Are you in control of your identity?
At VeriMe we believe it’s time researchers took that control back.
VeriMe is a cooperative built by researchers and research infrastructure professionals who understand both the daily realities and systemic needs of digital scholarship. I’m one of VeriMe’s cofounders, and for well over a decade I’ve worked on the trust infrastructure that powers research collaboration. Now, we’re inviting early adopters to help shape the future of identity in research by joining us as pre-launch testers, partners, and co-designers. Read on for a glimpse into what we are building and how to get involved.
We’re creating VeriMe as an open-by-design identity verification system to give researchers a privacy-preserving, portable way to prove who they are online.
We started with a simple question:
Why shouldn't researchers control their own identity verification?
Picture this: You're at the airport with no bags to check and you need to get your boarding pass. You either stand in line for an in-person check-in or the airline offers you the online verification. You choose the online check-in, photograph your ID card or scan your passport chip, and perform a proof of liveness check with your camera. When the airline confirms that your information matches, they issue your boarding pass.
Think about what just happened in this ceremony of proving you are.
The airline controls the entire verification process and now they own the results. Not you. All you possess is the boarding pass for the flight. If you fly with another airline on a different itinerary that same day, you have to do the identity proofing all over again.
This repetition of having to prove who you are creates an illusion that you are in control of your proof of identity, when in reality it’s the requestor in control.
What if we flipped that script and you took control?
Inverting Control to Researchers
This "inversion of control” places researchers in the role of stewards of their own identity verification just like they are in the real world holding their passports, drivers licenses and other identity documents and choosing where to present them.
Having parity between real world and online is BYOIP - Bring Your Own Identity Proofing.
Building Privacy First Matters
VeriMe isn’t a retrofit.
One of our core values is putting privacy first, an ethos found in our designs, development, and operations. We started with contemporary principles in privacy policies and practices and went further, placing governance into the hands of our members as a coop. This foundational work ensures that we are building a reliable and sustainable infrastructure that can be trusted to support BYOIP.
By creating our Privacy Policy now, before we finalized our launch features, we created a navigational map to help maintain alignment and operational guidelines to build with. Research is a global endeavor which means our viewpoint needs to be as well. In aid to this we certified our privacy policy with the US Department of Commerce International Trade Association Data Privacy Framework, with VeriMe listed on their website.
Privacy as an Applied Practice
Putting this into practice is not without prior art. Strong security models are layered and applied in depth for a reason. It works and fosters overall resilience systemically. As privacy practitioners we’re applying this same approach in VeriMe’s platform and systems. If one layer experiences a problem, others have an opportunity to protect.
Overarching to this is transparency. VeriMe’s approach is to offer a clear view with data controls at the front and center so you know what you are saying about you, and to whom, with an audit trail.
Offering an attestation of your presence or personhood does not mean you reveal everything about the documents used and what’s on them. Identity proofing is about their presentation, having them proven as valid, and linking them to you. This process has a tremendous amount of identity information and not everyone needs to see the details. Just the result.
VeriMe’s approach to convey the result is to condense the information model used in attestations so users can easily navigate what they are sharing. This affords the consumers on the receiving end clarity about what is being attested to.
We have two styles of attributes about a person: evidence markers and validation values, each being true or not true:
Evidence markers: not released, used in calculations, are fine grained yes / no statements like ‘is multi-factor authentication enabled?’ or ‘is email validated?’.
Validation values: composed of a set of one or more evidence markers or other Validation values. All markers within the set must be true before the Validation value is set to “true”.
To assist researchers using the VeriMe service, we have designed an interactive data controls console. It presents Evidence marker values, Validation values, and creates a common place to manage BYOIP, including transparency and control over the attestations available to data consumers.
The Call to Community
We are just beginning this journey. We think we are grounded in our approach to identity verification for user BYOIP. Our goal is to elevate the entire research community by increasing the quality of identities in them, all with researcher oversight. But we cannot build in isolation. Dialogue and working with our community is essential.
What can you do?
We welcome you to review our privacy policy and principles, not just as legal documents, but as the architectural plans for how we operate.
We would love to have you join us as a launch partner and test our APIs in your offering.
We are seeking researchers to serve as pre-launch testers. In exchange, we’ll waive your first year Membership fee. Please contact us if you are interested.
Your insights help shape not just what we build, but how we build. Because ultimately, identity verification should serve you, not the other way around.
About the author:
Chris is one of the co-founders of VeriMe. He is an Identity Architect with over a decade of experience with identity technologies, standards, operating national level services, and he mentors the next generation of identity practitioners.
