Quick Definition
Identity as a signal is best understood a continuous data stream that measures the likelihood that the human being behind a computer identity is the right person.
Contrast this with point in time authentication where you can be reasonably sure at the moment of authentication and then your confidence drops over time. The signal, whether it be continuous or discrete, is actually a computer log that gets fed into a SIEM. Security teams are constantly analyzing steams of logs coming in from all over the network to look for patterns indicating a hacker is present. Point in time authentications logs present valuable forensic information about what identities are accessing on the network, but they fundamentally lack any indicator as to whether the right person is behind the identity. As such, they have limited value in actively detecting intrusions. The continuous “authentication” log is much more valuable from a forensics standpoint because it explicitly tells you how likely it is the right user was behind the identity.
