Identity is the starting point in the delivery of high value services, benefits and entitlements. As such, the initial establishment of identity by an authoritative party is the foundation upon which other services are built. This blog post looks at some of the public sector entities that perform this function and see how they operate in the online world.
The above picture (Based on a slide/content from a prezo by Canada TBS) shows how the starting point for service delivery, across the sectors, is the question of "Who are you?". The risk inherent in answering that question results in all of us being impacted by issues such as fraud, privacy breeches, and higher transactions costs. So, the initial establishment of identity by authoritative entities, and successfully leveraging it across multiple contexts is critical to reducing identity risk.
In the physical world, we deal with this on a regular basis, and rely upon a few authoritative entities to be accountable for the identity establishment function. Taking the United States as an example, if you look at DHS Form I-9, Page 9, List A and List B (Documents that Establish Identity + ), they include:
- U.S. Passport
- Foreign Passport
- U.S. Driver's Licence
- Native American tribal document
- Canadian Driver's Licence
What I find interesting about this list is:
- There is no one centrally registered "identity document"
- Each of the entities that issue a document has an "identity establishment" process that results in the creation of an authoritative record
- They are all public sector entities
Yet, when we look at the online world, we do not see any of the above public sector entities electronically vouching for and standing behind the authoritative records that they create and manage. Into that gap have stepped the social media providers and data brokers who use transactional information to create identity records, and seek to monetize the use of that record; often without the knowledge of the subject of the record.
This is a sad state of affairs!
I am NOT a proponent of a "Single Government Identity Card" for both philosophical and practical reasons. I do, however, believe that the authoritative identity sources within the U.S. public sector have not done an equivalent job of vouching for information they create and manage (e.g. acting as a validation authority or an attribute provider) in the electronic world as they do in the physical world. And until they step up, we will continue to incur higher costs and consequences in the delivery of high value services, benefits and entitlements.
- Acceptable Documents that Establish Identity - DHS Form I-9 (Page 9)
- Dear Maryland, Will You Be Wasting My Tax Dollars on Passwords?
- Identity Establishment, Verification and Validation
Did you find this interesting? Don't miss any new posts. Sign up to automatically receive them now!
This blog post first appeared on Anil John | Blog (https://blog.aniljohn.com). The opinions expressed here are my own and do not represent my employer’s view in any way.