If you come from a software engineering background, the tradeoff between requirements, quality and delivery dates is one you’ll be intimately familiar with. In corporate or transaction law, there is a natural tension between facilitating deals promptly and with least friction whilst satisfying critical legal and policy obligations. Investment professionals balance risk against return with every trade they make or advise.
I’m increasingly struck by one of the balancing acts we need to perform in the digital identity profession: ‘knowing’ who someone is, whilst affording them an appropriate level of privacy and security.
“Appropriate” and “knowing” are perhaps dangerous words to use: they are open to wide interpretation, and will change with context. Different transactions have different needs; different societies or interest groups have different sensitivities and tolerances.
There is, however, an increasing and noticeable trend in the direction of the use and sharing of ‘verified’ attributes which warrants careful consideration. There are absolutely cases where such sharing has value – permissioned sharing in the provision of financial services, for example, holds much promise in terms of driving down the costs of regulatory compliance, providing better security and improving customer service and access. There are also examples where the quid-pro-quo is perhaps less clear – age verification? Registering an account to read an online publication (not comment – just read)…?
There are other areas where balance is important. In this month’s issue, you’ll find the second part of Ken Robertson’s series on Privileged Access Management (if you missed Part I, you’ll find it in the January 2018 issue). PAM is a critical part of an identity (and system) security strategy; as Ken points out, the success of a PAM program depends in part on understanding which systems to protect first; how to protect legacy systems; and which technologies will best fit the needs of the organisation as a whole. In other words: balancing the identity security priorities against the other daily needs of the business.
Finding balance is one thing, keeping it is another! These are hard questions – finding answers (and convincing others that you are right) takes time, effort, and energy. It’s all too easy to sit back at that point – but circumstances change, technologies evolve, challenges mutate. Sometimes, that means the answers will change too. That doesn’t mean the original answer was wrong; just that it’s wrong now. It’s OK to course-correct, if that’s what the situation requires.
Of course, you might also find you need to balance a change of direction against a strongly held principle… but in the interests of balancing my desire to get into the topic of ‘principled identity management’ and the word limit for the editorial, perhaps I’ll leave that to another time.
Chair, Editorial Committee
Board Member, IDPro
IDPro is a professional organization for practitioners of Identity and Access Management
Submit an article to the #IDPro #BodyofKnowledge and help to expand the wealth of knowledge available for #DigitalIdentity professionals. Work alongside other #IAM industry pros to build your article and receive guidance from the IDPro team. Learn more: https://bit.ly/3LATsTE
Selective disclosure, ZKP, oh my!
Join @dfett42 & @vibronet as they explore privacy preserving measures and SD-JWT, the latest spec Daniel is coauthoring, #IdentityUnlocked is brought to you by @auth0, in partnership w @openid & @idpro_org. https://bit.ly/3SJF92E
Become a member of #IDPro today #DigitalIdentity organization and receive great benefits including access to our #IAM #Slack channel, #identity event discounts, and more! Learn about the benefits today: https://bit.ly/37ms8cQ
October is National #Cybersecurity Awareness Month, encouraging people and organizations to do their part in protecting cyberspace, stressing personal accountability, and taking proactive steps to enhance cybersecurity. Learn how to participate here: https://bit.ly/3wDF0Fy
.@IdentityWeek_ID America is a conference and exhibition bringing together the brightest minds in the #DigitalIdentity sector to promote innovation, new thinking, and more effective #identity solutions. Register for the event: https://bit.ly/3ouTmDO