Digital Trust Series:
Part 1 | Digital Identity

This is part one of a blog series covering the foundations of digital credentials. This series kicks off by establishing what digital identity is and how it can benefit you, your business or organization.

Join the conversation

Digital identity in the 21st century

By: Montana Kent

As we spend more of our time in the virtual world, the security and validity of our digital identity becomes increasingly important. Knowing exactly who or what we are dealing with allows us to navigate online more safely. We take for granted the ability to confirm who we're interacting with when it's happening face-to-face.

In trying to understand digital identity, we first need to establish what exactly we mean when we say the word identity.

Your identity, in the context of interacting with others, contains special identifiers and characteristics that help them to uniquely identify who you are and separate you from others. Throughout your life you collect these various identifiers and characteristics, and some are static and stay with you, like your birth date, while others can be updated and changed, like your job titles.

This is where identity establishment becomes important, which is the creation of a record of identity that can be relied on by others.

Image depicts two people facing one another with mobile devices and different examples of identifying credentials in between them.

Some identity records are foundational while other are contextual. According to The Pan-Canadian Trust Framework (PCTF)TM:

Foundational identity records establish the identity of subjects that are legally recognized as real. They are given to people, organizations and businesses by certain public sector agencies that are responsible for creating and managing legally accepted identities. This can include bodies like registrars or citizenship and immigration agencies. An example of a foundational identity record could be a birth certificate or an article of incorporation for a business.

On the other hand, contextual identity records establish the identity of subjects in more specific contexts. These types of records include identities that are self-issued or assigned to individuals, businesses or products. They can be issued by different organizations – like corporations, governments and non-profits.

Examples of contextual identity records could include corporate IDs from a professional body, someone's social media identity, or in the case of a product – a digital identity that is assigned by manufacturers.

Image depicts a cell phone, a laptop, a physical credential and a certified document.

Although identities are often thought of as something that only applies to individuals, as we can see, identities can also be assigned to businesses and organizations. Applying what we know now about identity establishment, there can be both foundational information that defines a business and contextual information depending on the work that business is doing.

What is a digital identity?

Now that we've defined what we mean when we say identity, what does it mean to have a digital identity?

A digital identity is essentially the electronic equivalent of your identity in the physical world.

It's also important to understand the difference between digital identification and digital authentication.

Identification looks to answer the question "Who are you?" - and in the context of digital identity, this question needs to be answered without in-person interactions and exchanging physical documents. In contrast, authentication is the process that confirms that this answer is true and grants you access. This is often done through a username and password, but we can authenticate a digital identity through all sorts of methods, including:

  • Knowledge-based confirmation (e.g., challenge-response questions: "what is your mother's maiden name?")
  • Biological or behavioural confirmation (e.g., use of fingerprint)
  • Trusted referee confirmation (e.g., confirmation of identity by a trusted third party)
  • Physical possession confirmation (e.g., possession of a token, specific device or credential)

For more information, visit the Pan-Canadian Trust FrameworkTM.

To increase security, multiple methods (often called factors) of authentication are commonly used. Think of this like when you are attempting to access services online through the Canada Revenue Agency (CRA). They may implement physical possession confirmation on top of your username and password. During this process, you would provide your phone number so CRA can send a one-time passcode code via SMS or automated message to the phone number you provided, which you then submit in addition to your login information.

Image depicts two hands reaching for two certified check marks, representing multiple authentication methods.

Why do we need a digital identity?

As we move into an increasingly digital world, accelerated by the impacts of COVID-19, having a digital identity is necessary for us to fully engage online. For individuals, businesses and organizations a digital identity can give access to products, services and information. Digital identity is the foundation needed to facilitate online transactions. Having a digital identity is a necessary component in order to fully participate and excel in the Canadian digital economy.

Whether it's a business transaction or accessing a service, knowing who you are dealing with is important. What the virtual world lacks in eye-contact and a handshake, is made up for with a reliable digital identity.

As the need among individuals and businesses for digital services rise, governments are looking to leverage new technologies that ensure the security and validity of digital identities and enable trusted interactions. In the next installment of this digital trust series, we will explore the emerging technology of digital credentials and the role they play in achieving this.

Subscribe to the Digital Credentials Digest!

Published: June 25, 2021

Last updated: June 25, 2021

Show all updates

June 25, 2021

First published