In a nutshell, the digital identity of a person is the set of all the [personal] information and data about that person, that exist on the Internet. A person’s identity on the Internet is verified through a process called identification. Identification consists of three steps: the claim of identity by a subject, authentication and authorization.
Claims of Identity:
When a subject wants to create a profile on the Airbnb website he or she has to provide Airbnb with a certain set of credentials. Credentials are characteristics and properties of the subject that can be used to describe the subject’s state, appearance or other aspects. This set of credentials, that are in fact a subset of the subject’s digital identity, is called the transaction identity. For example, the subject has to report his or her name, mailing address, email address and credit card information. This step is called a claim of identity.
Authentication and Authorization:
Generally, after an identification claim is submitted to an online service provider (“OSP”), here the Airbnb, the claim is investigated, either by the OSP alone or by the OSP and a credential service provider (“CSP”). In the case of Airbnb, since Airbnb requires credit card information from the subjects, the credit card provider, that has issued the subject’s credit card, is called upon to authenticate the information. In this scenario, the credit card provider acts as a CSP. Some transactions, such as signing up for an e-mail list on a website, don’t involve CSPs, however more sensitive transactions should and usually do involve CSPs. CSPs add an extra layer of security to online transactions and their use should be encouraged. Once the identity claim is successfully authenticated by the CSP, the transaction will be authorized by the OSP and the subject will be able to use the OSP’s services. The OSP will save and maintain the collected data for future use.
To be continued…