adam's notes

Identification
Who We Claim to Be
Identity Verification
Falsifying Identification

❯

❯

Identification

Identification is an assertion of who we are.

can include:
- who we claim to be as people
- who a system claims to be over the network
- who the originating party of an email claims to be

Who We Claim to Be

“Who we claim to be” is an assertion of an identity.

We can identify ourselves by:

full names
shortened names
nick names
account numbers
usernames
ID cards
fingerprints
DNA samples
etc.

Such methods are not unique, and even if so (fingerprints), can be duplicated.

Who we claim to be can be subject to change.

Women change their last name in marriage
change logical forms of identification: account numbers, usernames, etc.
change physical identifiers: height, weight, eye color, etc.

Important

Claim of identity alone is not enough!

Identity Verification

Identity verification is showing evidence of the identity claim, but not proving it is true.

a step beyond identification, but short of authentication
E.g., Claim to be John Smith, show ID of John Smith
Computer systems use identity verification too
aka Identity Proofing

Example

Passport identification

Can validate a passport against a database of passports

Gets closer to correctly identifying the person, but is not authentication

We know it meets general specifications, but we’ve taken no steps to prove the person is correct

The more we tend toward verification and away from authentication, the weaker our controls are.

Falsifying Identification

Methods of identification are subject to change and falsification.

E.g., minors using fake IDs

Graph View

Backlinks

Domain 2 - Access Controls
Identification and Authentication

Created with Quartz v4.5.2 © 2026

CC BY-NC-SA
adamfurman.me