The Next Wave of Identity Management Must Meet the Goal of One True Identity

November 15, 2016
| |
3 min read

The dawn of the third wave of the internet demands a new approach to identity management that recognizes the dramatic ways in which our use of the web has evolved and the importance of identity as both an asset and a risk.

Making Waves

During the first wave (1995–2005), identity management was basically done at the account level. People recreated profiles on each website they accessed and had little control over how that information was used. Each site typically required a different authentication process. The site owners held all the cards.

In the second wave (2005–2015), the arrival of social networks and software-as-a-service (SaaS) applications gave service providers ways to build much richer digital identities by aggregating information from multiple sources. However, this process was often clunky and opaque. Users didn’t know what information was collected about them or how it was used. Concerns about privacy violations sparked suspicion and even legislation.

Federated identity models from social networks like Google and Facebook enabled users to traverse services quickly and to control aspects of what they divulged, but many people didn’t understand the process. Technology was developed to give IT organizations the ability to manage authentication to cloud services behind the firewall, but these identities weren’t integrated with the ones people used outside the workplace.

Three New Assumptions About Identity Management

The third wave of identity management must be built upon a set of three new assumptions: hyperconnectivity, data-driven business platforms and contextually driven interactions.

1. Hyperconnectivity

All kinds of devices will be connected in a constantly changing mesh with few boundaries. Users will access the network not only from their PCs and mobile devices, but also from their automobiles, refrigerators, ATMs and home security systems. Maintaining individual logons for each entry point is impractical. Intelligence must move into the network so that authentication is simple and transparent.

2. Data-Driven Business

Data-driven business platforms provide value through the application of big data to individual needs. For example, a travel company may automatically suggest flights, hotel reservations, restaurants and airport transportation based solely on the knowledge that the user must be in Houston at 2 p.m. on Wednesday, along with that person’s known preferences. Or a retailer could suggest anniversary gifts for a spouse based on known likes and dislikes derived from activities across numerous other sites. In all cases, the individual controls what information is revealed and how it is used.

3. Contextually Driven Interactions

Contextually driven interactions simplify processes by using identity information within context. For example, the process of buying a car could be cut from hours to minutes by combining necessary information from credit, insurance and government databases into on-the-spot approval. Or health care providers could exchange patient information with each other that would help them provide safer and more effective treatments.

The Next Wave

Underlying all these applications is full user permissions in a form that is both easy to understand and quick to apply. This recognizes an important development of the third wave of the web: Personal information is now an asset. People understand that details about their identities and their actions have value, but they don’t know how to govern its use.

Legislation like the General Data Protection Regulation (GDPR) in Europe and the Health Insurance Portability and Accountability Act (HIPAA) in the U.S. came about because people didn’t have enough control over their personally identifiable information (PII). An identity management architecture that gives them that control at a fine-grained level would eliminate much of the need for further legislation. The success of the third wave will depend upon technology solutions that protect PII data and anonymize users while still offering latitude for safe data sharing with the consent of all parties.

According to the Accenture report “Digital disruption: The growth multiplier,” about one-third of the U.S. economy is now digital, and other developed nations are close behind. Even greater opportunity exists in extending digital identities to the estimated 1.5 billion people worldwide who don’t currently have one. Secure, flexible identity management is essential to unlocking this potential.

Read the white paper: The GDPR is coming — and sooner than you think

Denis Kennelly
VP of Development, IBM Security

Denis Kennelly is VP of Development for IBM Security Systems. Denis has 25 years experience in both the IT and Telecommunications industries. During this tim...
read more