Digital Identity and Why It's Important

Digital identity is the digital representation of an identifier (or a group of attributes), data and correlations to accurately describe a specific person, entity, or thing. A person’s digital identity is commonly used as a catch-all term to represent any personally identifiable information (PII) that can be used to identify someone’s civil, social or individual identity. As people upload more of their unencrypted and non-anonymised PII to the internet, it becomes easier for other digital users to undertake malicious acts such as identity fraud.

When digital identity is managed within a trusted, authenticated ecosystem, all ecosystem parties can ensure that:

• The identity subject (referred to as the Holder) is protected and cannot be compromised

• The identity providers (referred to as Issuers) are delivering PII securely to the rightful Holder, and

• The relying parties (referred to as Verifiers) can be assured that the PII they are verifying is from a trusted source and the claims associated with the Holder are true. Verifiers are also committed to only using the data for the contracted purpose.

Identity models and approaches

There are many digital identity models all of which can be used in different scenarios with different outcomes. Many models incorporate different digital identity approaches to streamline processes and/or further reach. Some of the most commonly referenced models and approaches are summarised below.

Centralised identity

The centralised identity model places service providers or centralised governments at its centre, with these organisation being the custodians of users' identity. Users are given accounts and login details in order to access their identity data but have limited control over ownership and data exchange.

Federated identity

When taking part in a federated identity model, a user can log in or access an identity provider (IDP) which communicates and shares their data with organisations on their behalf. In this model, a group of IDPs that the user can select from is called a federation, and the organisations that request an individual's identity data are called Relying Parties.

Decentralised identity

The decentralised identity model gives users complete control over their identity data. Their identity data is stored on a device of the user’s choosing, and exchanges of this data occur peer-to-peer. Rather than creating accounts and accessing external systems, users create connections with one another that can be managed by the users themselves.

Self-sovereign identity

Self-sovereign identity (SSI) is closely aligned with decentralised identity in that it supports the idea that the user is at the centre of the data ecosystem and each user controls and exchanges their data via peer-to-peer interactions. The additional layer that SSI brings is that it can be applied to all aspects of digital identity including the business, legal and social aspects. To achieve an ecosystem where trust filters through these different layers, resulting in all participants trusting each other, requires the implementation of governance frameworks. These frameworks are key for SSI infrastructure to be successful.

Reusable identity

Every time a user logs in to a platform or shares their PII there is a risk that their data could be shared with third parties or used for malicious intent. Reusable identity is an approach to securely storing users' credentials, login in information, and PII in a unified platform which can be accessed only by the user when they require it. This approach not only reduces the risk of data theft but saves the user time when completing sign up, login and other data exchange workflows.

Trust

A recurring theme when discussing digital identity is that of trust. As mentioned above, all parties within a digital identity ecosystem or workflow need to trust each other in order to manage a robust identity exchange network. To ensure different parties can trust each other, many governments and organisations are implementing standards and frameworks into their practices. These standards and frameworks create standardised rules and requirements for each ecosystem participant, making involvement in a digital identity network more reliable, ethical and risk-reducing.

Trusted Digital Identity Framework (TDIF), Australia