SlideShare a Scribd company logo

An Introduction to Identity Proofing Concepts

Anil John
Anil John

This document discusses identity proofing and verification. It defines key identity concepts like establishment, resolution, validation and verification. It explains that verified identity is needed to deliver high-value digital services and discusses challenges like confusing terminology and siloed identity systems. The document also reviews standards like NIST SP 800-63-2 and considers how to take a minimal and contextual approach to identity attributes disclosure.

Technology
1 of 36
aniljohn.com Who Are You, Really? An Introduction to Identity Proofing
The Identity Spectrum http://www.identitywoman.net/the-identity-spectrum 2 Who Are You? Anonymous Pseudonymous Self-asserted Socially Validated Verified
Verified identity is the starting point for the delivery of high value digital services, benefits and entitlements 3 ● Who are you? ● What are you? ● What are you entitled to? ● ...
Verified identity is the starting point for the delivery of high value digital services, benefits and entitlements Who are you? Are you eligible for a government benefit? Benefits fraud Longer processing time Redundant processes Identity Risk Issues Public Sector Who are you? How will you pay? Financial fraud Money laundering Higher transaction fees Identity Risk Issues Financial Sector Who are you? What is your medical history? Prescription fraud Patient privacy Record integrity Identity Risk Issues Healthcare Sector … but the consequences of identity risk issues are felt by everyone 4 Today, verified identities are managed in “cylinders of excellence” a.k.a silos ...
Identity, security and privacy architects are critical to successful digital service delivery 5
Confusing terms and practices threaten the promise of digital service delivery 6 Credentialing Vetting KBA Claimant Verifier Provisioning
Keep the focus on uniquely identifying the person at the other end of the wire and not on marketing terminology 7
Articulate digital identification requirements in a technology and vendor-neutral manner 8 Who Are You, Really?
9 Identity: A set of attributes that uniquely describe an individual within a given context Who are you, really?
10 Identity: A set of attributes that uniquely describe an individual within a given context Verification Validation Resolution Establishment
11 Identity: A set of attributes that uniquely describe an individual within a given context Verification Validation Resolution Establishment Creation of a new identity, in an authoritative source, where none have existed previously
Creation of a new identity in an authoritative source where none have existed before 12
Establishment = Initial creation in system of record 13 ● Initial record of existence ● Very few entities are responsible for this record ● Typically in public sector
Establishment = Initial jurisdictional encounter 14 ● First encounter by a jurisdiction ○ Immigration ○ Visitor ● Few responsible entities ● Typically in public sector
15 Identity: A set of attributes that uniquely describe an individual within a given context Validation Resolution Establishment Confirmation that an identity has been resolved to a unique individual within a particular context Verification
NASPO IDPV Project Identity resolution study results Category Attribute Description Attribute Bundle 1 2 3 4 5 Name Name First Name AND Last Name Location Partial Address Postal Code OR (City and State) Place of Birth (City or County) AND (State or Foreign Country) Time Partial Date of Birth (Month and Day) OR Year Full Date of Birth Identifier Partial Social Security Number Last 4 Digits Full Social Security Number Full 9 Digits NASPO IDPV Identity Resolution Study Data % Resolved 97.56 96.29 96.65 97.00 96.52 % Null Identities Identity record missing one or more attributes needed for a particular bundle Approximate measure of the lack of availability of the attribute bundle ~ 12 ~ 12 ~ 3 ~ 17 ~ 3 % Availability 100 - % Null Identities ~ 88 ~ 88 ~ 97 ~ 83 ~ 97
NIST SP 800-63-2 Electronic Authentication Guideline Remote identity proofing @ Assurance Level 2 17 Level 2 Record Checks - 1 Government Record OR - 1 Financial or Utility Record Full Legal Name Date of Birth
NIST SP 800-63-2 Electronic Authentication Guideline Remote identity proofing @ Assurance Level 3 18 Level 3 Record Checks - 1 Government Record AND - 1 Financial or Utility Record Full Legal Name Date of Birth
NASPO IDPV Project Overlap with NIST identity proofing requirements Category Attribute Description Attribute Bundle 1 2 3 4 5 Name Name First Name AND Last Name Location Partial Address Postal Code OR (City and State) Place of Birth (City or County) AND (State or Foreign Country) Time Partial Date of Birth (Month and Day) OR Year Full Date of Birth Identifier Partial Social Security Number Last 4 Digits Full Social Security Number Full 9 Digits NASPO IDPV Identity Resolution Study Data % Resolved 97.56 96.29 96.65 97.00 96.52 % Null Identities Identity record missing one or more attributes needed for a particular bundle Approximate measure of the lack of availability of the attribute bundle ~ 12 ~ 12 ~ 3 ~ 17 ~ 3 % Availability 100 - % Null Identities ~ 88 ~ 88 ~ 97 ~ 83 ~ 97
Requirements of selected non-US jurisdictions - enabling interoperability 20 Canada ● Name ● Date of Birth ● Gender ● Place of Birth ● ... New Zealand ● Name ● Date of Birth ● Gender ● Place of Birth ● UK ● Name ● Date of Birth ● Gender ● ● Address
Disclosure of personal information MUST be minimal, contextual and fit for purpose. Otherwise ... 21
22 Identity Resolution Minimal Data Collection Identity Attributes ● Full Legal Name ● Date of Birth
23 Identity Proofing Minimal Data Collection Identity Attributes Additional Matching Criteria ● Full Legal Name ● Date of Birth ● Gender ● Place of Birth ● Address of Record ● […]
24 Identity Proofing Minimal Data Collection Identity Attributes Additional Matching Criteria Personal Attributes ● Full Legal Name ● Date of Birth ● Gender ● Place of Birth ● Address of Record ● […] ● [Contextual] ● [Authority] ● [Entitlement] ● [Business Process]
25 Identity: A set of attributes that uniquely describe an individual within a given context Resolution Establishment Confirmation of the accuracy of the identity as established by an authoritative source Verification Validation
Authoritative Source Validation Confirm with identity establishment sources? 26 Authoritative Source (Government Record) Authoritative Source (Utility Record) Authoritative Source (Financial Record) Validation Request
Non-Authoritative Source Validation Sniffing the transaction exhaust? 27 Transaction Data Secondary Data ... Validation Request Vendor IP Proprietary Algorithms
No Easy Answers (especially in the US) Due diligence needed by implementers 28 ● What authoritative sources do you have access to? ● Direct or downstream access? ○ Data refresh interval? ○ Data quality? ● Scoring algorithm information? ● ...
29 Identity: A set of attributes that uniquely describe an individual within a given context Establishment Confirmation that the identity relates to a specific individual Verification Validation Resolution
Knowledge based verification is the current state of practice. Answers private, not secret 30 Can you use internal data to generate the questions?
Social media mining and data breaches make knowledge based verification less effective 31
Verification is an area ripe for innovation and disruption 32 ● Live video? ● Blended online + in-person? ● Digital notaries? ● Biometrics? ● ...
Identification is in the critical path of successful digital service delivery 33
Articulate digital identification requirements in a technology and vendor-neutral manner 34 Who Are You, Really?
35 Map vendor-neutral concepts to services and products that you can leverage, evaluate, build or buy Verification Validation Resolution Establishment
36 Use Identity Proofing to Deliver Effective Digital Services Resolve. Validate. Verify.

