|Welcome & Antitrust Policy Notice
|Special Topic -
IAM and SSI: A Combined Approach to Digital Identity
- Presentation (Google Slides)
- Guest Presenters Presentation Slides
to be added when we receive them from the presenters
- This talk was based on an excellent paper Decentralized Digital Identity by Accenture
Judith Fleenor introduced the meeting with the Anti Trust rules governing our ToIP Foundation and then walked the members through the agenda and she shared the updates on our new members. Judith Fleenorshared the foundation wide announcements, OIX BLOG Post and Press release published today and The Technology Architecture Task Force is moving the ToIP Technology Architecture Specification to GitHub and will soon start accepting issues being posted and discussed, which should make it easier for other ToIP members (who are not in the TATF) to comment.
Drummond Reedprovided an update on the CTWG regarding leads to help drive the glossary efforts and the skills needed in order to help drive the goals of the Concepts and Terminology Working Group. He will be sending an email out to our All Members email to for those interested in engaging. Scott Perry asked folks to engage in all the Governance Stack WG meetings this week on Thursday.
Jessica Townsend introduced Gabe Albert and Lexi Ashpole to discuss Digital Identity from Accenture; they'll be speaking on IAM and SSI. Lexi Ashpole started by providing a brief introduction for her presentation on decentralized identity and Gabe Albert mentioned his focus on customer identity and what the future looks like within the community. https://www.accenture.com/_acnmedia/PDF-173/Accenture-Decentralize-Digital-Identity.pdf
Gabe mentioned that with the world moving into a digital world, he mentioned COVID-19 has accelerated the transition to digital with more and more transactions taking place online. He focused his discussion on three main items–user experience, cost savings and trust in business. He elaborated on details around these three main elements like onboarding personalization , portability and integration for user experience. Regarding cost savings, he went on to mention shared services, reduced repetition, reduced compliance overhead and accurate information. In terms of trust, he mentioned user choice on how/when to share information, fraud issues and transparency and traceability. He offered an illustration that highlights current issues surrounding identity like different standards across organizations in the ecosystem,. a lack of interoperability or portability, inconsistent data, undefined monetization models, how we trace and manage the data, cost, and data privacy. He went on to outline the insight into how today these processes are siloed. He shared an example of the challenges we face today, things like getting a job or opening a bank account, all of these processes exit in multiple industries, but there's limited alignment. He mentioned that they are advocating for digital identity so that we create a trusted, interoperable digital identity that can be trusted and provides online access to a wide range of services and platforms. The idea is to support the growing digital economy. Lexi AShpole came in to share this is the place where IAM and DID come together to help improve and support where we're going in the future. She presented three models–centralized, federated and then decentralized. The Centralized represents centrally governed identity system; where a single entity provisions and manages identity credentials. The Federated Identity Model- is where a trusted party compiles identity data and releases it according to a specific permission structure in order to enable consumer serves. Lastly Decentralized Digital Self-Managed Identity represents where the user is at the centre of the ecosystem with the ability to control and maintain. She shared an image that illustrates how they all work together to support the ecosystem and where they're embedded into how organizations operate today. The idea is to make the individual at the center of the ecosystem so that we have more integration and interaction points for the centralized and federated ID. Lexi went on to help explain who does what, SSI is about data sharing across multiple entities and IAM is used within a single entity. As we review a lifecycle, we start with an Identity Wallet, Identity Proofing, Credentials Issuance, AuthN and AuthZ. Decentralized Identity is across all but, AuthZ while Centralized focusses on Identity Proofing and Credentials and IAM focuses on AuthN and AuthZ. Lexi Ashpole, explained how this works together via a use case illustration that details how she shares her credentials with her new employer. The flow starts with the digital attestation (Identity Proofing) to the Credential Issuance phase from the Digital attestation in her digital wallet. That's then shared with her employer and then she received an enterprise credentials for work . Then we have an overlap with IAM and Decentralized Identity to accept a verifiable credential as a token. Employer attestation or credentials to authenticate for work. The user account permissions are checked before the task can be completed. then alter users federation to access her benefits portal. Lexi went on to share a diagram that illustrates a comparison between Consumer IAM, Enterprise IAM, Federated ID and Decentralized ID that details the Centricity of Entity, Control of ID Data, How the data is shared with others, acceptance of identity, trusted frameworks, examples, strengths and challenges across all areas. Gabe Albert provided the Accenture Framework for IAM/Decentalized ID across multiple entities and channels, this will be shared in the deck attached above. He mentioned that identity is changing and the way we use identity is changing from the rise of ecosystems and the acceleration of Digital due to COVID. He also mentioned that IAM and Decentralized Identity go hand-in-hand, and the future Digital ecosystems will rely on a combination of both. Decentralized Identity Enables sharing of trusted data across an ecosystem- early identity lifecycle; IAM Supports organization specific UX, compliance, and security needs - later stages of identity lifecycle.
Judith Fleenor thanked Jessica, Lexi and Gabe for the presentation and all their support and effort within the ToIP Foundation. Daniel Bachenheimer chimed in and mentioned that with Decentralized identity and remote authentication that we're unable to achieve the highest level of authentication when it comes to edge case restrictions. Gabe Albert agrees and shared that across organizations this effort is varied. Drummond Reed thanked the Accenture team and mentioned that he will be giving a presentation next week at a conference where he will be referencing the Accenture paper. He did however mentioned one element, some enterprises, the cross enterprise sharing is valuable inside (decentralized within organizations). Lexi mentioned that it depends on how siloed the organizations are in current state, dependent on the degree of siloed each entity is. Drummond Reed asked about terminology and how they're used at Accenture. Lexi mentioned SSI is typically how term at Accenture.
Up-Coming Speakers & Announcements:
Judith Fleenor went on to announce the following meetings and guest speakers. First, Human Experience WG - Guest Speaker June 16th 9.00 am PT (The Story of Palm Touchstone, told by Manu Chatterjee); Governance Stack WG - Guest Speaker June 16th 11 am PT (Accountable Digital Identity(ADI) Association - Governance presentation, Ramesh Kesanupalli, Co-founder - ADI Association, & CEO - Digital Trust Networks, Founder - The Fido Alliance); Utility Foundry WG - Guest Speaker June 21st 11am PDT, 2pm EDT, 8pm CEST (Hedera and the state of identity on distributed ledgers, Keith Kowal, Director of Product Management Swirlds Labs (Hedera)) and the next All Members meeting is a Special Topics meeting.