Validation – Overcoming Identity Fraud
In his recent Network World article, Dave Kearns challenged the Identity Management industry to give special focus to validation in the process of issuing authentication credentials or creating user accounts:
” … validation – ensuring that the account that gets created accurately reflects the true identity of the entity that it’s created for. This step can overcome much of the identity fraud (what the popular press calls “identity theftâ€) that is prevalent today.”
Much of the ongoing controversy swirling around OpenID gets down to this basic issue. If OpenID credentials (or any credentials for that matter) can be issued to a person without verifying their true identity, the potential specter of fraud looms large.
However, as Dave also points out, users are slow to accept any methods that require extra effort:
” … users, as most of us know, are more reluctant to change than a baseball player on a hitting streak. Getting the changes implemented is going to be a slow slog … “
Short of government mandated and enforced identification processes that include fingerprinting and retina scans, I’m not sure how bullet-proof validation will occur, but perhaps we will develop methods with acceptable levels of risk that improve over what we have now. A Google search on “identity validation” yields a wide variety of disparate efforts in this area. The Wikipedia article on “Identity Score” highlights methods for “tagging and verifying the legitimacy of an individual’s public identity.” Many smart people are addressing the subject, but there is much more work to be done.
Technorati Tags: Identity, Identity Management, Digital Identity, Validation, Dave Kearns