Digital Identity Perspectives

We usually speak of identity in the singular, but in fact, subjects have multiple identities. From our point of view, they tend to seem like different facets of our identity, but other entities have a specific view that corresponds to only a subset of those attributes. For example, my bank sees a set of attributes for me that correspond to my credit card numbers, account numbers, credit score, and so on. My employer sees a different subset that overlaps only in a few points such as name, social security number, and the one bank account I give my employer for depositing my paycheck.

My multiple identities are linked by me and little else. They represent different perspectives on who Phil Windley is and what attributes I possess. Most of these attributes are stored in various formats in myriad databases. In the State of Utah alone, there are over 250 different databases in which portions of my digital identity might be stored, depending on my interactions with the State. These multiple identities, or personas, as they are sometimes called, are tied together by a few common data elements that are used, imperfectly, as keys for accessing them: my name, my address, my social security number, and my birthday.

To make sense of all of this, Andre Durand, the founder and CEO of Ping Identity Corp. introduced the concept of "tiers of identity."[*] Figure 2-3 shows a schematic of these tiers. At the bottom is the first tier, labeled "My Identity." Tier 1 consists of attributes and traits that are associated with the subject and are both timeless and unconditional. For example, my name is Phillip John Windley, I have blue eyes, and so on.

Identity tiers and their relationship

Figure 2-3. Identity tiers and their relationship


Tier 2, labeled "Shared Identity," consists of the attributes that are assigned to us by others. These attributes are shared , because they are used to identify the individual but are temporarily issued based on some kind of relationship. Your wallet is filled with Tier 2 identities; your driver's license, your employee badge, your credit card, your health insurance card, and your library card are all examples of identity information that is assigned to you. Once the relationship that defines the identity is terminated, the attributes associated with it are no longer useful.

The topmost layer, labeled "Abstracted Identity" establishes the identity of groups. For example, I may be identified as a "Utahn," a "white male over 40," or as a member of any number of other demographic groups. Companies may classify me as a "frequent flier" or a "first time customer." All of these groupings identify me in some way, but only abstractly. Tier 3 is largely about marketing.

Tier 2 identity relationships usually happen with our consent and are mostly welcome because of the benefit we perceive. Tier 3 relationships are usually forced on us and most people resent them. For example, unsolicited commercial email (usually called "spam") is a Tier 3 identity issue. Telephone solicitations and even TV advertisements are Tier 3 identity issues as well. The problem with Tier 3 identity is that it is inaccurate and nonspecific. Consequently, Tier 3 identities rarely meet a real need. The benefit is so small as to be inconsequential, so most people perceive Tier 3-based relationships as bothersome.



[*] Durand, Andre. "Three Tiers of Identity." Digital ID World located at http://www.digitalidworld.com/modules.php?op=modload&name=News&file=article&sid=26.