Recommended

Integrating FIDO Authentication & Federation Protocols
Integrating FIDO Authentication & Federation ProtocolsIntegrating FIDO Authentication & Federation Protocols
Integrating FIDO Authentication & Federation ProtocolsFIDO Alliance
 
銀行 API における OAuth 2.0 / FAPI の動向 #openid #bizday
銀行 API における OAuth 2.0 / FAPI の動向 #openid #bizday銀行 API における OAuth 2.0 / FAPI の動向 #openid #bizday
銀行 API における OAuth 2.0 / FAPI の動向 #openid #bizdayTatsuo Kudo
 
Fiware IoT_IDAS_intro_ul20_v2
Fiware IoT_IDAS_intro_ul20_v2Fiware IoT_IDAS_intro_ul20_v2
Fiware IoT_IDAS_intro_ul20_v2FIWARE
 
次世代 IDaaS のポイントは本人確認 NIST と、サプライチェーンセキュリティと、みなしご ID - OpenID Summit 2020
次世代 IDaaS のポイントは本人確認 NIST と、サプライチェーンセキュリティと、みなしご ID - OpenID Summit 2020次世代 IDaaS のポイントは本人確認 NIST と、サプライチェーンセキュリティと、みなしご ID - OpenID Summit 2020
次世代 IDaaS のポイントは本人確認 NIST と、サプライチェーンセキュリティと、みなしご ID - OpenID Summit 2020OpenID Foundation Japan
 
自己主権型アイデンティティを実現するIDYXテクノロジー | 鈴木 大、中山貴祥
自己主権型アイデンティティを実現するIDYXテクノロジー | 鈴木 大、中山貴祥自己主権型アイデンティティを実現するIDYXテクノロジー | 鈴木 大、中山貴祥
自己主権型アイデンティティを実現するIDYXテクノロジー | 鈴木 大、中山貴祥blockchainexe
 
いまどきの OAuth / OpenID Connect (OIDC) 一挙おさらい (2020 年 2 月) #authlete
いまどきの OAuth / OpenID Connect (OIDC) 一挙おさらい (2020 年 2 月) #authleteいまどきの OAuth / OpenID Connect (OIDC) 一挙おさらい (2020 年 2 月) #authlete
いまどきの OAuth / OpenID Connect (OIDC) 一挙おさらい (2020 年 2 月) #authleteTatsuo Kudo
 
OpenID Connect のビジネスチャンス
OpenID Connect のビジネスチャンスOpenID Connect のビジネスチャンス
OpenID Connect のビジネスチャンスOpenID Foundation Japan
 
OAuth 2.0の概要とセキュリティ
OAuth 2.0の概要とセキュリティOAuth 2.0の概要とセキュリティ
OAuth 2.0の概要とセキュリティHiroshi Hayakawa
 

Recommended

Integrating FIDO Authentication & Federation Protocols
Integrating FIDO Authentication & Federation ProtocolsIntegrating FIDO Authentication & Federation Protocols
Integrating FIDO Authentication & Federation ProtocolsFIDO Alliance
 
銀行 API における OAuth 2.0 / FAPI の動向 #openid #bizday
銀行 API における OAuth 2.0 / FAPI の動向 #openid #bizday銀行 API における OAuth 2.0 / FAPI の動向 #openid #bizday
銀行 API における OAuth 2.0 / FAPI の動向 #openid #bizdayTatsuo Kudo
 
