Overview#

Identity Proofing the function of collecting evidence (Identity Attributes or Identity Documents) which supports a claim of Identification for a specific entity and the validation and verification of that evidence so as to determine the veracity (or otherwise) of the claim.

Identity Proofing typically, is a process in which a entity provides evidence to a Registration Authority (or Attribute Provider or Credential Service Provider) providing reliable Identification, thereby allowing the Registration Authority to make an Assertion of the Entity’s Identification at a useful level Of Assurance.

Identity Proofing usually performed during and Enrollment or Credential Enrollment process.

Identity Proofing may be used to establish the uniqueness and Authenticity of an individual’s Identification to facilitate the Provisioning of an entitlement or service.

Identity Proofing is a form of Authentication used during Enrollment and on which future Authentications will be based.

Identity Proofing is a process that vets and verifies the information that is used to establish the identity of a system entity. (RFC 4949) (See: registration.)

Identity Proofing SHOULD be based on "life history" or transaction information aggregated from public and proprietary data sources.[1]

Bottom line, Identity Proofing is Authentication during the Enrollment

In some Credential Enrollment processes, an external Verifier or Identity Verification Service may be used.

Expected Outcomes of Identity Proofing#

The only outcome of Identity Proofing is to ensure that the applicant (ie Claimant) is who they claim to be.

Identity Proofing may include presentation, validation, and verification of the minimum Claims necessary to accomplish the specified level Of Assurance for Credential Enrollment.

As an example, such core attributes, to the extent they are the minimum necessary, could include:

• Full name
  • Birth Name
• Date Of Birth (DOB)
• Place Of Birth
• Address
• Many others

It is permissible for the Credential Service Provider to collect additional information in the process of Identity Proofing an applicant, provided validation and verification follow the requirements contained herein, and the applicant explicitly consents to the Credential Service Provider collecting and storing the attributes.

One of the challenges associated with Authentication of people (Digital Identity) is while there are situations where this is not required or is even undesirable (i.e., use cases where anonymity or pseudonymity are required), there are others where it is important to reliably establish the association with a Natural Person. For Example include obtaining Health Care and executing Financial transactions. There are also situations where the association is required for Regulatory compliance reasons (e.g., Know Your Customer requirements in the Financial Institutions) or to establish accountability for high-risk actions (e.g., the release of water from a hydroelectric dam).

There are also instances where it is desirable for a Relying Party (RP) to know something about a user executing a transaction, but not know the "true" identity of the Natural Person. For example, in order to maintain integrity of the service, it may be desirable to know the home ZIP Code of a user for purposes of census taking or petitioning an elected official but where it is not necessary or desirable to know the underlying identity of the Natural Person. Identity Proofings provide a method for expressing the level Of Assurance associated with attributes established by the Credential Service Provider during the Identity Proofing process.

The objective of Identity Proofing is to at some level:

• Resolve a claimed Digital Identity to a single, unique identity within the context of the population of users the Credential Service Provider serves.
• Validate that all evidence that is supplied is valid (correct) and genuine (not counterfeit or misappropriated).
• Validate that the claimed identity exists in the real world.
• Verify that the claimed identity is associated with the Legal Person supplying the identity evidence.

Identity Proofing Patchwork#

There is a patchwork landscape at the federal, state, and local level and for commercial industries for identity proofing and identity authentication.

• Government
  • Federal: NIST.SP.800-63A Identity Assurance Level
• Commercial
  • Banking: Section 326 of the USA PATRIOT Act Customer Identification Program)
  • Various other Know Your Customer
• The Nevada Gaming Commission and State Gaming Control Board
• Regulation 5A (110 - Registration of Authorized Player)

Identity Proofing requires Evidence of Identification#

• Examples of Evidence

More Information#

There might be more information for this subject on one of the following:

• Acr_values
• Authenticator
• Automatic Certificate Management Environment
• Boulder
• Certificate Authority
• Certificate Level Of Assurance
• Certificate Request Process
• Credential
• Credential Enrollment
• Credential Management
• Credential Service Provider
• DNS Certification Authority Authorization
• Derived Credential
• Digital Identity
• Domain Authorization Document
• Examples of Evidence
• ISO 29003
• Identifiability
• Identified
• Identity Assurance Level
• Identity Document
• Identity Proofing
• Identity Verification
• Knowledge-Based Authentication
• Level Of Assurance
• Level of Identity Proofing
• M-04-04 Level of Assurance (LOA)
• Mallory
• NIST.SP.800-63
• NIST.SP.800-63-3
• OpenID Connect for Identity Assurance
• Public Key Infrastructure Weaknesses
• Registration
• Registration Authority
• Social Identity
• Vectors of Trust

---

• [#1] - Identity-proofing services - based on information obtained 2016-10-28-