Identity is a malleable concept with an irksome tendency to morph whenever you look at it too closely. What I understand from your description is that you want to be able to track back some actions (i.e. "applying for a job") from a random network user back to the actual individual, in such a way that, should the job application be fake in some way, you have enough leverage to appropriately punish the perpetrator. Or, more accurately, you need to convince a priori the users that you will be able to track them down and, at least metaphorically, break their kneecaps.
Whatever the way you take the problem, part of it lies in the "physical world" (outside of the computers) so it is going to be hard and expensive.
The complete theoretical solution is to have some detectives do the tracking, which is feasible for the Long Arm of the Law but usually not for private business entities, because basic "network users" are identified solely by the incoming IP address, and to link that to a physical identity you must have a look at the ISP log files -- which requires a warrant, or indelicate accomplices. This is said not counting issues with connections from foreign countries (once you know that the connection came from China, well... you do what, exactly ?).
Thus, due to the impractibility and cost of true detective work, you will have to leech on an existing infrastructure which provides the authentication you need. My first thought is about banks. It goes thus: have job applicants pay you a minute sum (say 0.01$) with their credit card (or through Paypal or any other similar banking system). This has several benefits:
- The payment operation leaves traces in many places.
- Since a transaction was implied, it could help to legally qualify fake job applications as "fraud" (ask your lawyers, they will tell you that this is very good, with a gleam in their eye and a bit of frothing).
- Credit card numbers are routinely stolen but you can get insurance against that.
and, last but not least:
- People (at large) already know that "you don't mess with the banks". This makes the detection system proactive (you would like to authenticate people, but, even more, you would really prefer that they do not try to lie in the first place).
A conceptual note: as you say, you "know nothing about who is applying". That's the root issue: how can you define a proper identity notion if there is nothing to identify (to be precise, you do know something about the applicants: their IP addresses; but that's not much). Hence the path to the solution: have the applicants commit some information about them. This is what the banking solution explained above is about.