Fiware IoT_IDAS_intro_ul20_v2
Fiware IoT_IDAS_intro_ul20_v2Fiware IoT_IDAS_intro_ul20_v2
Fiware IoT_IDAS_intro_ul20_v2FIWARE
 
次世代 IDaaS のポイントは本人確認 NIST と、サプライチェーンセキュリティと、みなしご ID - OpenID Summit 2020
次世代 IDaaS のポイントは本人確認 NIST と、サプライチェーンセキュリティと、みなしご ID - OpenID Summit 2020次世代 IDaaS のポイントは本人確認 NIST と、サプライチェーンセキュリティと、みなしご ID - OpenID Summit 2020
次世代 IDaaS のポイントは本人確認 NIST と、サプライチェーンセキュリティと、みなしご ID - OpenID Summit 2020OpenID Foundation Japan
 
自己主権型アイデンティティを実現するIDYXテクノロジー | 鈴木 大、中山貴祥
自己主権型アイデンティティを実現するIDYXテクノロジー | 鈴木 大、中山貴祥自己主権型アイデンティティを実現するIDYXテクノロジー | 鈴木 大、中山貴祥
自己主権型アイデンティティを実現するIDYXテクノロジー | 鈴木 大、中山貴祥blockchainexe
 
いまどきの OAuth / OpenID Connect (OIDC) 一挙おさらい (2020 年 2 月) #authlete
いまどきの OAuth / OpenID Connect (OIDC) 一挙おさらい (2020 年 2 月) #authleteいまどきの OAuth / OpenID Connect (OIDC) 一挙おさらい (2020 年 2 月) #authlete
いまどきの OAuth / OpenID Connect (OIDC) 一挙おさらい (2020 年 2 月) #authleteTatsuo Kudo
 
OpenID Connect のビジネスチャンス
OpenID Connect のビジネスチャンスOpenID Connect のビジネスチャンス
OpenID Connect のビジネスチャンスOpenID Foundation Japan
 
OAuth 2.0の概要とセキュリティ
OAuth 2.0の概要とセキュリティOAuth 2.0の概要とセキュリティ
OAuth 2.0の概要とセキュリティHiroshi Hayakawa
 
OpenIDファウンデーション・ジャパンKYC WGの活動報告 - OpenID Summit 2020
OpenIDファウンデーション・ジャパンKYC WGの活動報告 - OpenID Summit 2020OpenIDファウンデーション・ジャパンKYC WGの活動報告 - OpenID Summit 2020
OpenIDファウンデーション・ジャパンKYC WGの活動報告 - OpenID Summit 2020OpenID Foundation Japan
 
クラウドにおける Windows Azure Active Directory の役割
クラウドにおける Windows Azure Active Directory の役割クラウドにおける Windows Azure Active Directory の役割
クラウドにおける Windows Azure Active Directory の役割junichi anno
 
SSI DIDs VCs 入門資料
SSI DIDs VCs 入門資料SSI DIDs VCs 入門資料
SSI DIDs VCs 入門資料KAYATO SAITO
 
Session 4 - Bringing the pieces together - Detailed review of a reference ex...
Session 4 - Bringing the pieces together - Detailed review of a reference ex...Session 4 - Bringing the pieces together - Detailed review of a reference ex...
Session 4 - Bringing the pieces together - Detailed review of a reference ex...FIWARE
 
OpenID for SSI
OpenID for SSIOpenID for SSI
OpenID for SSITorsten Lodderstedt
 
OpenID Connect 4 SSI (DIFCon F2F)
OpenID Connect 4 SSI (DIFCon F2F)OpenID Connect 4 SSI (DIFCon F2F)
OpenID Connect 4 SSI (DIFCon F2F)Torsten Lodderstedt
 
次世代 KYC に関する検討状況 - OpenID BizDay #15
次世代 KYC に関する検討状況 - OpenID BizDay #15次世代 KYC に関する検討状況 - OpenID BizDay #15
次世代 KYC に関する検討状況 - OpenID BizDay #15OpenID Foundation Japan
 
Session 5 - NGSI-LD Advanced Operations | Train the Trainers Program
Session 5 - NGSI-LD Advanced Operations | Train the Trainers ProgramSession 5 - NGSI-LD Advanced Operations | Train the Trainers Program
Session 5 - NGSI-LD Advanced Operations | Train the Trainers ProgramFIWARE
 
英国オープンバンキング技術仕様の概要
英国オープンバンキング技術仕様の概要英国オープンバンキング技術仕様の概要
英国オープンバンキング技術仕様の概要Tatsuo Kudo
 
パスワード氾濫時代のID管理とは? ~最新のOpenIDが目指すユーザー認証の効率的な強化~
パスワード氾濫時代のID管理とは? ~最新のOpenIDが目指すユーザー認証の効率的な強化~パスワード氾濫時代のID管理とは? ~最新のOpenIDが目指すユーザー認証の効率的な強化~
パスワード氾濫時代のID管理とは? ~最新のOpenIDが目指すユーザー認証の効率的な強化~Tatsuo Kudo
 
IBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptxIBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptxFIDO Alliance
 
認証から見たリモート署名 ー利用認証と鍵認可ー
認証から見たリモート署名 ー利用認証と鍵認可ー認証から見たリモート署名 ー利用認証と鍵認可ー
認証から見たリモート署名 ー利用認証と鍵認可ーNaoto Miyachi
 
