The importance of identity in the digital age
by Mirko Zorz - Monday, 20 December 2010.
In the past decade our identity has undeniably evolved, we're preoccupied with identity theft and authentication issues, while governments work to adopt open identity technologies. David Mahdi, a Product Manager at Entrust, explains the critical issues in understanding the very nature of identity in a society actively building bridges between the real and digital world.

What are the critical issues in understanding the very nature of identity in a society actively building bridges between the real and digital world?

While one’s identity in a digital world is analogous to what it is in the traditional “real” world, the challenges and issues associated with trusting one’s digital identity, managing it, and securing it are very different between these two worlds.

The core value to one’s digital identity is Trust. In the real world an individual is able to easily confirm their identity by presenting documents, such as a passport or driver’s license, that have been issued by authorities, based on verifiable information provided by the individual. And because these authorities (such as governments) are trusted, the documents, or credentials they issue can be used by the individual to prove their identity with many different organizations that might be offering services.

In the digital world, however, trust is not as easy to determine. Like the real world, a digital identity must be issued by a trusted authority. The extent to which that digital identity can be used may well be a function of the trust that other organizations put in that Authority. In some cases a digital identity may be issued by a single Authority - a bank, a retailer or even a government agency - and that identity may only be used with that Authority. As a result, to take advantage of the digital world, individuals may have many digital identities. This, however, is not ideal. If the Authority that issues a digital identity is trusted by other organizations, in much the same way that a government issuing passports is trusted, then the digital identities they issue could also be trusted by other organizations, and be used more broadly. But establishing that trust is one of the key challenges of the digital world.

As a result, an individual’s digital identity may actually consist of many different identities, issued by many different organizations, and generally they’ll be used only and trusted by the organization that issued them. This creates a bit of a management nightmare for individuals in the online world as they’re faced with keeping track of which identity is used with which organization, where that identity is stored electronically and, most importantly, how to protect it.

How has individual identity evolved in the digital world?

One of the great opportunities in the digital world is the unparalleled growth of services that are available online – whether it’s for purchasing vacations, accessing health documents, balancing bank accounts and paying bills, or just interacting with friends and business colleagues in a social network or over email. But taking advantage of these services has resulted in an individual having many unique digital identities. Each of these organizations may recognize an individual very differently – and their entitlements with each of the organizations may differ dramatically. An individual’s overall identity, therefore, is a collection of digital identities, all of which must be managed and protected.


More than 900 embedded devices share hard-coded certs, SSH host keys

SEC Consult analyzed firmware images of more than 4000 embedded devices of over 70 vendors and found that, in some cases, there are nearly half a million devices on the web using the same certificate.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Nov 26th