This post is one in an ongoing series (starting here) in which I am developing the concept of ‘Informational Identity’. Your name, your legal identities, your digital identities, are all the same kind of thing: information tools created to pick you out of a crowd, to refer to you when you are not present, to bind your will to virtual worlds. These Informational Identities are related to each other in a directed graph whose nodes are privilege domains and whose edges are the authentication by the ‘tail’ nodes of credentials issued by the ‘heads’ for the credentials’ secondary purpose: demonstrating that the issuers were satisfied at the time of issue that they knew who you were.
Your name, your legal identity, your work identity, your online identities, are all the same kind of thing, are all related to your physical identity, and are frequently related to each other as well: they are collectively your Informational Identity.
That some Informational Identities are recorded in memory, others on paper, others electronically does not make them logically different kinds of things. That we think of them as different, that we take your legal identity and your Google or Apple identity to be different things, is a function of their legacy social, physical and electronic contexts.
The identifiers in your Informational Identity are the artifacts, knowledge tools, Kripkean rigid designators, that are used by others to point to you, to pick you out from the field so that communication may be directed to you, to refer to you in communication, to granted you access to and/or privileges in some gated domain, to hold you liable for your actions in some legal domain.
Your first Informational Identifier is usually your name, given to you on or around the time of your birth.
The second is usually your birth certificate, or sometimes Certificate of Birth Abroad. Sometimes the certificate happens before the name. You might get a birth certificate with no name, or a ‘temporary’ name. (Standard guidance to physicians and hospitals is to leave it blank it the name is unknown, but sometimes ‘Infant boy’ or some such will get written into the name.) Parents have up to a year to add a name to such a certificate. If they don’t do it, the individual has to have their name legally changed or risk significant identity related challenges later.
After the birth certificate there is a succession of Informational Identifiers.
As I described in my previous post, ‘Identity: Turtles All the Way Down‘, a ‘credential’ is an Informational Identifier designed to identify you to strangers, and to identify you via communication to those who are not physically present.
A credential has two functions: it identifies you to the owner or granter of privilege or access, so they may selectively permit you or admit you; and it demonstrates that its grantor had sufficient confidence that you are who you profess to be to issue you the credential.
It is the second function that provides the glue among the Informational Identifiers associated with an individual.
Your parents were confident in your identity when they named you. (As related by an identity panel member at the ONC HIT Interoperabilty Summit in D.C. last week, hospitals have gotten very careful about that ‘mapping’, snapping matching wristbands on baby and parents at birth which don’t come off until after you leave the hospital.)
The validity of a particular credential is a function of the quality of proofing done before it was issued. The quality of proofing is a function of the ‘weight’ of number of existing credentials examined, and the probative value of each, which is itself function of the nature of the credential type with respect to its ability to be validated, and the care with which it is validated.
A retina-scan credential may be mechanically verified to a high degree of confidence, but, as any spy thriller movie fan knows, you have to validate it with care to guard against the dead guy’s eyeball exploit : ).
It is not logically necessary for a credential to contain demographic or other information about the individual who is, knows, or has it. Such information is used contingently by the grantor of privilege for their own purposes: communicating with the individual, categorizing the individual’s interactions with the domain by common attribute, such as age, or gender, and so on.
The set of related Informational Identifiers may be usefully seen as a graph, the Informational Identity graph.
Your Informational Identity graph ‘grows’ as new Informational Identifiers are created. The edges of the graph point to the ‘upstream’ Information Identifier credentials used in proofing the new Identifier.
A given Informational Identifier may be honored by other resource and privilege domains without them having to issue credentials of their own.
There may be additional criteria you have to meet in order to be credentialed or to gain privileges by federation at a domain once your identity has been proofed: You may have to live in Poughkeepsie, be over 21 years old, have a Stanford-Binet score of 132 or over, or make between $30,000.00 and $34,999.99 a year, etc.
With your proven identity, other domains which are authoritative holders of such details may be queried to further gate your access.
Given that credentials are generally needed to make those queries, having all those different domains federated to the same Informational Identity make it practical to do that vetting real-time. That is the approach ID.me takes, describing the set of related nodes as a ‘Trust Graph‘ (which is consistent with but was not the model for the Informational Identity graph I am describing here. 🙂
Sometimes a credential may be designed to carry such information for convenience. For example, a driver’s license has your birthdate on it, which makes it convenient for the clerk at the liquor store to use to validate you are over 21 and honor the privilege granted by the state to sell you alcohol.
The birthdate doesn’t have to be on the license. There could be a phone number where you enter the two character state and the driver’s license number and it replies ‘over 21’ or ‘under 21’. The advantage would be that the license holder’s actual birthdate would not have to be revealed. The disadvantage would be that the clerk has to make the call for every transaction. (Note that ‘blockchain’ appeared nowhere in the protecting-your-privacy scenario here : ) – more about blockchain, distributed identity, sovereign identity and so on in a future post on this thread.)
With digital credentials privacy-preserving practices may be done much more conveniently.
Up next, we will look at how personal identity data fits into our picture, and then later see what we can conclude about the future of Informational Identity management from the Informational Identity perspective. Stay tuned.
Health IT Architect 