IDA,VC,DID関連仕様 最新情報 - OpenID BizDay #15
IDA,VC,DID関連仕様 最新情報 - OpenID BizDay #15IDA,VC,DID関連仕様 最新情報 - OpenID BizDay #15
IDA,VC,DID関連仕様 最新情報 - OpenID BizDay #15OpenID Foundation Japan
 
FIDO Authentication: Unphishable MFA for All
FIDO Authentication: Unphishable MFA for AllFIDO Authentication: Unphishable MFA for All
FIDO Authentication: Unphishable MFA for AllFIDO Alliance
 
Decentralized Identifiers (DIDs): The Fundamental Building Block of Self-Sove...
Decentralized Identifiers (DIDs): The Fundamental Building Block of Self-Sove...Decentralized Identifiers (DIDs): The Fundamental Building Block of Self-Sove...
Decentralized Identifiers (DIDs): The Fundamental Building Block of Self-Sove...SSIMeetup
 
OAuth認証再考からのOpenID Connect #devlove
OAuth認証再考からのOpenID Connect #devloveOAuth認証再考からのOpenID Connect #devlove
OAuth認証再考からのOpenID Connect #devloveNov Matake
 
[Atlassian meets dev ops and itsm] kakao meets jira
[Atlassian meets dev ops and itsm] kakao meets jira[Atlassian meets dev ops and itsm] kakao meets jira
[Atlassian meets dev ops and itsm] kakao meets jiraOpen Source Consulting
 
安全なID連携のハウツー
安全なID連携のハウツー安全なID連携のハウツー
安全なID連携のハウツーMasaru Kurahayashi
 
OpenID Connect 4 SSI
OpenID Connect 4 SSIOpenID Connect 4 SSI
OpenID Connect 4 SSITorsten Lodderstedt
 
Office365のIdentity管理
Office365のIdentity管理Office365のIdentity管理
Office365のIdentity管理Naohiro Fujie
 
Fast track to Law 25 Compliance
Fast track to Law 25 ComplianceFast track to Law 25 Compliance
Fast track to Law 25 ComplianceDenodo
 
FICAM Trust Framework Solutions 11/11/2013
FICAM Trust Framework Solutions 11/11/2013FICAM Trust Framework Solutions 11/11/2013
FICAM Trust Framework Solutions 11/11/2013Anil John
 

More Related Content

What's hot

OpenIDファウンデーション・ジャパンKYC WGの活動報告 - OpenID Summit 2020
OpenIDファウンデーション・ジャパンKYC WGの活動報告 - OpenID Summit 2020OpenIDファウンデーション・ジャパンKYC WGの活動報告 - OpenID Summit 2020
OpenIDファウンデーション・ジャパンKYC WGの活動報告 - OpenID Summit 2020OpenID Foundation Japan
 
クラウドにおける Windows Azure Active Directory の役割
クラウドにおける Windows Azure Active Directory の役割クラウドにおける Windows Azure Active Directory の役割
クラウドにおける Windows Azure Active Directory の役割junichi anno
 
SSI DIDs VCs 入門資料
SSI DIDs VCs 入門資料SSI DIDs VCs 入門資料
SSI DIDs VCs 入門資料KAYATO SAITO
 
Session 4 - Bringing the pieces together - Detailed review of a reference ex...
Session 4 - Bringing the pieces together - Detailed review of a reference ex...Session 4 - Bringing the pieces together - Detailed review of a reference ex...
Session 4 - Bringing the pieces together - Detailed review of a reference ex...FIWARE
 
OpenID Connect 4 SSI (DIFCon F2F)
OpenID Connect 4 SSI (DIFCon F2F)OpenID Connect 4 SSI (DIFCon F2F)
OpenID Connect 4 SSI (DIFCon F2F)Torsten Lodderstedt
 
次世代 KYC に関する検討状況 - OpenID BizDay #15
次世代 KYC に関する検討状況 - OpenID BizDay #15次世代 KYC に関する検討状況 - OpenID BizDay #15
次世代 KYC に関する検討状況 - OpenID BizDay #15OpenID Foundation Japan
 
Session 5 - NGSI-LD Advanced Operations | Train the Trainers Program
Session 5 - NGSI-LD Advanced Operations | Train the Trainers ProgramSession 5 - NGSI-LD Advanced Operations | Train the Trainers Program
Session 5 - NGSI-LD Advanced Operations | Train the Trainers ProgramFIWARE
 
英国オープンバンキング技術仕様の概要
英国オープンバンキング技術仕様の概要英国オープンバンキング技術仕様の概要
英国オープンバンキング技術仕様の概要Tatsuo Kudo
 
パスワード氾濫時代のID管理とは? ~最新のOpenIDが目指すユーザー認証の効率的な強化~
パスワード氾濫時代のID管理とは? ~最新のOpenIDが目指すユーザー認証の効率的な強化~パスワード氾濫時代のID管理とは? ~最新のOpenIDが目指すユーザー認証の効率的な強化~
パスワード氾濫時代のID管理とは? ~最新のOpenIDが目指すユーザー認証の効率的な強化~Tatsuo Kudo
 
IBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptxIBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptxFIDO Alliance
 
