Context matters when discussing identity resolution. Within the context of an identity proofing component, there are proprietary approaches used to resolve identity as a precursor to verification and validation. Given that, in this blog post I want to focus on the context of the RP, and see if there are any quantitative criteria it can use to effectively compare the information provided by the identity proofing component.
I have been frustrated by the fact that, in the U.S., access to authoritative public sector identity establishment sources by an RP is very hard, and that we typically depend on aggregated, secondary sources for KBA based remote identity proofing. As such, in order to deal with the world as it exists, RPs need an effective way of comparing what such an aggregator is able to offer.
A starting point for this discussion are the results of the study conducted by the NASPO IDPV Project on identity resolution. I've been giving this a lot of thought and also having conversations with smart people in the U.S. and in other jurisdictions. And as I learn more, my thinking on how to balance Proprietary and Standard approaches is evolving.
I don't have any magical answers, but these are the set of assumptions that I would seek to test and validate:
- We need to 'zoom out' on the resolution study and look at the factors it actually quantified
- resolution effectiveness of the attribute bundle
- availability of the attribute bundle within the database used
- availability of the attribute bundle as it relates to demographics or customer segments
- Identification of attribute needs of the RP
- for identity resolution
- for business processes
- Sensitivity of attributes or combination of attributes from a person's perspective
My sense is that, ultimately, an RP would like to ask the question "I need to uniquely resolve a person in demographic X, to a certainty greater than Y% with an availability greater than Z%. My analysis has shown that in my application context, people are sensitive to being asked for attributes A and B. What attribute bundles can you offer me?"
- Standardizing the RP Requirements for Identity Resolution
- Context and Identity Resolution
- HOW TO Choose Attributes to Uniquely Identify a Person
- Identity Establishment, Verification and Validation
- IDMGOV INFO: FICAM TFS TEM on Identity Resolution Needs for Online Service Delivery
Did you find this interesting? Don't miss any new posts. Sign up to automatically receive them now!
This blog post first appeared on Anil John | Blog (https://blog.aniljohn.com). The opinions expressed here are my own and do not represent my employer’s view in any way.