Anil John
Making Digital Services Secure and Trustworthy

Anil John

Quantitative Criteria for Evaluating Identity Resolution Data at the RP

 Tweet  Share  Share  Comment  Print  Email

Context matters when discussing identity resolution. Within the context of an identity proofing component, there are proprietary approaches used to resolve identity as a precursor to verification and validation. Given that, in this blog post I want to focus on the context of the RP, and see if there are any quantitative criteria it can use to effectively compare the information provided by the identity proofing component.

I have been frustrated by the fact that, in the U.S., access to authoritative public sector identity establishment sources by an RP is very hard, and that we typically depend on aggregated, secondary sources for KBA based remote identity proofing. As such, in order to deal with the world as it exists, RPs need an effective way of comparing what such an aggregator is able to offer.

A starting point for this discussion are the results of the study conducted by the NASPO IDPV Project on identity resolution. I've been giving this a lot of thought and also having conversations with smart people in the U.S. and in other jurisdictions. And as I learn more, my thinking on how to balance Proprietary and Standard approaches is evolving.

I don't have any magical answers, but these are the set of assumptions that I would seek to test and validate:

  • We need to 'zoom out' on the resolution study and look at the factors it actually quantified
    • resolution effectiveness of the attribute bundle
    • availability of the attribute bundle within the database used
    • availability of the attribute bundle as it relates to demographics or customer segments
  • Identification of attribute needs of the RP
    • for identity resolution
    • for business processes
  • Sensitivity of attributes or combination of attributes from a person's perspective

My sense is that, ultimately, an RP would like to ask the question "I need to uniquely resolve a person in demographic X, to a certainty greater than Y% with an availability greater than Z%. My analysis has shown that in my application context, people are sensitive to being asked for attributes A and B. What attribute bundles can you offer me?"

RELATED INFO


Did you find this interesting? Don't miss any new posts. Sign up to automatically receive them now!

I will never share, rent, or sell your information to anyone. Cancel anytime.

This blog post first appeared on Anil John | Blog (https://blog.aniljohn.com). The opinions expressed here are my own and do not represent my employer’s view in any way.

Topic(s):
By on |

Continue The Conversation ...

I would love to know your thoughts on this blog post. Please leave a comment below!

I am a digital security coach. I help technical leaders make digital services secure and trustworthy. Learn more »

Free Updates

I will never share, rent, or sell your information to anyone