Digital Identity on the internet is a well known, and yet unsolved problem. Done right it would open up great opportunities, eliminate tons of headaches and simplify online presence for everyone.
IAM (Identity & Access Management) is a constantly evolving domain, realized through numerous technological masterpieces. Still, it hasn’t significantly contributed to trust on the Internet. While technologies for authentication, authorization, and resolution are well-covered, the value remains limited without addressing Identity Proofing.
To clarify its value, we consider IAM in the context of online services. Services need Identity Proofing to distinguish genuine users from frauds, robots, and trolls. People need it to ensure their digital identity is never stolen or misused. Identity Proofing consists of two fundamental parts: Identity Verification, which occurs during the initial interaction between a person and a service, and Authentication, used for subsequent interactions.
Today’s IAM landscape excels in Authentication, with protocols like OIDC and SAML making significant impacts, along with technologies like password managers, MFA authenticator apps, and passwordless initiatives such as FIDO.
However, Identity Verification is problematic. Services either manage an expensive and cumbersome process involving ID document scanning, face scanning, and biometric matching, or they accept the drawbacks of low identity assurance, risking exposure to robots, trolls, and frauds. Self-registration with email/phone verification or Social Login (e.g., Google or Facebook) are common but flawed alternatives.
The IAM landscape has historically focused on Enterprise IAM (employee management), solving identity management in closed, standardized ecosystems. Organizations have extensive but semi-manual identity proofing processes, relying on physical interactions. This must evolve to support traditional Internet needs and shifting employer-employee relationships toward fully remote interactions.
The current IAM landscape is incomplete. Digital identity remains a complex issue for service providers, and life on the Internet is challenging for privacy-aware individuals. Identity Proofing is essential but not a standalone solution for digital identity on the Internet. It’s a cornerstone upon which solutions must be built.
And yes, Truid has the recipe - we address Identity Proofing, and more. Stay tuned 😉