An Introduction To Digital Identity
How often do people acknowledge the basic yet important existential things in the world? Like the ground beneath us.
Because they are taken for granted.
Our identity is something similar. Pervasive but relegated in importance. Without an identity, a person doesn’t exist even if he is standing in front of you physically. You can’t identify or recognize him or her and because you can’t do that, you can’t serve him or help him. Identity is the beginning of everything in our world and because an overwhelming majority do have it, the identity is underappreciated.
Nevertheless, with the economy quickly shifting to the Web, businesses have no choice but to start searching and learning about digital identities and find mechanisms to deal with the digital identity. In this post, we will try to explain the what a digital identity is, where it lives, why an online identity is important and how businesses can use it as a leverage.
The good thing about the Web is that all the end products and services made available online are a translation of the real world. So, the concept of digital identity on the Web is the same as that of identity in the real world. Just that it is abstract and slightly different in design and implementation adjusting to the realities of the Web. In our daily lives, we make a whole lot of transactions buying clothes, supplies, vehicles and what not. In most simple transactions, our physical presence itself is a confirmation of our identity but that is not so on the Web. Every transaction on the Web is remote which necessitates the use of an online identity for the opposite party to know and understand you are you.
But at the basic level, what is an identity? Its definition stems from its usage. Identity is any set of characteristics that define a person and can be used to uniquely identify that person. The set of characteristics are decided by a legitimate issuing authority, most commonly federal or provincial governments or their subsidiaries and any institutions, and may vary from one issuing authority to another. The purpose, though, is common throughout.
Think of your passport. Provided you have fulfilled requirements (like visa and finances), immigration authorities of any country can ascertain your identity from your passport and grant you entry into their country. Prior to the expiry of your visa, you must exit the country. Obviously, your passport has been issued by one country which is the issuing authority.
Digital Identity Definition
Teleport to the Web now. The situations are pretty much the same. It’s just the handling that differs. The International Telecommunication Union defines identity as a “representation of an entity in the form of one or more attributes that allow the entity or entities to be sufficiently distinguished within context.” The context is important since the set of attributes vary from one authority to another. Quite obviously, all attributes of an entity can’t realistically be captured. ITU puts the definition of digital identity as “a digital representation of the information known about a specific individual, group or organization.” The International Organization for Standardization also provides definitions and frameworks for digital identity in its standard ISO/IEC 24760-1 as a “set of attributes related to an entity.” On the Web, these attributes could be anything starting with a name, address, age, gender and so on. Of course, for an organization the set of attributes would be slightly different from those used to describe a person but, nevertheless, are similar in description and use.
That was how you define digital identity in technical jargon. But then there is the online identity as well. You can find a detailed description on the usually reliable (online identity) on Wikipedia. So, the question that beckons here is: what’s the difference? Well, it’s thin line that many people choose to obscure as well. To be extremely precise, online identity is a subset of the digital identity. The digital identity is a digital version of a person’s real identity. It can be any digital version including social media profiles. Refer the definition of digital identity again. Online identity, on the other hand, is specifically the profile that a person would create on social media platforms, websites, chat forums and so forth. However, there is no laid down definition of the online identity which allows us to use the two terms (online identity and digital identity) interchangeably. Either way, since we are mostly talking about identity for businesses and correspondingly Customer Identity Management, you will understand what we are referring to. We trust you on that.
Who issues a digital identity?
To draw an analogy here would be making things even more complicated. But suffice to say that, there is no universally recognized authority where people can register themselves and get their digital identities made. It still remains a grey area and considering nobody really controls the internet, it is quite improbable that there will be a universal online identity in the near future. So, as it stands now, every website is free to allow customers to register themselves and create their digital identities but which can only be used on that particular website. Nobody logs into a Gmail account with a Yahoo identity. Such a situation is not really desirable because one person then possesses multiple online identities valid in multiple domains. It’s like one person holding multiple passports. But then there is no standardized solution except for make shift ones like Social Login, which are actually quite efficient in current scenarios. Social Login exploits the social identity which most people create on popular social networks like Facebook and Twitter. Owing to the high populations on social networks, businesses are exploiting social identities to provide easier access. Following it are concepts of Single Sign-On and Federated Identity which will be covered later.
Where does digital identity rest?
In the real world, identity is proved primarily by producing certain identity cards or, most commonly, the passport. So the identity in the real world is a physical document but what about the Web? Of course, digital versions of real world identities like the passport or the driving license or the social security number are also now present considering the whole administration is digitized. In such a scenario, it is an unavoidable practice that digital identity management practices are put in place for real world identities too.
