So when is a digital interaction not a digital interaction?

When the identity and associated roles -that trigger and consume- the digital interaction are not an integral part of the process. This means that participating parties cannot be legally held accountable for their actions. Principle consequence is a lack of absolute traceability in your organisation, and if there is some legal requirements, a need for manual paper processes to run in parallel with the digitised processes.

There are additional consequences:

  • a lack of traceability gives limited transparency which means you don’t have control over the information in your organisation.
  • When legality comes into play, there is the extra cost of running the digitised process parallel with a manual process.
  • From a compliance perspective, although you can assign responsibility to roles, you cannot tie accountability with the responsibility because the -so called- identities and appointed roles are not really a part of the digital interaction.
  • From a security angle, the risks to the integrity and confidentiality of your information is increased as the identity, or lack of a strong digital identity weakens the complete digital interaction/cycle.

Although many identity products tout to solve this problem, they do not. The reason why is that they are based on the use of a digital identity, and as I mentioned in the first post in this series, digital identities as used in main today are not identities at all! They weaken with exposure, not reflecting the real world whereby our physical identity strengthens with exposure. They are not people-centric but database/directory centric. This presents significant risks to the integrity and confidentiality of all digital interactions.

So in returning to the original question. The answer is when the digital interaction is pulling identities from a database or directory, not from the identity holder. What is needed is to weave a digital identity that is centric to the individual, one that is strengthened by reference authorities into the digital interaction. This is a true digital interaction anything less is not a digital interaction at all.

Turning the identity thing upside down

Haven’t you thought it as strange that your digital identity becomes weaker the more it is exposed? In fact is it an identity at all? After all it is only a record in a database, or an object comprised of attributes in an X.500 tree, or something written on a plastic ‘id card’. It is all of these, and replicated, maybe hundreds of instances, accurately and inaccurately all over the world.

In fact where is your digital identity? Is it real? If it is real then why do you have no control over it?

Why does your digital identity not reflect exactly how your physical identity works in the real physical world? When you are born you are referenced, i.e. probably starting with your parents declaring that you are their son/daughter and what your name is (your identity), relations and friends do the same… your identity strengthens. You start kindergarten and school, perhaps you have been assigned a national id number…. you are referenced, every reference to you strengthens your identity. The louder you shout, the more famous you become, the stronger your identity grows. In fact the President, Prime Minister, King, Queen, etc., probably have the strongest identities.

It is difficult to commit identity fraud on strong identities. So I return to my first question, why does it not work the same in the digital world?