Identity is a difficult term to define in the cybersecurity world. The range of personal information that can be associated with an identity interaction is highly dependent on the situational context of the interaction. The definition of identity also depends on the context of the medium within which it is exchanged.
In the physical world, when we talk about identity, it’s usually rooted in government, healthcare, finance and other issued credentials, such as driver’s licenses, passports, national ID cards, health insurance cards, car registration documents and more. In the digital world, however, identity is usually rooted in what we have access to — applications, usernames and passwords, accounts and federated accounts.
Why do we consider identity differently in the physical and digital worlds? At the end of the day, isn’t identity any trusted instrument that is used for the exchange of personal information between entities?
(Source: IBM)
Some forward-thinking concepts to keep in mind as we look to address this identity dilemma include:
Lack of a single identity approach across physical and digital interactions
Evolving processes and interactions in our digital world while using the existing frameworks and standards that are already ingrained within industries
A standards-based approach will be the underpinning to deliver digital trust at scale
The Need for Identity Across Physical and Digital Realms
As we think about the different mediums within which we exchange identity — e.g. physical and digital — we have yet to truly develop a robust, scalable and portable way to establish trust that adheres to proposed trust framework physical digital identity interactions
