by Martin Sandren
If you have been working in the IAM space for a while it is quite interesting to see how some trends are born, gather momentum, and break through to the mainstream, while other trends fizzle out at some point in their lifecycle.
Back in 2015 one strong emerging trend was social registration and login. The basic concept was to make it easier for potential customers to sign up for your product by leveraging the fact that the customers already had provided key info to their social network of choice. Instead of typing the same info into your interface the customer could simply share the already provided information. The customer could also leverage their social network to facilitate the login through social logins which meant that they did not have to remember a separate password. The most important social data providers varied in different markets but Google, Facebook, and Twitter were important in most European markets.
In 2015, many enterprises bought entire CIAM platforms whose core functionality was social registration and social login. The conventional CIAM players struggled to incorporate social features in their products to compete with the newer platforms and there were even projects where social logins were built as custom additions to conventional CIAM platforms by professional services teams.
A few years later, the lure of social login and registration was significantly diminished. Consumers are less interested in sharing information between different platforms and in many markets, such as in Germany, the business may feel that sharing information with the American FAANGS may have dangerous privacy implications.
Meanwhile, there has been a budding movement for self sovereign data where the individual consumer has control of their own data in some form of a data wallet on their smartphone. The consumer makes the choice of what data they want to share with whom through consent flows.
This movement did not really take off due to the simple chicken and egg challenge that in order to make it attractive for providers to support the setup you needed a significant consumer population, and in order to make it attractive for consumers to bother with installing and populating the wallet you needed a significant service catalogue.
In some markets there were digital identity solutions that were successful i.e. the BankID solution in Sweden and Norway and the DigID solution in the Netherlands. These solutions managed to create a significant penetration into the consumer market and achieve critical mass amongst the service providers.
Over the last couple of years the self sovereign identity movement has morphed into the decentralized identity approach and has gotten support from a number of important regional and global players. One example of an important regional player is Datakeeper from Rabobank in the Netherlands and the strongest global proponent is probably Microsoft. The European Union is also a strong proponent of an interoperable European Digital ID.
Over the next year we will see if the decentralized approach manages to reach critical mass in any significant markets and become an interesting proposition for consumers, and therefore a must have integration for service providers and CIAM vendors.
Domain Architect IAM, AholdDelhaize
Martin Sandren is a security architect and delivery lead with over twenty years of experience of various information security related roles. Primarily focused on security architecture and digital identity including global scale customer, privileged and employee IAM systems using Microsoft Azure Active Directory, Sailpoint, Saviynt, Forgerock, IBM and Oracle security stacks.
Experience includes architect, onshore and offshore team lead as well as individual developer. Wide international experience gained through having lived and worked in Sweden, Germany, UK, USA and the Netherlands. Martin is a frequent speaker at international conferences such as Consumer Identity World, MyData and European Identity and Cloud Conference.
In my role as IAM engineering manager I lead our global team of IAM engineers and BAs who continuously strives to provide quality IAM services to our 750 000 associates in 20+ opcos.
Martin Sandren is a board member of the IdNext foundation, founder of the Digital Identity Amsterdam meetup and active within IDPro.
Learn more and sign up at: https://www.meetup.com/Amsterdam-Digital-Identity-Meetup-Group/
IDPro is a professional organization for practitioners of Identity and Access Management
Submit an article to the #IDPro #BodyofKnowledge and help to expand the wealth of knowledge available for #DigitalIdentity professionals. Work alongside other #IAM industry pros to build your article and receive guidance from the IDPro team. Learn more: https://bit.ly/3LATsTE
Selective disclosure, ZKP, oh my!
Join @dfett42 & @vibronet as they explore privacy preserving measures and SD-JWT, the latest spec Daniel is coauthoring, #IdentityUnlocked is brought to you by @auth0, in partnership w @openid & @idpro_org. https://bit.ly/3SJF92E
Become a member of #IDPro today #DigitalIdentity organization and receive great benefits including access to our #IAM #Slack channel, #identity event discounts, and more! Learn about the benefits today: https://bit.ly/37ms8cQ
October is National #Cybersecurity Awareness Month, encouraging people and organizations to do their part in protecting cyberspace, stressing personal accountability, and taking proactive steps to enhance cybersecurity. Learn how to participate here: https://bit.ly/3wDF0Fy
.@IdentityWeek_ID America is a conference and exhibition bringing together the brightest minds in the #DigitalIdentity sector to promote innovation, new thinking, and more effective #identity solutions. Register for the event: https://bit.ly/3ouTmDO