Identity binding to verified identity
An identity-provider flow that issues a delegation credential binding a verified citizen identity to an agent operator, which relying agencies verify.
As agents act for citizens across government services, a relying party must be able to inspect both the agent and the citizen it represents, and to trust that the citizen is who they are claimed to be. The difficulty is tying a delegation to an identity verified to a defined assurance level, rather than to a username an agent could present for anyone.
A relying party needs confidence that the citizen an agent represents is who they are claimed to be, verified to a defined assurance level, so it can inspect both the agent's identity and the represented citizen's before acting.
Identity verification systems frequently rely on biometrics (facial recognition, fingerprints) that exclude people with certain disabilities, recent facial changes (surgery, injury), or older adults without the required identity documents, leaving them unable to establish the verified identity a delegation must bind to. Keep the path open with multiple verification pathways (in-person vouching, telephone verification with knowledge-based questions, trusted referee models), and the ability for a delegated human (carer, family member) to assist. This creates a bootstrapping problem where delegation requires identity verification, but identity verification may itself require delegation.
The separate representative and represented attributes are shown together, so a verifier can confirm both the agent's identity and the identity of the citizen it acts for before granting access.
No surface has been built yet; the approach above is the brief for one.
- Established Headline
For verifying a person's identity to a defined assurance level.
- Emerging
Modeling a representative acting for a represented person.
- Frontier
For binding an agent's delegation to that verified identity.
Login.gov (United States). Provides three service levels (authentication, basic identity verification, and enhanced identity verification) mapped to NIST Digital Identity Guidelines (IAL and AAL). Supports SAML and OIDC integration, holds FedRAMP Moderate ATO, and recently added passport-based remote identity verification (August 2025). It does not currently support delegation or agent authorization.
myID / Digital Identity (Australia). Australia's digital identity system, operated by the ATO. Combined with RAM (Pattern 2.5), it provides identity-verified delegation for business contexts. Identity proofing uses biometric verification against government-held identity documents.
EU Digital Identity Wallet (EUDIW) under eIDAS 2.0. By December 2026, all 27 Member States must provide citizens with digital identity wallets containing government-verified credentials. Delegation capabilities include Legal Person Identification Data (LPID) representing a business's identity or a mandate to act for a business; a Power of Representation Scope attribute set for representatives, carrying two attribute sets (one for the representative, one for the represented person); and Qualified Electronic Attestations of Attributes (QEAAs), which are cryptographically signed statements issued by Qualified Trust Service Providers asserting attributes including representation authority.
Caveat: the EU Digital Identity Wallet does not yet specify agent/representative delegation. Representation is ARF "Topic 23", with no specific requirements defined yet, and legal representation is out of scope of the current Trust Model. It is a planned/future use case, not a current capability.
The EUDIW's representation model is the most advanced for agent delegation because it explicitly models the representative/represented relationship as separate attribute sets. This could extend to agent delegation: the agent carries a credential attesting to the citizen's delegation, and the verifying agency can inspect both the agent's identity and the citizen's identity.
Login.gov and myID currently lack delegation capabilities: they verify "who you are" but not "who you can act for." For agent delegation, the identity provider must verify the citizen's identity, bind the delegation grant to that verified identity, optionally verify the agent operator's identity, and issue a delegation credential or token that relying parties can verify. The EUDIW's QEAA model could accommodate this: a Qualified Trust Service Provider issues an attestation that "Citizen X has authorized Agent Operator Y to perform actions Z until date W."
Without identity binding, an agent can act on an unverified or spoofed identity, opening the door to mass automated action against the wrong people. Binding every delegation to a verified identity at a defined assurance level closes that door.