Every business and social transaction is carried out by people. People are known by their identities. Hence, identity drives every business and social interaction.

In today’s digital age, an individual’s identity is not defined by a single attribute such as a name, address or user ID. Rather, it is a collection of attributes including, but not limited to, name, age, financial history, work history, address history and social history. These attributes work together dynamically to define an individual in a particular business or social interaction.

Identity Management in a Decentralized, Digital World

Individuals generally have little or no control over the information that comprises their identities. Without visibility into the exchange of identity attributes across the enterprise for authentication, verification and authorization, individuals are vulnerable to identity fraud.

Another challenge is that identity data is typically decentralized. The Department of Motor Vehicles issues drivers licenses, for example, while the Department of Homeland Security issues passports, banks track financial histories, and so on. Most of these organizations have isolated and centralized identity management systems, but the current landscape demands federation and single sign-on (SSO). This makes identity management, protection and verification very cumbersome, costly and risky for all industry enterprises and government agencies.

Reimagining the Future

To address these challenges, we must reimagine the future of identity management across all industries. This sweeping transformation requires the widespread adoption of technologies such as:

  • Cognitive applications that collect data from cumulative online interactions to simplify and expedite routine tasks such as filing taxes while also reducing errors and system fraud;
  • Systems for user-controlled payment so that acquiring a new credit card no longer requires a lengthy process of changing payment information for each recorded service account;
  • Applications that simplify transactions such as car purchases by verifying identity, credit, title and insurance, and obtain approvals with trusted identity profiles to shorten the buying process from hours to minutes and significantly reduce paperwork; and
  • Holistic health care applications that give doctors and pharmacists access to patients’ electronic medical records. This would allow care providers, pharmacists and patients to track dosages, receive automatic alerts for missed or incorrect dosages, monitor possible adverse drug interactions and even help prevent addiction.

Two Fundamental Principles of Trusted Identity Management

The scenarios imagined above are possible and can be delivered with an increased focus on two fundamental principles.

1. Self-Sovereign Identity

The self-sovereign identity principle empowers individuals to take full ownership and control of their identity information. Custodians can provide and verify identity attributes, but an individual’s actual existence does not depend on these details. Individuals can control how these attributes define them in the context of a business or social interaction.

Initially, it may not be plausible to put the entire burden of identity management on individual users, but we must start with systems built on user-permissioned data models in which consent is essential.

2. Distributed Trust Model

Since identity is decentralized by default, it’s critical to establish trust among users, identity providers and relaying parties. This way, all parties can use an agreed-upon set of identity attributes to authenticate, verify and authorize individuals to perform business or social transactions.

Building Trust With Blockchain

The best way to implement the distributed trust model for decentralized identity management is to use distributed ledger technology, or blockchain.

A permissioned blockchain technology provides core capabilities that enable a trusted digital identity network to build and operate:

  • A shared, append-only ledger with one version of the truth shared across all permissioned network participants in real time;
  • Smart contracts that ensure that verifiable and signed business logic is executed in each transaction;
  • Trust between known participants to verify transactions and ensure records are valid; and
  • Privacy and security measures that grant access only to permissioned parties.

These capabilities deliver the following required values for trusted digital identity:

  • User-centric design, which allows users to control their identity profiles and attributes;
  • Dynamic validation of identity and transaction data and ongoing validation of information leveraging smart contracts to update trusted data in real time;
  • Trusted digitization, which enables processes to become fully digital while maintaining trust in the data items;
  • Auditable records to provide for validation;
  • Controlled visibility, or the ability to verify identity without disclosing actual data; and
  • No hierarchy — unlike a database with a single point of control, all participants have the same capabilities.

Digital identity networks built on blockchain drive trust among business and social enterprises by leveraging shared ledgers, smart contracts and governance to standardize management and reduce the cost, risk, time and complexity of decentralized identity management.

Request a blockchain for digital identity consultation

More from Identity & Access

“Authorized” to break in: Adversaries use valid credentials to compromise cloud environments

4 min read - Overprivileged plaintext credentials left on display in 33% of X-Force adversary simulations Adversaries are constantly seeking to improve their productivity margins, but new data from IBM X-Force suggests they aren’t exclusively leaning on sophistication to do so. Simple yet reliable tactics that offer ease of use and often direct access to privileged environments are still heavily relied upon. Today X-Force released the 2023 Cloud Threat Landscape Report, detailing common trends and top threats observed against cloud environments over the past…

Artificial intelligence threats in identity management

4 min read - The 2023 Identity Security Threat Landscape Report from CyberArk identified some valuable insights. 2,300 security professionals surveyed responded with some sobering figures: 68% are concerned about insider threats from employee layoffs and churn 99% expect some type of identity compromise driven by financial cutbacks, geopolitical factors, cloud applications and hybrid work environments 74% are concerned about confidential data loss through employees, ex-employees and third-party vendors. Additionally, many feel digital identity proliferation is on the rise and the attack surface is…

X-Force certified containment: Responding to AD CS attacks

6 min read - This post was made possible through the contributions of Joseph Spero and Thanassis Diogos. In June 2023, IBM Security X-Force responded to an incident where a client had received alerts from their security tooling regarding potential malicious activity originating from a system within their network targeting a domain controller. X-Force analysis revealed that an attacker gained access to the client network through a VPN connection using a third-party IT management account. The IT management account had multi-factor authentication (MFA) disabled…

CISA, NSA issue new IAM best practice guidelines

4 min read - The Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) recently released a new 31-page document outlining best practices for identity and access management (IAM) administrators. As the industry increasingly moves towards cloud and hybrid computing environments, managing the complexities of digital identities can be challenging. Nonetheless, the importance of IAM cannot be overstated in today's world, where data security is more critical than ever. Meanwhile, IAM itself can be a source of vulnerability if not implemented…