認証から見たリモート署名 ー利用認証と鍵認可ー
認証から見たリモート署名 ー利用認証と鍵認可ー認証から見たリモート署名 ー利用認証と鍵認可ー
認証から見たリモート署名 ー利用認証と鍵認可ーNaoto Miyachi
 
IDA,VC,DID関連仕様 最新情報 - OpenID BizDay #15
IDA,VC,DID関連仕様 最新情報 - OpenID BizDay #15IDA,VC,DID関連仕様 最新情報 - OpenID BizDay #15
IDA,VC,DID関連仕様 最新情報 - OpenID BizDay #15OpenID Foundation Japan
 
FIDO Authentication: Unphishable MFA for All
FIDO Authentication: Unphishable MFA for AllFIDO Authentication: Unphishable MFA for All
FIDO Authentication: Unphishable MFA for AllFIDO Alliance
 
Decentralized Identifiers (DIDs): The Fundamental Building Block of Self-Sove...
Decentralized Identifiers (DIDs): The Fundamental Building Block of Self-Sove...Decentralized Identifiers (DIDs): The Fundamental Building Block of Self-Sove...
Decentralized Identifiers (DIDs): The Fundamental Building Block of Self-Sove...SSIMeetup
 
OAuth認証再考からのOpenID Connect #devlove
OAuth認証再考からのOpenID Connect #devloveOAuth認証再考からのOpenID Connect #devlove
OAuth認証再考からのOpenID Connect #devloveNov Matake
 
[Atlassian meets dev ops and itsm] kakao meets jira
[Atlassian meets dev ops and itsm] kakao meets jira[Atlassian meets dev ops and itsm] kakao meets jira
[Atlassian meets dev ops and itsm] kakao meets jiraOpen Source Consulting
 
安全なID連携のハウツー
安全なID連携のハウツー安全なID連携のハウツー
安全なID連携のハウツーMasaru Kurahayashi
 
Office365のIdentity管理
Office365のIdentity管理Office365のIdentity管理
Office365のIdentity管理Naohiro Fujie
 

What's hot (20)

OpenIDファウンデーション・ジャパンKYC WGの活動報告 - OpenID Summit 2020
OpenIDファウンデーション・ジャパンKYC WGの活動報告 - OpenID Summit 2020OpenIDファウンデーション・ジャパンKYC WGの活動報告 - OpenID Summit 2020
OpenIDファウンデーション・ジャパンKYC WGの活動報告 - OpenID Summit 2020
 
クラウドにおける Windows Azure Active Directory の役割
クラウドにおける Windows Azure Active Directory の役割クラウドにおける Windows Azure Active Directory の役割
クラウドにおける Windows Azure Active Directory の役割
 
SSI DIDs VCs 入門資料
SSI DIDs VCs 入門資料SSI DIDs VCs 入門資料
SSI DIDs VCs 入門資料
 
Session 4 - Bringing the pieces together - Detailed review of a reference ex...
Session 4 - Bringing the pieces together - Detailed review of a reference ex...Session 4 - Bringing the pieces together - Detailed review of a reference ex...
Session 4 - Bringing the pieces together - Detailed review of a reference ex...
 
OpenID for SSI
OpenID for SSIOpenID for SSI
OpenID for SSI
 
OpenID Connect 4 SSI (DIFCon F2F)
OpenID Connect 4 SSI (DIFCon F2F)OpenID Connect 4 SSI (DIFCon F2F)
OpenID Connect 4 SSI (DIFCon F2F)
 
次世代 KYC に関する検討状況 - OpenID BizDay #15
次世代 KYC に関する検討状況 - OpenID BizDay #15次世代 KYC に関する検討状況 - OpenID BizDay #15
次世代 KYC に関する検討状況 - OpenID BizDay #15
 
Session 5 - NGSI-LD Advanced Operations | Train the Trainers Program
Session 5 - NGSI-LD Advanced Operations | Train the Trainers ProgramSession 5 - NGSI-LD Advanced Operations | Train the Trainers Program
Session 5 - NGSI-LD Advanced Operations | Train the Trainers Program
 
英国オープンバンキング技術仕様の概要
英国オープンバンキング技術仕様の概要英国オープンバンキング技術仕様の概要
英国オープンバンキング技術仕様の概要
 
パスワード氾濫時代のID管理とは? ~最新のOpenIDが目指すユーザー認証の効率的な強化~
パスワード氾濫時代のID管理とは? ~最新のOpenIDが目指すユーザー認証の効率的な強化~パスワード氾濫時代のID管理とは? ~最新のOpenIDが目指すユーザー認証の効率的な強化~
パスワード氾濫時代のID管理とは? ~最新のOpenIDが目指すユーザー認証の効率的な強化~
 
IBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptxIBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptx
 
認証から見たリモート署名 ー利用認証と鍵認可ー
認証から見たリモート署名 ー利用認証と鍵認可ー認証から見たリモート署名 ー利用認証と鍵認可ー
認証から見たリモート署名 ー利用認証と鍵認可ー
 
IDA,VC,DID関連仕様 最新情報 - OpenID BizDay #15
IDA,VC,DID関連仕様 最新情報 - OpenID BizDay #15IDA,VC,DID関連仕様 最新情報 - OpenID BizDay #15
IDA,VC,DID関連仕様 最新情報 - OpenID BizDay #15
 
FIDO Authentication: Unphishable MFA for All
FIDO Authentication: Unphishable MFA for AllFIDO Authentication: Unphishable MFA for All
FIDO Authentication: Unphishable MFA for All
 
Decentralized Identifiers (DIDs): The Fundamental Building Block of Self-Sove...
Decentralized Identifiers (DIDs): The Fundamental Building Block of Self-Sove...Decentralized Identifiers (DIDs): The Fundamental Building Block of Self-Sove...
Decentralized Identifiers (DIDs): The Fundamental Building Block of Self-Sove...
 
