What is a digital identity?

A digital identity is a virtual representation of an individual in the digital world. It comprises the attributes and information that uniquely define and distinguish them online. Login credentials, biometric data, email addresses and decentralized identifiers (DIDs) are all examples of digital identities.

In the realm of cybersecurity, digital identities play a pivotal role in regulating access to network resources. Any user, device or application seeking access to a network resource must first obtain a unique digital identity. This digital identity contains the authorization and permissions they need to interact with the resource.

For example, a user would need an AWS account to access resources in an AWS environment. This account functions as their digital identity on AWS and may grant them access to different cloud computing services and resources, including EC2 instances (virtual servers in Amazon's Elastic Compute Cloud) and Lambda functions. Similarly, an application running on an EC2 instance that wants to read data from an S3 bucket must also first acquire a digital identity.

A digital identity defines who can access what, under which circumstances and for how long. For instance, an AWS IAM role may temporarily grant an external user access to perform WRITE operations on an RDS instance, after they have presented an authorization token.

Digital identities, accounts and users are unique concepts in cybersecurity that have different scopes and use cases.

Digital identity is the broadest of all three. It encompasses any attributes or identifiers that can be used to identify, authenticate and authorize an entity in a network. For example, API keys, digital certificates, IAM roles and service accounts.

A digital account is a type of digital identity used to access a particular resource or environment. Access to digital accounts is often protected via some sort of authentication, e.g. single sign-on (SSO), passwords or keys.

A digital user is an individual that interacts with a digital system. Interactions can include accessing a resource, performing some operations or using a service.

A single digital identity may have multiple digital accounts. For example, a project owner’s identity may encompass different administrator accounts, service accounts and root profiles that offer them exclusive access to the entire infrastructure.

1. Provisioning and granting access

Digital identity management begins with registration and enrollment. Administrators provision a user on the system, typically an identity and access management (IAM) solution, and create their digital identity. Depending on the user’s role, the administrators then grant the relevant privileges and access rights to the user’s identity.

2. Authentication

When a user tries to access a resource, the access management system authenticates their identity. Authentication typically involves verifying user credentials associated with an identity, such as tokens, biometrics, cryptographic keys or multi-factor authentication (MFA).

3. Authorization

Once a user has been authenticated, they are authorized to use the privileges associated with their identity. This is important to mitigate security threats associated with privilege escalation and maintain high standards of application security. For example, if a user assumes a role to perform an elevated operation, the identity management system will check whether the assumed role grants the rights to do so.

4. Lifecycle management

Another important aspect of digital identity management is tracking the lifecycle of identities. This includes regular reviews, updates and eventual deactivation or archiving of identities when they are no longer needed.

5. Federation

Federation is a technique that allows digital identities to be trusted across different domains and systems. For example, a user may be able to use the same digital identity to access resources in both cloud and on-premises environments.

6. Auditing

Continuous monitoring and auditing are essential to reduce vulnerabilities, avoid security threats and breaches, and comply with different cybersecurity standards and frameworks. For example, you may monitor logs of your web applications to detect any suspicious login attempts.

An eWallet, or digital wallet or digital identity wallet, is an application that allows you to digitally store and present your identity in a seamless way.

What can we store in eWallets?

Leveraging modern technologies, like verifiable credentials, eWallets can store all kinds of identity information, including passports, identity cards, licenses, university cards and even marriage certificates.

How do eWallets work?

eWallets use strong cryptographic techniques to verify a user’s digital identity information with the requesting service or application. However, this verification happens behind the scenes. All the user has to do is tap a button on the wallet application.

What are the benefits of eWallets?

• eWallets encrypt identity information both at rest and in transit. This protects against fraud, identity theft and other information security threats.
• eWallets make it easy to verify your identity without having to carry physical documents. This can save time and hassle.
• eWallets enable selective disclosure of attributes, which minimizes the need to share entire identity documents for simple verification purposes.
• eWallets store digital identifiers in a standardized format, which fosters interoperability and cross-border recognition.

In our increasingly digital world, it’s crucial to use modern IAM solutions to protect digital identities. Let’s explore some of these solutions.

Access Management (AM)

An AM solution controls access to resources and applications using the principle of least privilege and implementing various authentication and authorization methods. It offers the following features for digital identity management:

• Fine-grained and time-bound assignment of privileges to identities based on the user’s role or job function, or based on specific attributes associated with the user, such as location or device being used.
• Centralized definition and management of digital identities, allowing users to access resources across various systems using their primary identity provider’s credentials, improving user experience and security.
• Support for different authentication mechanisms, including LDAP, OAuth and RADIUS.

Privileged Access Management (PAM)

PAM tools focus on privileged identities, including root users, service accounts and administrator roles. Unique features of PAM are:

• Just in time (JIT) access for privileged identities, limiting risk exposure.
• Ability to monitor, record and replay privileged sessions.
• Safe storage of privileged identities in dedicated credential vaults to prevent lateral movement by attackers.

Identity Governance and Administration (IGA)

IGA solutions focus on managing and governing identities, roles and entitlements across an organization. Some IGA features for digital identities are:

• Assign permissions to identities based on pre-defined roles.
• Ability to track, review and certify user accesses and permissions.
• Automated provisioning and deprovisioning of identities.

Active Directory (AD) Management

For organizations that use AD/Azure AD for authentication and authorization, AD management solutions are a great tool for securing digital identities. Here are some of their useful features:

• Fine-grained privilege assignment to AD identities (users and groups).
• Monitoring of AD activities and changes for any suspicious activity.
• Ability to integrate an AD server with other IAM tools, including cloud identity providers.

The traditional concept of digital identities in cybersecurity was limited to organizational networks, where they were used to authenticate and authorize users. However, modern eWallet applications have made it possible to use digital identities in a wider range of contexts, such as accessing online services, applying for visas and verifying nationality.

As more specifications, like verifiable credentials, are released in the future, we can expect digital identities to become even more prevalent.