jspωiki
Identity Proofing

Overview#

Identity Proofing is about a Registration Authority's level Of Assurance of the Entity’s Identification during Credential Enrollment.

Identity Proofing SHOULD be based on "life history" or transaction information aggregated from public and proprietary data sources.[1]

Bottom line, Identity Proofing is Authentication during the Credential Enrollment

In some Credential Enrollment processes, an external Verifier or Identity Verification Service may be used.

Expected Outcomes of Identity Proofing#

The only outcome of Identity Proofing is to ensure that the applicant (ie Claimant) is who they claim to be.

Identity Proofing may include presentation, validation, and verification of the minimum Claims necessary to accomplish the specified level Of Assurance for Credential Enrollment.

As an example, such core attributes, to the extent they are the minimum necessary, could include:

  • Full name
  • Date of birth
  • Home address
It is permissible for the Credential Service Provider to collect additional information in the process of Identity Proofing an applicant, provided validation and verification follow the requirements contained herein, and the applicant explicitly consents to the Credential Service Provider collecting and storing the attributes.

One of the challenges associated with Authentication of people (Digital Identity) is while there are situations where this is not required or is even undesirable (i.e., use cases where anonymity or pseudonymity are required), there are others where it is important to reliably establish the association with a Natural Person. For Example include obtaining Health Care and executing Financial transactions. There are also situations where the association is required for Regulatory compliance reasons (e.g., Know Your Customer requirements in the Financial Institutions) or to establish accountability for high-risk actions (e.g., the release of water from a hydroelectric dam).

There are also instances where it is desirable for a Relying Party (RP) to know something about a user executing a transaction, but not know the "true" identity of the Natural Person. For example, in order to maintain integrity of the service, it may be desirable to know the home ZIP Code of a user for purposes of census taking or petitioning an elected official but where it is not necessary or desirable to know the underlying identity of the Natural Person. Identity Proofings provide a method for expressing the level Of Assurance associated with attributes established by the Credential Service Provider during the Identity Proofing process.

The objective of Identity Proofing is to at some level:

  • Resolve a claimed Digital Identity to a single, unique identity within the context of the population of users the Credential Service Provider serves.
  • Validate that all evidence that is supplied is valid (correct) and genuine (not counterfeit or misappropriated).
  • Validate that the claimed identity exists in the real world.
  • Verify that the claimed identity is associated with the Legal Person supplying the identity evidence.

More Information#

There might be more information for this subject on one of the following: