Identity Management is at the core of the secure IT infrastructure that every company, government agency and institute of higher education strives to achieve. The establishment of identities and distribution of those identities will be leveraged by virtually every substantive application and process throughout most organizations. The management of identities is also a critical part of how organizations directly interact with consumers and trading partners. It is hard to overstate the value of a well-designed identity management service…but the nature of these service are changing as we see the “cloudification of IT” and BYOD leading to a largely disappearing perimeter.
This leads to a future state of Identity Management that will be built on a flexible, accessible and portable foundation that integrates data from many environments and provides access for many identity consumers. We recommend our clients think of about this new model as an “Identity Utility”. It starts with a reliable and consistent means of collecting, organizing and disseminating data.
Key Identity and Access Management (IAM) architecture principles core to building this flexible “Identity Utility” include:
- The adoption of federated identity standards that allow the enterprise to decouple identities from existing applications and systems.
- Focus on attribute-based access control that leverages authoritative identity information regarding a person’s current affiliation with the enterprise in order to enable more fine-grained authorization capabilities in concert with a blockchain-based identity.
- A services-oriented, loosely-coupled IAM architecture that provides greater flexibility for adoption of emerging services and technologies and reduces the amount of enterprise churn currently associated with adoption of emerging authentication and authorization approaches.
Blockchain-based IAM doesn’t replace the target architecture described above; it simply provides another path towards achieving it. Blockchain-based IAM is in a very early stage of development but is moving very quickly as development efforts begin to prioritize its need relative to deploying successful decentralized applications and services.
Blockchain-based identity and access management services have the potential to be a valuable part of this new ecosystem by enabling the recording and distribution of trusted identities and associated information without requiring reliance on a specific centralized third-party authority. Blockchain-based identity services can extend the distributed management of identities associated with federation to include portable, flexible, self-contained identities that can be presented to many consumers of identities.
In short, the goal of enterprise blockchain-based IAM solutions should be to recognize a single, common, self-governed identity regardless of its origination. Further, enterprise security will operate at the outer-most bounds of the security perimeter, where authentication services that integrate data about the person and controlled by the individual using the identity come together. Finally, moving the collection of identity data from commercial companies and corporate enterprises could mitigate the liabilities associated and assumed by storing this data allows these networked entities to obtain only the data necessary to complete activities or execute transactions. We believe that blockchain will be a major component of next generation enterprise identity management programs, but it will take a few years for these solutions to become enterprise ready.
For more information on blockchain-based identity, TechVision Research is providing a link to our 19 page excerpt from our just published Blockchain-based Identity Management research report written by Doug Simmons and me: Blockchain Based Identity Management Report Excerpt