Page 47 - ITU-T Focus Group Digital Financial Services – Technology, innovation and competition
P. 47
ITU-T Focus Group Digital Financial Services
Technology, Innovation and Competition
Figure 2: Digital identity high level process
• Authentication (as defined in ITU-T X.1252): This is the process of validating the assertion of an attribute
associated with an identity previously established during identification. Typically, this involves presenting
or using an authentication credential (that was bound to the identity during identification) to demonstrate
that the individual (or organisation) owns, and is in control of the digital identity being asserted.
• Authorisation: This is the process of determining what actions may be performed or services accessed/
provided on the basis of the asserted and authenticated identity.
Partial assertion
For government and financial services, the set of identity attributes that need to be established and asserted
is usually fixed, including, for example, name, address, and date of birth. There are many services where
such a fixed set of attributes is not required. For example, access to age-restricted services may only require
determining that the individual is over 18, and personalisation of a retail service may only strictly require
information about product preferences (although often retailers are keen to acquire significantly more data).
The ability to assert only the data that is necessary to enable the transaction is referred to as “minimal
disclosure”. Privacy-respecting digital identity systems often place a great deal of focus on this requirement.
More generally, with the increasingly diverse range of digital services that individuals use, there is a growing
need for individuals (and the devices they own) to be able to share specific items of data within differing levels
of assurance requirements, relevant to the context and shared under their control.
2.2 Derived digital identities
Iteration of the process outlined in Figure 2 can be performed to derive different classifications of digital
identity. The identities created during these iterations may be for specific transactional purposes or use
within certain domains such as banking or healthcare. Typically, a core or “foundational” identity – usually
governmental, and intended to be used for multiple purposes – is used to establish credentials for a derivative
digital identity, described as either “functional” or “transactional”, which in turn is intended to be used in the
context of a particular service. The different classifications identified are:
• Foundational: A core digital identity (such as the Aadhaar programme in India), usually created as part
5
of a national identity scheme or similar, which is based on the formal establishment of identity through
the examination of qualifying (breeder) documents such as birth records, marriage certificates, and social
security documents. Such a digital identity typically enables a wide variety of government services, and
sometimes extends further.
5 https:// fxb. harvard. edu/ indias- aadhaar- program- a- legitimate- trade- off- between- social- protection- and- privacy/
33