OAuth認証再考からのOpenID Connect #devlove
OAuth認証再考からのOpenID Connect #devloveOAuth認証再考からのOpenID Connect #devlove
OAuth認証再考からのOpenID Connect #devlove
 
[Atlassian meets dev ops and itsm] kakao meets jira
[Atlassian meets dev ops and itsm] kakao meets jira[Atlassian meets dev ops and itsm] kakao meets jira
[Atlassian meets dev ops and itsm] kakao meets jira
 
安全なID連携のハウツー
安全なID連携のハウツー安全なID連携のハウツー
安全なID連携のハウツー
 
OpenID Connect 4 SSI
OpenID Connect 4 SSIOpenID Connect 4 SSI
OpenID Connect 4 SSI
 
Office365のIdentity管理
Office365のIdentity管理Office365のIdentity管理
Office365のIdentity管理
 

Similar to An Introduction to Identity Proofing Concepts

Fast track to Law 25 Compliance
Fast track to Law 25 ComplianceFast track to Law 25 Compliance
Fast track to Law 25 ComplianceDenodo
 
FICAM Trust Framework Solutions 11/11/2013
FICAM Trust Framework Solutions 11/11/2013FICAM Trust Framework Solutions 11/11/2013
FICAM Trust Framework Solutions 11/11/2013Anil John
 
Identity Proofing to provision accurately
Identity Proofing to provision accuratelyIdentity Proofing to provision accurately
Identity Proofing to provision accuratelyDavid Kelts, CIPT
 
Background check misconceptions 5 12 15
Background check misconceptions 5 12 15Background check misconceptions 5 12 15
Background check misconceptions 5 12 15wbrownsureid
 
Tips to Protect Your Organization from Data Breaches and Identity Theft
Tips to Protect Your Organization from Data Breaches and Identity TheftTips to Protect Your Organization from Data Breaches and Identity Theft
Tips to Protect Your Organization from Data Breaches and Identity TheftCase IQ
 
Group Presentation
Group PresentationGroup Presentation
Group Presentationdkmarshall
 
Fraud Prevention Strategies to Fight First-Party Fraud and Synthetic Identity...
Fraud Prevention Strategies to Fight First-Party Fraud and Synthetic Identity...Fraud Prevention Strategies to Fight First-Party Fraud and Synthetic Identity...
Fraud Prevention Strategies to Fight First-Party Fraud and Synthetic Identity...TransUnion
 
Group Presentation
Group PresentationGroup Presentation
Group Presentationabethune
 
Data Breach Notifications Laws - Time for a Pimp Slap Presented by Steve Werb...
Data Breach Notifications Laws - Time for a Pimp Slap Presented by Steve Werb...Data Breach Notifications Laws - Time for a Pimp Slap Presented by Steve Werb...
Data Breach Notifications Laws - Time for a Pimp Slap Presented by Steve Werb...Steve Werby
 
Identity Fraud Protection Using Big Data Analytics - StampedeCon 2015
Identity Fraud Protection Using Big Data Analytics - StampedeCon 2015Identity Fraud Protection Using Big Data Analytics - StampedeCon 2015
Identity Fraud Protection Using Big Data Analytics - StampedeCon 2015StampedeCon
 
Getting “Cleared” for Launch GovCon Webinar Kathleen Smith
Getting “Cleared” for Launch GovCon Webinar Kathleen SmithGetting “Cleared” for Launch GovCon Webinar Kathleen Smith
Getting “Cleared” for Launch GovCon Webinar Kathleen Smithdonnae2763
 
Getting Cleared for "Launch"
Getting Cleared for "Launch" Getting Cleared for "Launch"
Getting Cleared for "Launch" ClearedJobs.Net
 
Fraud risk management and compliance
Fraud risk management and complianceFraud risk management and compliance
Fraud risk management and complianceYves LaMarre
 
Cyber-Security: A Shared Responsibility -- November 2013
Cyber-Security: A Shared Responsibility -- November 2013Cyber-Security: A Shared Responsibility -- November 2013
Cyber-Security: A Shared Responsibility -- November 2013Amy Purcell
 
Connect ID Sophie Taylor 2015
Connect ID Sophie Taylor 2015Connect ID Sophie Taylor 2015
Connect ID Sophie Taylor 2015Sophie Taylor
 
Group Presentation
Group PresentationGroup Presentation
Group PresentationWrennEvents
 

Similar to An Introduction to Identity Proofing Concepts (20)

Fast track to Law 25 Compliance
Fast track to Law 25 ComplianceFast track to Law 25 Compliance
Fast track to Law 25 Compliance
 
FICAM Trust Framework Solutions 11/11/2013
FICAM Trust Framework Solutions 11/11/2013FICAM Trust Framework Solutions 11/11/2013
FICAM Trust Framework Solutions 11/11/2013
 
