Understanding Digital Identity & How It Works
Your digital identity helps you prove that you are who you say you are online, even if you can't provide paper documents to prove your claim.
Let's give an example.
You're driving your car, and unfortunately, you're speeding. The police officer who pulls you over asks you to confirm that you own the vehicle and are qualified to drive it. Your identity documents, such as your license and proof of registration, help you satisfy the officer's questions.
But what happens if you're interacting online? You can't use your paper documents to do the same work. A digital identity would cover those requirements.
What makes up a digital identity?
Information that exists online and identifies an individual, a company, or an organisation is a digital identity. Almost everyone has one.
Just seven per cent of Americans don't use the internet. Internet usage globally increases each year as well. Each time we're online, we're creating the components that make up digital identities. They include:
- Usernames
- Passwords
- The purchases we make
- The searches we conduct
If companies store data about you online, that could also be part of your digital identity. Medical records, banking records, and more could be part of the data set, especially if they're connected to something readily identifiable, such as your name or your Social Security number.
How do you attain a digital identity?
In some cases, your records start with formal issuances. You hit a page filled with blank entry fields to fill in. Once you complete the form, the page or company that created the page issues you a digital identity.
Each time you come back to that same organisation, you'll move through a series of steps.
- Authentication: You'll prove that you are who you say you are. Typically, that involves entering a username and password. More than 80 per cent of data breaches start with passwords. Therefore, companies may ask for another factor, such as a fingerprint or a code they send you via SMS, to strengthen the boundaries against hackers.
- Authorisation: Once the system ensures that you truly are who you say you are, you get certain rights within the system. You might see your past purchase history at an online retailer, for example, or you could get the chance to save files to a shared folder at your workplace.
- Identifier: Once the system knows who you are, it tracks the work you do within the system and attaches it to your name.
Resources, such as image files, also have digital identities. The very first person who puts the resource out on the web should provide that identity. But sometimes, those pieces of content get a name when they enter a library. For example, if you've pulled a file from Wikipedia, and you've noticed a file name associated with it, you've encountered this form of digital identity.
How Are Digital Identities Catalogued?
Giving every person and file a name isn't helpful if someone doesn’t collect and code those resources in some way. Library resources can help to do the work, and plenty of them exist.
A few common versions include:
- Digital Object Architecture. This system was designed to move away from the idea that the internet is organised around websites (and hosts) to the idea that the internet is organised around digital objects (like people). This system contains a general architecture for storage, location, and retrieval.
- Handle.Net Registry. Both people and objects can use this system. A numeric prefix helps to separate one item from another. Even if the item changes somehow, the prefix stays the same.
- Networked Identity. This system is made to help connect people as they move from one system to another. The language people use to describe systems like this is complex, but the concept is relatively simple.
The average person doesn't really need to know how these items work. You don't register for them or manage them. But it's interesting to see how companies are working to track and manage profiles across websites and time.
Is a Digital Passport Private & Safe?
If reams of data about who you are and what you do seem at least a little dangerous, you're right.
Identity theft is real, and it's so common that government agencies even warn consumers to be careful about it. Companies are helping too.
When data is stored, it's protected via hashing and scrambling. Even if hackers can access a database filled with information, the data they will see looks meaningless and is hard to use.
But your digital identity can be exposed via:
- Social media. Adding strangers to your accounts, talking repeatedly about where you live, or using weak passwords could all put you at risk.
- Connecting techniques. Logging onto any site via an unsecured method, including public WiFi, could expose data you'd rather protect.
- Hackers. Someone might send you a phishing attempt via email, or you might tap into an unsafe website.
You may not know that your digital identity has been stolen until months, weeks, or even years later. The danger of the theft depends on how much data is associated with your digital identity.
What Does the Future of Digital Identity Hold?
We live in a connected, mobile, and digital world. Plenty of people want seamless logins to every tool they might need throughout the workday, including those they need for business and those they need for pleasure. A digital identity tool could make that possible.
Some government agencies are attempting to speed up this process. For example, the United Nations introduced the idea, back in 2016, that a global identity that's digital and portable could be ideal for all sorts of people.
The UK government has already moved forward with this idea. A website allows people to sign up for an identity that could be used in all sorts of ways to access government benefits.
Government initiatives like this may move into the private sector. If they do, you could use the same login to pay taxes and handle government business as well as tap into places like Amazon. For some people, that's a dream.
Marketing teams might like this information too. If they knew where you lived, what you did, and what you need, they could tailor their marketing approaches for you.
But expect to see a push and pull between what privacy advocates want and what marketing teams want.
Connect With Okta
We watch conversations like this very carefully. At Okta, we build products that balance a customer's need for access and everyone's need for security. On our platform, you can do everything you need. We'd love to tell you more about it. Contact us.
References
7% of Americans don’t use the internet. Who are they? (April 2021). Pew Research Center.
Average Business User Has 191 Passwords. (November 2017). Security.
Overview of the Digital Object Architecture (DOA). (October 2016). Internet Society.
HDL.NET Information Services. Corporation for National Research Initiatives.
Networked Identity. (February 2020). Digital Transformation of Identity in the Age of Artificial Intelligence.
Identity Theft. (December 2020). USA.gov.
ID2020 Summit 2016. (May 2016). United Nations.