Understanding the difference between Identity, Authentication and Authorisation

On August 7-8th 2018, technology experts from Australia and around the globe gathered in Canberra for the Digital ID Show. The event was co-located with the Technology in Government Expo and the Cyber Security in Government Conference.

Overall, more than 2,500 attendees wandered among 120+ exhibitors and listened to 120+ speakers from a range of industries.

The Digital ID Show focused on the bigger questions underpinning digital identity and what that means for the roll out of digital identity in Australia.

These questions are not only being asked in Australia, several countries including the UK, Netherlands, Canada and USA are reviewing similar ideas. The concept is to provide users with a better way to prove ID, establish trust, reduce fraud, fight crime and terrorism, and streamline services and online payments. There are many different players involved, both from the government, as well as the private sector. One thing everyone agrees on, is that innovation and collaboration between all stakeholders is vital.

In a world where everything is connected 24/7, where the power of AI is increasing, it is critical to get the foundations right. The recent data breaches and Facebook’s data privacy scandals highlight the impact that technology can have on our personal lives, including disastrous consequences if we do not take the right measures.

Technology is neutral. It is neither good or evil. It does not have a concept of ethics, it only does what we set it up to do. We must be the ones asking the right questions to position technology to succeed with the right outcomes in society.

A range of regulations is being implemented across the world to set a legislative framework around the use of personal data. Laws like the General Data Protection Regulation (GDPR) in Europe are setting a standard for data privacy legislations. In Australia, the Open Banking changes will come in place by July 2019, permitting consumers to allow other financial companies and third parties access to their banking information. This will open new opportunities for businesses, as well as fairer and better products and services for customers.

If implemented properly, these new laws can both protect our personal data while enabling personalisation at scale, all with explicit and informed consent. If we fail to put in place the right measures, it can lead to a digital dark age where no trust is established between consumers, organisations and public institutions.

Solving the question of Digital Identity is an important first step, but the efforts should not stop there.

In her talk entitled “Do you really need to know who I am?”, Meeco founder Katryna Dow outlined the differences between Identity, Authentication and Authorisation and how emerging solutions like progressive disclosure and Zero Knowledge Proofs can help solve some of the identity and personal data challenges we face in the digital world.

Identity is the answer to the “Who am I?” or “What am I?” question.
Authentication is about asking can I trust who or what this is?
Authorisation follows authentication to determine what services are available to the trusted party.

With minimum information and transparency, users can still get maximum value from many services. A great example is the difference between asking for your date of birth versus asking if you are over 18 and therefore eligible to enter a night club, drive or purchase alcohol.

Many services do not need to know your exact identity to provide you with their services. A trusted persona (backed by your real identity) can enable services to be provided in a more privacy preserving way. The service provider just needs to know that they can trust the party that vouches for you. When service providers establish trust by being transparent with their customers and are clear about what they intend to do with the data they collect, research shows people are actually willing to share more data.

“It is critical to understand the consequences that poor foundations have in the future. By understanding the differences between identity, authentication and authorisation, governments and service providers can design for privacy and reduce the collection of personal data. The result of getting the foundation design right is a more secure digital society, one with less fraud and identity theft”.

To learn more about Meeco’s vision for how personal data can unlock value and enable trusted personalised services read our White Paper; Zero Knowledge Proofs of the Modern Digital Life.

If you have any questions or want to find out more, chat with us on Telegram or follow on Twitter.

Leave a Reply

Your email address will not be published. Required fields are marked *