Child pages
  • Remote Proofing Definitions and Concepts
Skip to end of metadata
Go to start of metadata

Identity Proofing:

IAAF definition:

Identity proofing is the process by which an IdPO or its designated Registration Authority (RA) or Registration Authorities associate a particular physical person with an existing Identity information record in the IdPO's IdMS database, or obtains and verifies the personal information required to create a new record for that physical person.

AACRAO definition:

"Identity proofing" is the act of verifying the physical identity of a person -- for example, by using photo identification -- and ensuring that information on the ID (e.g., address) corresponds to that in the vetted identity dossier.  "Credential binding" is the process of extablishing two further crucial links: One between a specific known physical person and a digital credential (today, most institutions rely on a single credential pair:  user name and password) and theo other between the digital credential and the identity dossier. -- from AACRAO article.  

These are general definitions that do not address the question of how identity proofing and/or credential binding might be accomplished remotely, that is, where the subject is at some significant geographical distance from the registration authority doing the proofing and binding.

In Person Proofing:

IAP definition:

The RA shall establish the Subject's IdMS registration identity based on possession of a valid current government photo ID that contains the Subject's picture (e.g., driver's license or passport), and either an address or nationality.  The RA inspects the photo ID and compares the image to the physical Subject....  

In other words, the person being verified is in the same physical location as the person doing the verification; the verifier compares the photo on the ID to the actual person.  This is the most commonly described method of in person proofing that I've read about.

Remote Proofing:

Remote proofing is verifying the physical identity of a person, as in in person proofing, but doing so without the person being verified having to be in the same location as the person(s) doing the verifying.  In the IAP, the method described involves checking a combination of government ID numbers and financial account numbers against records obtained through the "applicable agency or institution or through credit bureaus or similar databases."   This appears to based on NIST 800-63.  It seems to be difficult to arrange access through the variety of agencies and governmental units that would be needed to really do this, especially outside the US.

Other proposals have involved cameras and/or videoconferencing of some kind.  These would seem to introduce an increased risk of undetected impersonation.

In some cases it may be practical for the person to be verified to avoid having to travel to the main campus by having the verification performed at a location closer to home, such as a satellite campus, a notary or similar service, etc.  To me this is more like in person proofing by proxy or something.  Still, it may be a workable solution that can greatly reduce the inconvenience to the user.

  • No labels