What is Digital Identity?
Maybe it’s not what you think it is.
A Substack exclusive preview of a post I will be publishing next week.
What is Digital Identity?
When someone mentions digital identity, chances are you know what it is. If you don’t, digital identity is simply a way to verify you as a person when you access an online service. Practically speaking, and depending on what service or system you are accessing, it usually means, one or several things, such as your:
Username and password
Social Insurance Number (SIN)
Your driver's license
Your bank account number
Your Twitter/social handles
and many more things
Still confused? To simplify it further, digital identity is any personal information that you can use to identify the real you and access services. This opens new possibilities for digital services and access without the use of physical documents. There are some excellent explainers on the basics of digital identity.
Can I see some (digital) ID?, at:
https://www.canada.ca/en/government/system/digital-government/living-digital/digital-id.html
Trusted Digital Identity Vision, at:
This article focuses on how the concept of digital identity is evolving: from where we started in the past, to where are at the present and to where we are going in the future. Digital identity within government, as we undergo digital transformation, we have a mix of the past, present and future. Unfortunately, the future is not equally distributed across programs and services yet, but we will get there soon!
Since 2009, the Government of Canada has had the Directive on Identity Management, but it was only in 2019 that a formal policy definition for a trusted digital identity was introduced:
trusted digital identity: an electronic representation of a person, used exclusively by that same person, to receive valued services and to carry out transactions with trust and confidence. [Policy on Government Security]
Trusting the technology
You’ll notice the word ‘trusted’ is an integral part of the definition. It’s one thing for you to have a digital identity to use, but it is entirely another thing for a federal program or service to trust that it is you using that digital identity and not someone else that is trying to be you. That’s why the definition of trusted digital identity was introduced, it must be trusted by government programs and services.
To ensure this trust, the Government of Canada is collaborating with the Provinces and Territories to develop a trust framework that enables the government to accept trusted digital identities. Currently, two provinces are providing trusted digital identities to the Government of Canada – Alberta and British Columbia. If you are a resident of either of province, you can use your MyAlberta Digital ID, or the BC Services Card as your trusted digital identity to securely access Government of Canada Services.
Using your provincially issued or territorially issued digital identity will be the future as the other provinces and territories come online, but in the meantime, you can still use the existing sign in services of GCKey, Government Sign-In by Verified.Me or, CRA sign in. These existing sign in services are excellent, but there is an additional complexity for the user in that there is one more step (and delay) to prove their identity, before they can access services.
For many, these different options and approaches all sound needlessly complex. That is in someway true, but we are on the pathway away from legacy system to a simpler future. But we are not there yet but getting there incrementally. There will come one day when all that detail about how to create your password, how you securely sign in, how you add a second factor will all disappear into the simple concept of a trusted digital identity that you can use anywhere.
Simplifying it for the user
Another challenge is that trusted digital identity is described from a program-centric point of view. This is appropriate for those who are building and maintaining these systems, but it is confusing to users who are not aware or don’t care about the details behind the scenes. Fortunately, the language to describe digital identity is becoming more user-centric. The Government of Ontario, for example, is describing their digital identity program with more user-centric terms:
convenient — it lives on your mobile device and is always ready to use whenever you need it
secure — your data is protected using strong encryption and, unlike your physical wallet, your digital ID can easily be turned off if your phone is lost or stolen
privacy-preserving — for example, if you need to show you are age of majority, the verifier will only know you are over 18, not your date of birth or actual age
verifiable — just like a driver’s licence, a digital ID is certified government proof that you are who you say you are
in your control — you have full and complete control over what bits of your information you want to share and with whom you want to share it – no one can access your data without your agreement
voluntary — signing up for digital ID will be optional – you can still use physical ID whenever you want
So the description of digital identity is now shifting from a program-centric perspective to a user-centric perspective. This shift is a result of how we as the public sector are changing our thinking about digital identity. In the past, digital identity was conceptualized as very narrow IT-centric means of logging into a system or service with little regard to who you were as an individual. Fast forward to today, the concept of digital identity is evolving toward a more holistic view of what is actually needed by the individual so that they can have the best experience possible, without barriers, and in a way that empowers them. This user-centric model is different way of thinking, and it will take time for the many legacy systems to get to this new state. But we are getting there, and the proof is what we have done with Alberta and BC.
Emerging technologies are now evolving away from centralized architectures, to decentralized approaches that better fit into the ebb-and-flow of an individual’s life and needs. New terms such as ‘digital wallets’, ‘verifiable credentials’ and ‘zero-knowledge proofs’ are entering the technology, policy and strategy lexicons.
What does this mean for me?
As an individual, digital identity is evolving to put you more in control on how you want to interact with online government services, or for that matter any online service. Legacy and centralized sign in and authentication systems are giving way to ‘citizen-centric’, ‘user-centric’ and ‘self-sovereign’ digital identity systems. The unexpected benefit is that as these new systems are evolving, they are bringing back the ways we have always interacted for millennia – using wallets containing proofs who we are (i.e., digital identity) to access services.
In the end, the better way to think about digital identity is not what it is, in terms of technologies, but rather what digital identity can enable you to do as an individual within the digital realm, such as:
Gaining secure access to online services,
Proving something about you (e.g., age, vaccination status)
Expressing a right or privilege (e.g., citizenship, age of majority, privilege to drive)
As the technology evolves, no longer will you have a remember a username and a password for each service that you want to access, you will be able to reach for digital your wallet, and say, ‘Hey it’s me!’ and the service will securely let you in and provide you with what you need. That’s essence of the vision we crafted over three years ago, and it still holds today.
To conclude, while technology is changing, it’s the change in thinking and describing digital identity that is important - about user and how to best empower them to access public services, and more generally empowering them as individuals interacting in a broader digital society.