Identity Proofing to provision accurately
Identity Proofing to provision accuratelyIdentity Proofing to provision accurately
Identity Proofing to provision accurately
 
Background check misconceptions 5 12 15
Background check misconceptions 5 12 15Background check misconceptions 5 12 15
Background check misconceptions 5 12 15
 
Managing privacy
Managing privacyManaging privacy
Managing privacy
 
Tips to Protect Your Organization from Data Breaches and Identity Theft
Tips to Protect Your Organization from Data Breaches and Identity TheftTips to Protect Your Organization from Data Breaches and Identity Theft
Tips to Protect Your Organization from Data Breaches and Identity Theft
 
Group Presentation
Group PresentationGroup Presentation
Group Presentation
 
Fraud Prevention Strategies to Fight First-Party Fraud and Synthetic Identity...
Fraud Prevention Strategies to Fight First-Party Fraud and Synthetic Identity...Fraud Prevention Strategies to Fight First-Party Fraud and Synthetic Identity...
Fraud Prevention Strategies to Fight First-Party Fraud and Synthetic Identity...
 
Group Presentation
Group PresentationGroup Presentation
Group Presentation
 
Data Breach Notifications Laws - Time for a Pimp Slap Presented by Steve Werb...
Data Breach Notifications Laws - Time for a Pimp Slap Presented by Steve Werb...Data Breach Notifications Laws - Time for a Pimp Slap Presented by Steve Werb...
Data Breach Notifications Laws - Time for a Pimp Slap Presented by Steve Werb...
 
Identity Fraud Protection Using Big Data Analytics - StampedeCon 2015
Identity Fraud Protection Using Big Data Analytics - StampedeCon 2015Identity Fraud Protection Using Big Data Analytics - StampedeCon 2015
Identity Fraud Protection Using Big Data Analytics - StampedeCon 2015
 
Getting “Cleared” for Launch GovCon Webinar Kathleen Smith
Getting “Cleared” for Launch GovCon Webinar Kathleen SmithGetting “Cleared” for Launch GovCon Webinar Kathleen Smith
Getting “Cleared” for Launch GovCon Webinar Kathleen Smith
 
Getting Cleared for "Launch"
Getting Cleared for "Launch" Getting Cleared for "Launch"
Getting Cleared for "Launch"
 
Fraud risk management and compliance
Fraud risk management and complianceFraud risk management and compliance
Fraud risk management and compliance
 
Cyber-Security: A Shared Responsibility -- November 2013
Cyber-Security: A Shared Responsibility -- November 2013Cyber-Security: A Shared Responsibility -- November 2013
Cyber-Security: A Shared Responsibility -- November 2013
 
Connect ID Sophie Taylor 2015
Connect ID Sophie Taylor 2015Connect ID Sophie Taylor 2015
Connect ID Sophie Taylor 2015
 
Trust and inclusion
Trust and inclusionTrust and inclusion
Trust and inclusion
 
Group Presentation
Group PresentationGroup Presentation
Group Presentation
 
Group Presentation
Group PresentationGroup Presentation
Group Presentation
 
TriCor Employment Screening
TriCor Employment ScreeningTriCor Employment Screening
TriCor Employment Screening
 

Recently uploaded

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 

Recently uploaded (20)

