When we work with clients on identity proofing designs, it is surprising how difficult it is to establish parallels between real world identities and electronic identities. In some cases, the physical identity process is considered sacred, one that cannot be modified or added to for the purposes of adding an e-business identity. Government and private sector alike struggle to align these two similar — same? — processes.
In other cases, we are asking clients about confirming identity for the first time — they simply don’t have existing business processes to properly validate the user when conducting business. They haven’t considered formal process in this area because the need for serving up sensitive information is so new. And they recognize that developing this process will cross organizational boundaries and create disruption at a business level (after all, this isn’t a technology issue).
Identity proofing is a critical issue in identity management and it needs to be carefully designed to ensure that users are appropriately identified before they are allowed access to sensitive information.
Bottom line: Identity proofing for electronic identities is fundamentally the same as identity proofing in the real world. In other words, proving you are who you are is the same regardless of how you conduct business!