Adaptive Digital Identity Verification Reference Architecture (ADIVRA) Framework

Publication Type:
Thesis
Issue Date:
2021
Full metadata record
Digital ecosystems comprise interacting actors such as organizations, people and things that are supported by digital platforms. The interconnection of actors may involve sharing personally identifiable information such as digital identity information for verification within the digital ecosystem. One of the key privacy challenges in digital ecosystems is the verification of a digital identity in a manner that is secure and compliant with regulatory requirements. The identity verification process is compromised if personally identifiable information is lost, which can lead to identity theft and more serious instances of data breaches. Therefore, a practical digital identity verification solution should enable secure digital identity verification for actors operating in the inherently complex and diverse regulatory environment of digital ecosystems. Several research and industry initiatives have been taken to address this challenge however, there is a lack of capability in existing solutions and guidance for implementing a digital identity verification solution that can comply to regulatory requirements and securely verify an identity without storing personally identifiable information. Hence, this thesis aims to address a pressing research need: how to ensure regulatory compliance and the privacy of personally identifiable information involved in digital identity verification in a digital ecosystem? This thesis aims to address this practice-oriented research question by proposing an adaptive digital identity verification reference architecture (ADIVRA) framework. The ADIVRA has been incrementally developed by the iterative cycles of build, intervene, and evaluate, reflection and learning, and the formalization of learning research activities following the principles of well-known action design research. ADIVRA comprises three main components: Assess, Design and Evolve. The Assess component helps to assess the environmental risks and gaps. The Design component fills the gaps identified by Assess component. The third and final component of the ADIVRA framework is Evolve, which analyzes the changes and identifies the adjustments against changing privacy risks, regulatory requirements, and business needs. The proposed ADIVRA framework is evaluated via design and review workshops in industry partners’ organizational settings and industry experts’ field survey. The results of this evaluation indicate that the proposed ADIVRA framework could be helpful for guiding the development of adaptive digital identity verification solutions that are privacy aware and support regulatory compliance. ADIVRA is intended for use by industry practitioners, law makers, regulators, and researchers as a comprehensive reference architecture for developing privacy aware and regulatory compliant digital identity verification solutions.
Please use this identifier to cite or link to this item: