Anil John
Making Digital Services Secure and Trustworthy

Anil John

Quantitative Criteria for Evaluating Identity Resolution Data at the RP

 Share  Print  Email

Context matters when discussing identity resolution. Within the context of an identity proofing component, there are proprietary approaches used to resolve identity as a precursor to verification and validation. Given that, in this blog post I want to focus on the context of the RP, and see if there are any quantitative criteria it can use to effectively compare the information provided by the identity proofing component.

I have been frustrated by the fact that, in the U.S., access to authoritative public sector identity establishment sources by an RP is very hard, and that we typically depend on aggregated, secondary sources for KBA based remote identity proofing. As such, in order to deal with the world as it exists, RPs need an effective way of comparing what such an aggregator is able to offer.

A starting point for this discussion are the results of the study conducted by the NASPO IDPV Project on identity resolution. I’ve been giving this a lot of thought and also having conversations with smart people in the U.S. and in other jurisdictions. And as I learn more, my thinking on how to balance Proprietary and Standard approaches is evolving.

I don’t have any magical answers, but these are the set of assumptions that I would seek to test and validate:

  • We need to ‘zoom out’ on the resolution study and look at the factors it actually quantified
    • resolution effectiveness of the attribute bundle
    • availability of the attribute bundle within the database used
    • availability of the attribute bundle as it relates to demographics or customer segments
  • Identification of attribute needs of the RP
    • for identity resolution
    • for business processes
  • Sensitivity of attributes or combination of attributes from a person’s perspective

My sense is that, ultimately, an RP would like to ask the question “I need to uniquely resolve a person in demographic X, to a certainty greater than Y% with an availability greater than Z%. My analysis has shown that in my application context, people are sensitive to being asked for attributes A and B. What attribute bundles can you offer me?”

RELATED INFO


This blog post first appeared on Anil John | Blog (https://blog.aniljohn.com). The opinions expressed here are my own and do not represent my employer’s view in any way.
Topic(s):
By on |

Continue The Conversation ...

I would love to know your thoughts on this blog post.
Meet me over on Mastodon to join the conversation!
I am a public interest technologist. I help organizations and leaders make digital services secure and trustworthy.
Learn more »

Disclaimer: The opinions expressed here are my own and do not represent my employer’s view in any way.

About

Anil JohnI am a public interest technologist. I help organizations and leaders gain clarity and understanding on complex architecture, information security, privacy practices, and market dynamics, so they can enable secure, trustworthy digital services. More about me →

Find me on Mastodon

Find me on Mastodon

Organizations I Support

© 2003-2023 Kylas Group LLC
Privacy Policy | Terms of Service