Open Discussion: Identity Verification for People w/o Paper Trail

From IIW
Session Topic: Identity Verification for People without Paper Trails

Tuesday 1K

Notes-taker: Matt Berry

Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:


This session was hosted by a company that was shopping for an IDP. The primary trait they were seeking from the IDP is strong “meatspace” identity verification; however they also had a target audience of people who traditionally don’t have paperwork such as driver’s licenses, voting records, or birth certificates. Traditional meatspace identity verification has been heavily rooted in government documentation, but populations such as the homeless, the mentally unstable, refugees, and non-legal immigrants often don’t have these sorts of government records to identify them. There was mention of a number of government programs that deal with these sorts of populations already. The British Columbian Government was mentioned as having a universal ID card based on biometrics. The City of Oakland, CA Government had an EBT card program based on visual comparison of photographs (in this program, the end-users had to remember their names in order to find the photograph).


This invoked a discussion about different means of doing identity verification; both in meatspace and in virtual spaces. The American CIA, as an example, conducts a long interview process where identity is established by gathering evidence of identity over the course of a lifetime. Consumer background checks determine identity by gather artifacts of past loans and credits. Social networks were brought up as a more pragmatic (and faster) means of establishing a virtual identity. The theory is that the more content and the longer someone has held on to a virtual identity, the more trustworthy it is. This is similar to the proof-of-work system of spam email prevention.


Someone asked if the system being built by the session hosts could tolerate duplicate virtual identities for the same meatspace identity. Many systems can tolerate duplicate identities, on the condition that the system can still assert that the same identity is logging in this time as last time. An example of this is any system that allows a user to save the state of their application and then return later to complete it. Other systems, such as online voting systems, cannot tolerate duplicates.