On the Internet, “nobody knows you are a dog”. There was and is a fundamental trust problem on the Internet. Enterprises spend trillions of dollars every year trying to properly allocate and remediate business risk based on trusting identity attributes (credentials) presented by employees, customers, and partners. And the problem is ready to take an exponential leap in complexity as billions (some say trillions) of connected devices and services present and consume identity credentials sans human intervention.
Traditional trust models based on the assumption that “the possession and presentation of credentials equals entitlement” are no longer sufficient, and in 2016 we began to see a new Trust over IP (ToIP) model emerge; one based on Decentralized Identity and verifiable credentials. As we began this update to our research on this topic, we wanted to answer these questions:
- Are Decentralized Identity services built on blockchain and leveraging verifiable credentials truly a better model?
- How should our enterprise clients factor these nascent technologies into their strategies and roadmaps?
Based on TechVision’s previous research (Blockchain Identity – 2016, Identity is the New Perimeter – 2017), interviews with key players, the progress we have seen in standards, consortiums and enterprise investments, and most recently face-to-face discussions at our 2019 TechVision Chrysalis conference, we believe Decentralized Identity shows promise as a way provide scalable, peer-to-peer trust across the Internet. On this basis, we recommended that enterprises:
- First get acquainted with the groups working on standards and ecosystems for attribute exchange and interoperability. Also, begin to investigate the early vendor offerings understanding that there will be a lot of volatility.
- Begin mapping you Enterprise IAM architecture and into a capabilities-based framework, such and the TechVision Reference Architecture, and iterate based on requirements, business needs, technology assumptions
that will change as decentralized identity is added to the mix.
- “Get you feet wet”; education, pilots, POCs…this is a potential game-changer and enterprises should be well prepared for this new trust model.