Coming back, where does the online identity rest and how does it actually help? To understand this better, it is first important to know that digital identities, like their real physical counterparts help computer systems or networks ascertain if the consumer actually exists and then identify and recognize the entity interacting with them on which subsequent processes, such as access to resources, squarely depend. But online identities are typically stored by the issuing domains, or identity providers, on their servers in databases and can only be verified by them (unless shared with another service provider).
From a business perspective, digital identities are most commonly created when the consumer approaches the business with a request to create one or is requested to create an online identity during any transaction. But, while the set of attributes defining the identity are high in number, consumers are free to reveal as many attribute points as they are willing to, subject to certain bare mandatory minimum. The higher the amount of information given by the consumer, the better businesses can understand them. And all this encompasses the territory of identity management which is again different internally and externally. Internal identity management is carried out in enterprises to provide employees with controlled access to company resources as per the set policy. On the other hand, external users generally are customers, for instance, logging into an ecommerce website to shop and hold the products they want to buy in a digital cart. Identity attributes again vary by the use case. For example, address is a requisite in the external use case while it may not be so in case of internal identity management.
Importance/Need of the digital identity for businesses
For businesses, digital identities are of critical importance for multiple reasons. Let’s approach this through a real world scenario. In brick and mortar stores, businesses can sell products only to a real person entering the store. The consumer’s presence in the store premises itself is a proof of his or her existence since it is a face to face transaction. But in many cases, businesses, or any organizations for that matter, would require to identify the consumer to complete the transaction by way of issuing a bill. Bills are issued against the customer’s name. The identity is restricted to attributes as name, address and phone number but rarely beyond that in an offline transaction. Essentially, the transaction can’t be completed without the consumer and his or her personal identity. However, an interaction without a transaction doesn’t need the identity to be ascertained.
But today the real physical layer has been replaced by the internet layer meaning there are no face to face transactions. Precisely, the internet layer can be represented by a website, a mobile app, a social network or a capable device. Such an environment has heightened the importance of online identities to first identify if the opposite party seeking a transaction is a real person and then identify that person to complete the transaction. These functions have to be performed on the Web by computers making it a slightly tough task and leaving the door open for several possibilities of theft. The vulnerabilities could lead to identity theft, data theft, monetary theft or any act that could be damaging. But that is a separate discussion.
How the Digital Identity is evolving and how businesses can leverage it
The importance of digital identities for businesses lies in the fact that no interaction or transaction is possible without the digital identity or its recognition. But at the same time, it is not just a bare necessity but a powerful tool that can be leveraged to propel businesses to the next level.
The importance of digital identity or the online identity is in helping businesses understand their customers better, without ever interacting with them face-to-face, and still be able to build lasting relationships. The fact that building lasting relationships is the key to small and big businesses alike doesn’t change anywhere. Online identity allows small businesses to compete with enterprises and even trump them if they are good at what they do. How is that even possible is precisely the question arising now. Consider this: Conventional real-world-only businesses take into account a lot of thump power because reaching customers takes quite a bit of money power and brand value too counts for a lot. But in the current world scenario, every customer is equidistant with every business removing any bias which means all it remains for businesses, small and enterprise alike, is to leverage digital identities of prospective and owned customers to bring home revenues and profits. Online identity is more of a facilitator than the platform itself and does bring new challenges which wouldn’t exist in the real world scenarios but that doesn’t make it any lesser. Visiting the passport example again, the digital identity is akin to a passport. It’s just that visiting any country (read website) takes almost the same amount of time unless it has got really bad servers. Businesses, like countries, just need to ease their visa regulations (read registration and login) making it easy to acquire customers.
The Future of Digital Identity
The easiest thing to say here is that the future of digital identity is bright. It is a bit of an understatement but considering the wide ranging applications of online identity, some of them yet to be imagined, it is expected that the realm of digital identity itself will be a huge business with identities bringing huge values to businesses that hold them. And then, there is the fast moving blend between the real and online worlds which obviously the the two corresponding identities can’t be kept separate. Digital identity is spreading so much so that even brick and mortar stores now identity a person by his or her online identity and then continue with the physical transaction. This history is also reflected online. Of course, such scenarios are still very uncommon but businesses are quickly moving towards creating that blend in their customer relationships.
For now though, it is just about access management and identity management along with the study of identity data to develop deep learnings about individual customers and customers in a cohort. Digital identity is also an emergent legal concept, the full scale understanding of which can have multiple applications. At the same time, because businesses are clamouring for customer identity data, there is also a huge black market involving identity theft which means there is also a legitimate industry for identity theft protection and security. Identity theft is already a fully blown malpractice wherein customer identity data is stolen from businesses and compromised for malicious intent or simply money. Either way it is detrimental to the interests of customers. It is also expected that the future of digital identity will be how banks and financial institutions use it. And at the same time, the relationship between identity and social media is also being keenly watched. But one thing is for certain. We are yet to exploit the full potential of the online identity.