Digital identity

Digital Identity is the representation of Identity in terms of digital information.

A Digital identity can be understood, in the context of a Digital Identity System, as the set of digital information that is attributable to any given Entity. This entity may be human (an individual or a community), a physical object, or even digital information itself (a Virtual entity).

Self-determination and freedom of expression of Digital identity could become a new Human Right (see Human rights). A Digital identity could also become a new Legal entity in the future.

Digital identity can be considered an emergent property of the Transaction of Information within a Relationship between two or more Entities.

A Virtual entity is a digital resource that functions as a unique and self-coherent subject or organism. Wikipedia is a good example of a Virtual entity: a clone of the Wikipedia application and data set would not function as the original, because it would lack Wikipedia's human community of participants. The subjective relationship of human beings to a digital resource endows that resource with Virtual Entity status.

An observer's perception of the digital identity of an entity is inevitably mediated by the subjective viewpoint of that observer (just as it is with physical identity). This becomes clear when one considers the implications of the concept of "Attribution" within the definition: in order to attribute information to an entity, the attributing party (the observer) must trust that the information does indeed pertain to the entity (see Authentication below). Conversely, the entity may only grant the observer selective access to its informational attributes (according to the identity of the observer from the perspective of the entity). In this way, digital identity is better understood as as a particular viewpoint within a mutually-agreed relationship than as an objective property.

Authentication is a key aspect of trust-based identity attribution, providing a codified assurance of the identity of one entity to another. Authentication methodologies include the presentation of a unique object such as a bank card, the provision of confidential information such as a password or the answer to a pre-arranged question, the confirmation of ownership of an email address, and more robust but relatively costly solutions utilising Encryption methodologies. In general, business to business authentication prioritises security while user to business authentication tends towards simplicity. New physical authentication techniques such as iris scanning, hand-printing and voice-printing are currently being developed and in the hope of providing improved protection against Identity theft.

Digital identity fundamentally requires digital identifiers - strings or tokens that are unique within a given scope (globally or locally within a specific domain, community, directory, application, etc.) Identifiers are the key used by the parties to an identification relationship to agree on the entity being represented. Identifiers may be classified as omnidirectional and unidirectional. Omnidirectional identifiers are intended to be public and easily discoverable, while unidirectional identifiers are intended to be private and used only in the context of a specific identity relationship.

Identifiers may also be classified as resolvable or non-resolvable. Resolvable identifiers, such as a domain name or email address, may be dereferenced into the entity they represent. Non-resolvable identifiers, such as a person's real-world name, or a subject or topic name, can be compared for equivalence but are not otherwise machine-understandable.

There are many different schemes and formats for digital identifiers. The most widely used is Uniform Resource Identifier (URI) - the standard for identifiers on the World_Wide_Web. A new OASIS standard for abstract identifiers, XRI (Extensible Resource Identifiers), adds new features to URIs that are especially useful for digital identity systems.

Digital identity attributes—or data—exist within the context of ontologies (see Ontology (computer science)). A simple example of an ontology is "a cat is a kind of animal". An entity represented in this ontology as a "cat" is therefore invariably also considered an "animal". In establishing the contextual relationship of identity attributes to one another, ontologies are able to represent identity in terms of pre-defined structures. This in turn allows computer applications to process identity attributes in a reliable and useful manner. XML (eXstensible Markup Language) has become a de-facto standard for the abstract description of structured data.

Ontologies inevitably reflect culturally and personality relative world views (see Cultural relativism). Consider two possible elaborations of the above example:

• 1) "A cat is a kind of animal. A domestic cat is a kind of cat and is a pet"
• 2) "A cat is a kind of animal. A domestic cat is a kind of cat and is edible by humans"

Someone searching the first ontology for pets would find "domestic cat", whereas a search of the second ontology for foodstuffs would yield the same result! We can see that while each ontology is useful within a particular cultural context or set of contexts, neither represents a universally valid point of view on domestic cats.

The development of digital identity network solutions that can inter-operate ontologically-diverse representations of digital identity is a contemporary challenge. Free-tagging has emerged recently as an effective way of circumventing this challenge (to date, primarily with application to the identity of digital entities such as bookmarks and photos) by effectively flattening identity attributes into a single, unstructured layer. However, the organic integration of the benefits of both structured and fluid approaches to identity attribute management remains elusive.

Identity relationships within a digital network may include multiple identity entities. However, in a decentralised network like the Internet, such extended identity relationships effectively require both (a) the existence of independent trust relationships between each pair of entities in the relationship and (b) a means of reliably integrating the paired relationships into larger relational units. And if identity relationships are to reach beyond the context of a single, federated ontology of identity (see Ontologies of identity above), identity attributes must somehow be matched across diverse ontologies. The development of network approaches that can embody such integrated "compound" trust relationships is currently a topic of much debate in the blogosphere.

Integrated compound trust relationships allow, for example, entity A to accept an assertion or claim about entity B by entity C. C thus vouches for an aspect of B's identity to A.

A key feature of "compound" trust relationships is the possibility of selective disclosure from one entity to another of locally relevant information. As an illustration of the potential application of selective disclosure, let us suppose a certain Diana wished to book a hire car without disclosing irrelevant personal information (utilising a notional digital identity network that supports compound trust relationships). As an adult, UK resident with a current driving license, Diana might have the UK's DVLA vouch for her driving qualification, age and nationality to a car-rental company without having her name or contact details disclosed. Similarly, Diana's bank might assert just her banking details to the rental company. Selective disclosure allows for appropriate Privacy of Information within a network of identity relationships.

See also: Pseudonimity