ID card
- Bank issued card/passbook
- Health care cards
Linking Documents
A document which demonstrates the continuity of the claimed Identity where Attributes, such as name or date of birth, have changed.
- Example:
- Marriage certificate
- Change of Name certificate
Identity Proofing
Refers to the process of collecting, verifying, and validating sufficient Attributes (and supporting evidence) about a specific Individual to confirm their Identity.
In other words, Identity proofing is the process that we've all been through for example,
- when we've opened a bank account,
- or applied for passport
- or registered ourselves at a school/university etc;
The agency/organization would examine some documentary (and possibly biometric - somebody stares into our face and looks at the photo on the document) evidence provided by us to identify us as an individual in their records for the very first time.
Identity Proofing Objectives
The veracity of claims about an individual's identity is established through evidence provided to meet some or all of the following five identity proofing objectives
- Confirm uniqueness of the identity in the intended context
- Confirm the claimed identity is legitimate
- Confirm the operation of the identity in the community over time
- Confirm the linkage between the identity and the person claiming the identity
- Confirm the identity is not known to be used fraudulently
The result of identity proofing process is the identification of an individual. But here comes the question of confidence i.e. What is the confidence of identifying an individual with a certain identity.
Identity Proofing Level
Describes the level of assurance or confidence in the Identity Proofing process.
i.e. how confident is the process to say that the individual claiming to be John Smith is John Smith.
Different agencies categorize the assurance level into several Identity Proofing levels, as suitable for the purpose in context. TDIF categorizes IP strength (aka Level of Assurance LoA i.e confidence of establishing the identity to the individual) into 4 levels
- Identity Proofing Level 1 (IP1) - Low confidence in the established identity
- Identity Proofing Level 1 (IP2) - Medium confidence in the established identity
- Identity Proofing Level 1 (IP3) - High confidence in the established identity
- Identity Proofing Level 1 (IP4) - Very High confidence in the established identity
| Level of Assurance | Description | Aim | Controls | Processing Method | Use Cases |
|---|---|---|---|---|---|
| IP1 | Low confidence in the accuracy or legitimacy of a claimed identity | Identity is unique within the context | Self-claimed or self-asserted identity | Local / Remote | Pay parking fine or Issuing fishing license |
| IP2 | Some confidence in the claimed identity | Identity is unique within the context AND Identity is recognized by authoritative sources AND Identity is used in other contexts | Evidence of identity through use of identity information or documents from authoritative sources | Local / Remote | Creating bank account or Purchasing motor vehicle |
| IP3 | High confidence in the claimed identity | Identity is unique within the context AND Identity is recognized by authoritative sources AND Identity information is verified with authoritative sources Identity is used in other contexts AND the person is linked to the identity | Evidence of identity through use of identity information or documents from authoritative sources AND information or documents verified with an authoritative source | Local / Remote | Claiming Govt. welfare benefits |
| IP4 | Very high confidence in the claimed identity | Identity is unique within the context AND Identity is recognized by authoritative sources AND Identity information is verified with authoritative sources Identity is used in other contexts AND the person is linked to the identity | Evidence of identity through use of identity information or documents from authoritative sources AND information or documents verified with an authoritative source AND Individual witnessed in-person | Local | Issuing Govt. documents - Driver's license, Passport, Birth certificate |
The difference between IP3 and IP4 is that for IP4 there is a need for 2 UitC documents as against 1 for IP3
And, for IP4 the individual MUST be witnessed in person