Who I Am vs. Who I Claim to Be
An
article in yesterday’s USA Today Money section, "Biometric
IDs could see massive growth," illustrates a natural disconnect between
"Who I am" and "Who I claim to be." The US government’s
trial Registered
Traveler program uses biometric ID cards as a mechanism to prove that a
traveller is who he says he is. It is not enough for a person to claim to be
someone; he or she must prove that claim, using a set of mutually-accepted
identification mechanisms.
Before stating the Laws
of Identiy, Kim Cameron defines
a digital identity as "a set of claims made by one digital subject about
itself or another digital subject." He further points out that a claim
is "an assertion of the truth of something, typically one which is disputed
or in doubt."
In a prospective interchange, we have one party claiming something to be true.
On the other hand, the recipient must validate that claim – remove the doubt.
The key challenge is how to prove, to the satisfaction of the receiving party,
whether a claim is indeed true. Biometrics attempt to connect physical characteristics
(e.g. fingerprints, retina scan patterns, DNA match?) with digital identifiers to validate
Identity claims. Trusted
third parties can be used to vouch for the validity of claims.
Both digital identity and physical identiy systems are faced with that challenge
– to prove whether claims are true. A variety of technologies can be combined
to validate claims in different environments, for different applications.
I suppose that every known claims-validation system could be compromised or spoofed if
enough money and resources were applied. Therefore, the risk of mistaken identity
will never fall to zero. The trick is to reduce the risk to an acceptable level.
Thirty four years ago next month, I took an engineering drafting class while
a freshman at
BYU. The instructor, Max Raisor, would draw something on the
chalkboard, take a step back to examine his work and then proclaim, "Good
enough for who it’s for!"
In reality, proving a claim is like that. It really means reducing the doubt
about the claim to a level acceptable for a connection to be made, or a transaction
to be consumated – where the level of doubt about "Who I Claim to Be" is good enough
for who its for.
Tags:
Identity
Digital Identity
Identity Management
Biometric
Registered Traveler
Laws of Identity
BYU
[Trackback] Pursuant to reading Mark Dixon’s post on ” Who I Am vs. Who I Claim to Be “, I started to ponder on the paragraph which said : In a prospective interchange, we have one party claiming something to be true. On the other hand, the recipient must valid…
[Trackback] Pursuant to reading Mark Dixon’s post on ” Who I Am vs. Who I Claim to Be “, I started to ponder on the paragraph which said : In a prospective interchange, we have one party claiming something to be true. On the other hand, the recipient must valid…