Your Digital Identity is like your passport when you travel abroad. A passport provides the security officer at an airport with a means to verify who you are, check if you have the right to enter the country, what you are allowed to do f.i. business or stay for pleasure only, and how long you are entitled to stay.
Officials, working for your government, issued your passport. Unfortunately not all passports are accepted in all countries. Some countries just don’t have sufficient trust in other countries. The same applies to Digital Identities f.i. your Facebook account has not established that you are who you say you are (on Facebook). For many purposes this is sufficient.
When collaborating digitally across organisational borders, often you want to ensure that persons are who they say who they are. Like with entering your holiday destination there can be different requirements and therefore different approaches to the use of digital identities.
The “Visitor” approach: A person is granted access to a specific resource or document for a specific period of time. This could be an e-mail containing a link sent to that persons e-mail address. Typically you would use this to share ad hoc non-sensitive materials.
The “Visa” approach: A person can request access to your systems. This will trigger an approval process to check whether the person is entitled to the access and whether there is a valid reason and sponsor for the request. The person will then be provided with a digital identity, potentially with additional security measures like a token. An example for using this approach is when there is a specific joint project you are collaborating on. This provides full control over that persons access privileges.
The “Trust, but verify” approach: You use another company’s digital identity to create a new digital identity for a co-worker that signs up. Periodically you verify whether this person is still employed by sending a verification email to their work e-mail. This works for situations where you provide a more or less generic service to many employees of your partner(s).
The “Schengen” approach: You have agreements to trust another company’s digital identities. You also trust their process to give a person an account. For example your co-workers can use a shared service, f.i. Skype for business, to collaborate with co-workers from another company.
The “Digital Passport” approach: The person has been provided with a verified digital identity (e-ID) by a certified organisation. Like with a travel passport or an identity card it has been assigned to a specific person. Such a document can be used for other purposes as well f.i. opening a bank account or renting a car. This approach is for example used to conduct official business like digitally sign for a contract. Next to this you also verify if the person is allowed to sign on behalf of their organisation. This type of Digital Identity is needed for Digital Signatures.