Anil John
Making Digital Services Secure and Trustworthy

Anil John

Identity Establishment and the Role of the Public Sector

 Tweet  Share  Share  Comment  Print  Email

Identity is the starting point in the delivery of high value services, benefits and entitlements. As such, the initial establishment of identity by an authoritative party is the foundation upon which other services are built. This blog post looks at some of the public sector entities that perform this function and see how they operate in the online world.

The above picture (Based on a slide/content from a prezo by Canada TBS) shows how the starting point for service delivery, across the sectors, is the question of "Who are you?". The risk inherent in answering that question results in all of us being impacted by issues such as fraud, privacy breeches, and higher transactions costs. So, the initial establishment of identity by authoritative entities, and successfully leveraging it across multiple contexts is critical to reducing identity risk.

In the physical world, we deal with this on a regular basis, and rely upon a few authoritative entities to be accountable for the identity establishment function. Taking the United States as an example, if you look at DHS Form I-9, Page 9, List A and List B (Documents that Establish Identity + ), they include:

  • U.S. Passport
  • Foreign Passport
  • U.S. Driver's Licence
  • Native American tribal document
  • Canadian Driver's Licence
  • Others...

What I find interesting about this list is:

  1. There is no one centrally registered "identity document"
  2. Each of the entities that issue a document has an "identity establishment" process that results in the creation of an authoritative record
  3. They are all public sector entities

Yet, when we look at the online world, we do not see any of the above public sector entities electronically vouching for and standing behind the authoritative records that they create and manage. Into that gap have stepped the social media providers and data brokers who use transactional information to create identity records, and seek to monetize the use of that record; often without the knowledge of the subject of the record.

This is a sad state of affairs!

I am NOT a proponent of a "Single Government Identity Card" for both philosophical and practical reasons. I do, however, believe that the authoritative identity sources within the U.S. public sector have not done an equivalent job of vouching for information they create and manage (e.g. acting as a validation authority or an attribute provider) in the electronic world as they do in the physical world. And until they step up, we will continue to incur higher costs and consequences in the delivery of high value services, benefits and entitlements.

RELATED INFO


Did you find this interesting? Don't miss any new posts. Sign up to automatically receive them now!

I will never share, rent, or sell your information to anyone. Cancel anytime.

This blog post first appeared on Anil John | Blog (https://blog.aniljohn.com). The opinions expressed here are my own and do not represent my employer’s view in any way.

Topic(s):
By on |

Continue The Conversation ...

I would love to know your thoughts on this blog post. Please leave a comment below!

I am a digital security coach. I help technical leaders make digital services secure and trustworthy. Learn more »

Free Updates

I will never share, rent, or sell your information to anyone