What is identity orchestration and decisioning?
The notion of the identity ecosystem is not new. However, the alignment of data, APIs, and modern protocols has created a perfect environment for that identity ecosystem to thrive
Users of online services demand a simple, secure, and low-friction experience. They don’t want to go through a complicated onboarding process with the result that they must manage multiple digital identities, with personal data sprawl causing security and privacy issues. At the same time, services must establish trusted relationships at a level where they are confident to transact. Squaring an excellent customer experience with the security of a service is achieved using a layer within an identity ecosystem that orchestrates data and identities and that can make decisions based on ecosystem needs. This is known as an identity orchestration and decisioning engine (ODE).
How an identity and data orchestration layer works
API modules provide the framework for developing services and applications with customer identity and personal data. A framework to configure and deploy these services, with the right level of security and privacy, should be a fundamental part of the solution that employs an identity orchestration layer. Typical features inherent in a comprehensive identity orchestration and decisioning engine include the following:
- Protocol translation, covering all standard authentication and authorization protocols.
- Integration with data sources such as open banking and government open data.
- Integration with services for verification of personal data.
- Normalize data on behalf of ecosystem stakeholders.
- Rules that decide on the correct behavior of the system, including security and privacy.
- Facilitation of the delivery of delightful customer experiences
- Ability to easily onboard and connect commercial and government services, the customer, and data vendors together into a fully functioning ecosystem.
- An identity orchestration and decisioning engine should also act as a conduit, rather than a store of data, to enhance privacy and security.
Use cases of identity orchestration and decisioning engine
Banking data identity uplift and enablement
An identity orchestration and decisioning layer connect a citizen or online commercial service to thousands of banks using open banking. Bank APIs, particularly premium bank APIs, offer a rich data set that can be used to add verified identity data to new or existing identity accounts. Myriad opportunities exist to use banking data for identity transactions, including cross-jurisdiction bank account creation, data checks for age-restricted or location-restricted transactions, and KYC-level account creation.
Vouching-as-a-Service (VaaS)
Some people may find it challenging to get verified using online options such as CRA checks. Vouching-as-a-Service is an adjunct service connected to a citizen identity system to add offline and novel ways to verify people. VaaS can be achieved using an identity orchestration and decisioning layer. The ODE connects a citizen ID or consumer ID system to a Vouching service. Vouchers interact with this Vouching service to vouch for citizens or consumers who cannot be verified online. Vouchers include organizations such as educational establishments, healthcare clinics, government offices, or any other approved vouching entity.
Orchestration and decisioning of data sources
An identity orchestration and decisioning layer is designed to act as a conduit for identity data. As a SaaS solution, ODE serves as a framework to connect identity ecosystem stakeholders to various data and verification sources, including anti-fraud checks, mobile data, government data, banks, etc. A service based on an identity orchestration and decisioning layer provides choices for verification and improves the overall usability of a service, as well as cementing security and privacy.
Compliance and identity orchestration and decisioning
Regulatory compliance in security and privacy requires careful use of personal data. Identity services or services that rely on personal data to make transaction decisions are under compliance pressure to minimize the data used. This minimization must be balanced with security, ensuring that anti-fraud checks reflect the level of transactional security required. Meeting this balance is challenging and can result in non-adherence to data security and privacy regulations. An identity orchestration and decisioning layer provides the intelligence to balance compliance and customer experience. The ODE will adjust the behavior of the system to ensure that data is not stored, minimal data requirements are enforced, and consent is captured at the appropriate point in a user journey.
Wallet passes
Some identity orchestration and decisioning engines, like Avoco ODE can also be configured to issue wallet passes to Google and Apple wallets. For example, Avoco ODE AgePass uses bank data to capture age data, transforming it to age over or under to minimize data associated with the wallet pass. The AgePass is then issued to a Wallet and can be used as proof of age.
What is Avoco ODE?
Avoco ODE is a series of APIs that handle the integration of various data sources and verification services. Avoco ODE also handles protocol support and robust authentication to ensure trust is baked into the identity ecosystem. Avoco ODE is a low code data orchestration engine that turns online transactions into the kind of customer experience that builds business value, protects data, and simplifies identity-related transactions.
Avoco ODE connects people, data, and services.
Talk to Avoco about how identity orchestration and decisioning can help your organization build better identity services.