Digital identity

A digital identity is data stored on computer systems relating to an individual, organization, application, or device.

Digital identities are composed of the full range of data produced by a person's activities on the internet, which may include usernames and passwords, search histories, dates of birth, social security numbers, and records of online purchases.

Furthermore, this information can be compiled to construct a "data double"—a comprehensive profile created from a person's scattered digital footprints across various platforms.

[1][2] Should the exchange of personal data for online content and services become a practice of the past, an alternative transactional model must emerge.

As the internet becomes more attuned to privacy concerns, media publishers, application developers, and online retailers are re-evaluating their strategies, sometimes reinventing their business models completely.

Increasingly, the trend is shifting towards monetizing online offerings directly, with users being asked to pay for access through subscriptions and other forms of payment, moving away from the reliance on collecting personal data.

Criminals, fraudsters, and terrorists could exploit these vulnerabilities to perpetrate crimes that can affect the virtual domain, the physical world, or both.

Using only static identifiers such as passwords and email, there is no way to precisely determine the identity of a person in cyberspace because this information can be stolen or used by many individuals acting as one.

The attributes of a digital identity are acquired and contain information about a user, such as medical history, purchasing behavior, bank balance, age, and so on.

A digital identity also has entity relationships derived from the devices, environment, and locations from which an individual is active on the Internet.

Conversely, the individual claiming an attribute may only grant selective access to its information (e.g., proving identity in a bar or PayPal authentication for payment at a website).

The use of both static identifiers (e.g., username and password) and personal unique attributes (e.g., biometrics) is called multi-factor authentication and is more secure than the use of one component alone.

The car rental and hotel company may request authentication that there is credit enough for an accident, or profligate spending on room service.

Valid online authorization requires analysis of information related to the digital event including device and environmental variables.

The original version of the Handle System technology was developed with support from the Defense Advanced Research Projects Agency.

[14] Analysis are performed based on quantifiable metrics, such as transaction velocity, locale settings (or attempts to obfuscate), and user-input data (such as ship-to address).

Correlation and deviation are mapped to tolerances and scored, then aggregated across multiple entities to compute a transaction risk-score, which assess the risk posed to an organization.

The development of network approaches that can embody such integrated "compound" trust relationships is currently a topic of much debate in the blogosphere.

A key feature of "compound" trust relationships is the possibility of selective disclosure from one entity to another of locally relevant information.

As an illustration of the potential application of selective disclosure, let us suppose a certain Diana wished to book a hire car without disclosing irrelevant personal information (using a notional digital identity network that supports compound trust relationships).

Implementations of X.500[2005] and LDAPv3 have occurred worldwide but are primarily located in major data centers with administrative policy boundaries regarding sharing of personal information.

This will be done by scaling individual servers into larger groupings that represent defined "administrative domains", (such as the country level digital object) which can add value not present in the original "White Pages" that was used to look up phone numbers and email addresses, largely now available through non-authoritative search engines.

While some radical theorists initially posited that cyberspace would liberate individuals from their bodies and blur the lines between humans and technology,[20] others theorized that this 'disembodied' communication could potentially free society from discrimination based on race, sex, gender, sexuality, or class.

This is evident in the practices of reputation management companies, which aim to create a positive online identity to increase visibility in various search engines.

The consequences of digital identity abuse and fraud are potentially serious since in possible implications the person is held legally responsible.

For technology to enable direct value transfer of rights and non-bearer assets, human agency must be conveyed, including the authorization, authentication, and identification of the buyer and/or seller, as well as “proof of life,” without a third party.

Descendants or friends of the deceased individual can let Facebook know about the death and have all of their previous digital activity removed.

Although a digital identity allows consumers to transact from anywhere and more easily manage various ID cards, it also poses a potential single point of compromise that malicious hackers can use to steal all of that personal information.

Although many facets of digital identity are universal owing in part to the ubiquity of the Internet, some regional variations exist due to specific laws, practices, and government services that are in place.

Digital identity in the national sense can mean a combination of single sign on, and/or validation of assertions by trusted authorities (generally the government).