How can we forget a purchase on special offer, a sale via a cloud service, our online bank account? The new world based on technology is fantastic, spectacular, fast and lavish. But not only: it’s easy, flexible, competitive and global. In short, once you have tried the digital experience, it’s difficult to imagine no longer being in a virtual world and returning to the limits of our physical world. We would be marginalized and no longer in line with the times. We would lose opportunities and we could even end up not complying with the law.
The rights and duties of citizens is now also a digital right and duty. Some things can only be done online, and this is also true, even if it has been changing slowly, for dealings with public authorities, tax authorities, schools and at home.
Our physical existence (material) goes hand in hand with our digital existence (virtual) and they combine together in what is our reality (augmented) today. Neither of the parts prevails, value is distributed across them: perhaps we possess more digital than physical objects, more and more often an object is present in both worlds and it is ours, inalienable, … maybe.
Who are we in the digital world? A UserID, a Password, a Token, a OTP, an App, a Certificate? We are all this, all together, repeated countless times, in a kaleidoscopic cauldron of bytes of which, day by day, we lose awareness and control.
In theory there is no harm done if you lose a login, you can always recover it: an e-mail, a new password and everything returns to normal. But is it really like this? Every UserID is one of our identities. They describe something about us and enable us to use some of the things that are part of the enhanced reality that makes up our personal or work environment.
What would happen if one of our identities finished in the wrong hands? What would happen if we lost our identity card, health card or bunch of keys? We might also wonder how long it would take to realize that we’d lost a physical identity? With the realization, our reaction would be rapid. We know that our credit card has to be blocked, the lock changed, we have to report our lost documents and request new copies. In the meantime, someone could have entered our house, opened our car or bought something with our credit card.
So with hindsight, we buy a more secure lock, activate a secure code, install a burglar alarm…
In the digital world the problem is similar, maybe more serious. Everything is faster and access control technologies are not always adequate for the value of the objects being protected. The choice of security tools is entrusted to the service provider and the need for a simple and immediate user experience often prevails.
Identity theft, or even a fake identity, can lead to purchases being made with our money, the dissemination of confidential or false information, illegal activities and our reputation being compromised.
It is therefore important to offer services that are adequately protected and adopt solutions that guarantee the identity of the user and the service provider. In all cases, we are looking for flexible, easy, safe and accessible tools, … after all, we are in a digital world and the rules must also be applied to security.
Awareness of the need for a solution to the problem of digital identities is now widespread and is one of the open issues for national and European administrations. Many initiatives have been set up by governments and private institutions which, independently, have realised federated digital identity and authentication systems and therefore usable for accessing services offered by providers adhering to the initiative.
A standard and interoperable solution is needed: a solution that allows the use of application services in which the Server/Client pair is not established beforehand but can be chosen freely by the user. A solution which is in compliance with regulations, laws and the highest levels of security.