What Is Digital Identity?

No single definition: clearly relates to how a person is able to prove identity using digital technology.
ISO 24760-1: a set of attributes that uniquely identify a person in electronic interactions
Lifecycle:

Key principle: strong identity =
verified data + secure credential + auditable use

Authoritative Data → Online Profile

Civil-registry “root-of-truth” (name, DoB, ID #) pulled at enrolment
One-time binding: data are cryptographically hashed & sealed into the user’s credential or ID token
Duplicate & fraud prevention: nothing issues without a live check back to the registry
Selective disclosure: Goal is to let users consent to share only the claims a relying party needs
Result: trust travels with the user, privacy is preserved

Binding authoritative data is what differentiates national digital ID from simple web accounts - privacy controls are also key

One credential, many doors: eFaas SSO unlocks many public-service portals and growing private-sector apps
Powered by OpenID Connect (OIDC): a thin layer on OAuth that returns an ID token after login
Security uplift:
- Multi-factor authentication & device binding baked in
- Unified audit trail—fewer silos, easier threat hunting
User experience: no more account sprawl, consistent branding across services
Agency benefit: integrate once, inherit NCIT’s hardened auth stack

OAuth 2.0 → issues access tokens for APIs
OIDC → adds ID tokens & /userinfo endpoint for identity claims
Scopes control data flow:
- openid – basic login
- profile, email, phone – standard attributes
- Custom scopes (e.g., address, age) for specialised services
Verified claims: upcoming OIDC for Identity Assurance flags claims as “verified/high-LOA” for high-risk cases (e.g., remote account opening)
Granular consent: users approve only the scopes requested, meeting privacy-by-design requirements

By Ted Dunstone