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 

An Introduction to Identity Proofing Concepts

  • 1. aniljohn.com Who Are You, Really? An Introduction to Identity Proofing
  • 2. The Identity Spectrum http://www.identitywoman.net/the-identity-spectrum 2 Who Are You? Anonymous Pseudonymous Self-asserted Socially Validated Verified
  • 3. Verified identity is the starting point for the delivery of high value digital services, benefits and entitlements 3 ● Who are you? ● What are you? ● What are you entitled to? ● ...
  • 4. Verified identity is the starting point for the delivery of high value digital services, benefits and entitlements Who are you? Are you eligible for a government benefit? Benefits fraud Longer processing time Redundant processes Identity Risk Issues Public Sector Who are you? How will you pay? Financial fraud Money laundering Higher transaction fees Identity Risk Issues Financial Sector Who are you? What is your medical history? Prescription fraud Patient privacy Record integrity Identity Risk Issues Healthcare Sector … but the consequences of identity risk issues are felt by everyone 4 Today, verified identities are managed in “cylinders of excellence” a.k.a silos ...
  • 5. Identity, security and privacy architects are critical to successful digital service delivery 5
  • 6. Confusing terms and practices threaten the promise of digital service delivery 6 Credentialing Vetting KBA Claimant Verifier Provisioning
  • 7. Keep the focus on uniquely identifying the person at the other end of the wire and not on marketing terminology 7
  • 8. Articulate digital identification requirements in a technology and vendor-neutral manner 8 Who Are You, Really?
  • 9. 9 Identity: A set of attributes that uniquely describe an individual within a given context Who are you, really?
  • 10. 10 Identity: A set of attributes that uniquely describe an individual within a given context Verification Validation Resolution Establishment
  • 11. 11 Identity: A set of attributes that uniquely describe an individual within a given context Verification Validation Resolution Establishment Creation of a new identity, in an authoritative source, where none have existed previously
  • 12. Creation of a new identity in an authoritative source where none have existed before 12
  • 13. Establishment = Initial creation in system of record 13 ● Initial record of existence ● Very few entities are responsible for this record ● Typically in public sector
  • 14. Establishment = Initial jurisdictional encounter 14 ● First encounter by a jurisdiction ○ Immigration ○ Visitor ● Few responsible entities ● Typically in public sector
  • 15. 15 Identity: A set of attributes that uniquely describe an individual within a given context Validation Resolution Establishment Confirmation that an identity has been resolved to a unique individual within a particular context Verification
  • 16. NASPO IDPV Project Identity resolution study results Category Attribute Description Attribute Bundle 1 2 3 4 5 Name Name First Name AND Last Name Location Partial Address Postal Code OR (City and State) Place of Birth (City or County) AND (State or Foreign Country) Time Partial Date of Birth (Month and Day) OR Year Full Date of Birth Identifier Partial Social Security Number Last 4 Digits Full Social Security Number Full 9 Digits NASPO IDPV Identity Resolution Study Data % Resolved 97.56 96.29 96.65 97.00 96.52 % Null Identities Identity record missing one or more attributes needed for a particular bundle Approximate measure of the lack of availability of the attribute bundle ~ 12 ~ 12 ~ 3 ~ 17 ~ 3 % Availability 100 - % Null Identities ~ 88 ~ 88 ~ 97 ~ 83 ~ 97
  • 17. NIST SP 800-63-2 Electronic Authentication Guideline Remote identity proofing @ Assurance Level 2 17 Level 2 Record Checks - 1 Government Record OR - 1 Financial or Utility Record Full Legal Name Date of Birth
  • 18. NIST SP 800-63-2 Electronic Authentication Guideline Remote identity proofing @ Assurance Level 3 18 Level 3 Record Checks - 1 Government Record AND - 1 Financial or Utility Record Full Legal Name Date of Birth
  • 19. NASPO IDPV Project Overlap with NIST identity proofing requirements Category Attribute Description Attribute Bundle 1 2 3 4 5 Name Name First Name AND Last Name Location Partial Address Postal Code OR (City and State) Place of Birth (City or County) AND (State or Foreign Country) Time Partial Date of Birth (Month and Day) OR Year Full Date of Birth Identifier Partial Social Security Number Last 4 Digits Full Social Security Number Full 9 Digits NASPO IDPV Identity Resolution Study Data % Resolved 97.56 96.29 96.65 97.00 96.52 % Null Identities Identity record missing one or more attributes needed for a particular bundle Approximate measure of the lack of availability of the attribute bundle ~ 12 ~ 12 ~ 3 ~ 17 ~ 3 % Availability 100 - % Null Identities ~ 88 ~ 88 ~ 97 ~ 83 ~ 97
  • 20. Requirements of selected non-US jurisdictions - enabling interoperability 20 Canada ● Name ● Date of Birth ● Gender ● Place of Birth ● ... New Zealand ● Name ● Date of Birth ● Gender ● Place of Birth ● UK ● Name ● Date of Birth ● Gender ● ● Address
  • 21. Disclosure of personal information MUST be minimal, contextual and fit for purpose. Otherwise ... 21
  • 22. 22 Identity Resolution Minimal Data Collection Identity Attributes ● Full Legal Name ● Date of Birth
  • 23. 23 Identity Proofing Minimal Data Collection Identity Attributes Additional Matching Criteria ● Full Legal Name ● Date of Birth ● Gender ● Place of Birth ● Address of Record ● […]
  • 24. 24 Identity Proofing Minimal Data Collection Identity Attributes Additional Matching Criteria Personal Attributes ● Full Legal Name ● Date of Birth ● Gender ● Place of Birth ● Address of Record ● […] ● [Contextual] ● [Authority] ● [Entitlement] ● [Business Process]
  • 25. 25 Identity: A set of attributes that uniquely describe an individual within a given context Resolution Establishment Confirmation of the accuracy of the identity as established by an authoritative source Verification Validation
  • 26. Authoritative Source Validation Confirm with identity establishment sources? 26 Authoritative Source (Government Record) Authoritative Source (Utility Record) Authoritative Source (Financial Record) Validation Request
  • 27. Non-Authoritative Source Validation Sniffing the transaction exhaust? 27 Transaction Data Secondary Data ... Validation Request Vendor IP Proprietary Algorithms
  • 28. No Easy Answers (especially in the US) Due diligence needed by implementers 28 ● What authoritative sources do you have access to? ● Direct or downstream access? ○ Data refresh interval? ○ Data quality? ● Scoring algorithm information? ● ...
  • 29. 29 Identity: A set of attributes that uniquely describe an individual within a given context Establishment Confirmation that the identity relates to a specific individual Verification Validation Resolution
  • 30. Knowledge based verification is the current state of practice. Answers private, not secret 30 Can you use internal data to generate the questions?
  • 31. Social media mining and data breaches make knowledge based verification less effective 31
  • 32. Verification is an area ripe for innovation and disruption 32 ● Live video? ● Blended online + in-person? ● Digital notaries? ● Biometrics? ● ...
  • 33. Identification is in the critical path of successful digital service delivery 33
  • 34. Articulate digital identification requirements in a technology and vendor-neutral manner 34 Who Are You, Really?
  • 35. 35 Map vendor-neutral concepts to services and products that you can leverage, evaluate, build or buy Verification Validation Resolution Establishment
  • 36. 36 Use Identity Proofing to Deliver Effective Digital Services Resolve. Validate. Verify.