Five Identity Trends to Watch in 2018
2017 was an eventful year for efforts to move identity technology beyond its existing boundaries. As we enter 2018, I thought I would highlight a few of the trends to watch and how they evolved in 2017. To put this list together, I had the help of Phillip J. Windley, Ph.D, an enterprise architect in the office of the CIO at Brigham Young University and one of the co-founders of the Internet Identity Workshop (IIW). Here’s a rundown of the top five trends we discussed:
- Self-sovereign identity: DIF. One of several decentralized identity initiatives advancing in 2017, the Decentralized Identity Foundation (DIF) attempts to provide a measure of open-source-based interoperability among a number of decentralized identity systems, finding a common ground by growing the base of developer code. IBM joined DIF in October, and at the Internet Identity Workshop (IIW) that month, Microsoft’s Daniel Buchner hosted two unconference sessions outlining aggressive goals to integrate DIF into Microsoft identity systems. “The goal is to pave the cow paths of decentralized identity,” Buchner says.
- Like DIF, Sovrin is a decentralized global public identity utility, and it’s based on blockchain identity technology, which allows universal discovery. Windley, who chairs the Sovrin Foundation that manages the Sovrin-permissioned, blockchain-based registry, says adoption of Sovrin service is gaining momentum among financial institutions. They’re using Sovrin’s verifiable claims to mimic the same kind of decentralized, ad hoc identities used in real life, in a way that’s trustworthy and provides accountability. Aside from banking, other Sovrin use cases include verifying physician credentials and student transcripts, Windley says.
- GDPR– the European community’s General Data Protection Regulation (GDPR), due to take effect on May 25, 2018, aims to give control back to citizens and residents over their personal data, and to unify privacy regulations. A major component of GDPR still being finalized is the notion of consent, and how users grant and withdraw it. Kantara’s Consent and Information Sharing Working Group will be a prime problem solver in this area. Sovrin also has consent receipts built into its platform, Windley says.
- Identity in the IoT. The days of having to download a separate mobile app to manage some gizmo connected to the Internet will begin to go away. Internet of Things (IoT) devices will begin to be managed by the emerging identity platforms described above. The more flexible the host identity system, the easier it will be to pull IoT identities out of siloed administrative systems and into a more easily managed identity infrastructure. But these efforts will just be beginning in 2018. For instance, the most recent IIW was attended by GS1, the standards organization overseeing those barcodes in use everywhere today. At some point, all the communities that already identify IoT components will become more aware of each other and begin to collaborate on broader IoT identity platform standards, Windley says.
- User managed access (UMA) gives users more management capability over the access control rights that they grant. In August 2016, the Kantara Initiative released an early draft of the UMA 2.0 specification, which simplifies UMA to increase the pace of adoption. UMA 2.0 also greatly expands the number of use cases required for UMA adoption to thrive. With version 2.0, UMA is based on an extension grant of OAuth for the first time, which will provide organizations and users with a single place to go and see all their authorizations of granted access control rights. In the coming year, we’ll report on developments in UMA 2.0 adoption and how they’ll further benefit the identity community.
The 2018 Identiverse conference in Boston will cover all these topics and more. Until then, check back here for more in-depth coverage of major identity trends like these.
By Scott Mace
Updated with minor corrections on Dec 22, 2017
View More Posts