ciam Archives - IDPro https://idpro.org/tag/ciam/ The Professional Organization for Digital Identity Management Thu, 24 Mar 2022 21:33:24 +0000 en-US hourly 1 https://idpro.org/wp-content/uploads/2023/07/cropped-idpro_stickerA-circle-100-32x32.jpg ciam Archives - IDPro https://idpro.org/tag/ciam/ 32 32 CIAM and decentralized identities https://idpro.org/ciam-and-decentralized-identities/ Thu, 24 Mar 2022 21:33:22 +0000 https://idpro.org/?p=1560 by Martin Sandren If you have been working in the IAM space for a while it is quite interesting to […]

The post CIAM and decentralized identities appeared first on IDPro.

]]>
by Martin Sandren

If you have been working in the IAM space for a while it is quite interesting to see how some trends are born, gather momentum, and break through to the mainstream, while other trends fizzle out at some point in their lifecycle. 

Back in 2015 one strong emerging trend was social registration and login. The basic concept was to make it easier for potential customers to sign up for your product by leveraging the fact that the customers already had provided key info to their social network of choice. Instead of typing the same info into your interface the customer could simply share the already provided information. The customer could also leverage their social network to facilitate the login through social logins which meant that they did not have to remember a separate password. The most important social data providers varied in different markets but Google, Facebook, and Twitter were important in most European markets.

In 2015, many enterprises bought entire CIAM platforms whose core functionality was social registration and social login. The conventional CIAM players struggled to incorporate social features in their products to compete with the newer platforms and there were even projects where social logins were built as custom additions to conventional CIAM platforms by professional services teams.

A few years later, the lure of social login and registration was significantly diminished. Consumers are less interested in sharing information between different platforms and in many markets, such as in Germany, the business may feel that sharing information with the American FAANGS may have dangerous privacy implications.

Meanwhile, there has been a budding movement for self sovereign data where the individual consumer has control of their own data in some form of a data wallet on their smartphone. The consumer makes the choice of what data they want to share with whom through consent flows.

This movement did not really take off due to the simple chicken and egg challenge that in order to make it attractive for providers to support the setup you needed a significant consumer population, and in order to make it attractive for consumers to bother with installing and populating the wallet you needed a significant service catalogue. 

In some markets there were digital identity solutions that were successful i.e. the BankID solution in Sweden and Norway and the DigID solution in the Netherlands. These solutions managed to create a significant penetration into the consumer market and achieve critical mass amongst the service providers.

Over the last couple of years the self sovereign identity movement has morphed into the decentralized identity approach and has gotten support from a number of important regional and global players. One example of an important regional player is Datakeeper from Rabobank in the Netherlands and the strongest global proponent is probably Microsoft. The European Union is also a strong proponent of an interoperable European Digital ID.

Over the next year we will see if the decentralized approach manages to reach critical mass in any significant markets and become an interesting proposition for consumers, and therefore a must have integration for service providers and CIAM vendors.

Martin Sandren

Domain Architect IAM, AholdDelhaize

Martin Sandren is a security architect and delivery lead with over twenty years of experience of various information security related roles. Primarily focused on security architecture and digital identity including global scale customer, privileged and employee IAM systems using Microsoft Azure Active Directory, Sailpoint, Saviynt, Forgerock, IBM and Oracle security stacks.

Experience includes architect, onshore and offshore team lead as well as individual developer. Wide international experience gained through having lived and worked in Sweden, Germany, UK, USA and the Netherlands. Martin is a frequent speaker at international conferences such as Consumer Identity World, MyData and European Identity and Cloud Conference.

In my role as IAM engineering manager I lead our global team of IAM engineers and BAs who continuously strives to provide quality IAM services to our 750 000 associates in 20+ opcos.

Martin Sandren is a board member of the IdNext foundation, founder of the Digital Identity Amsterdam meetup and active within IDPro.

Learn more and sign up at: https://www.meetup.com/Amsterdam-Digital-Identity-Meetup-Group/

The post CIAM and decentralized identities appeared first on IDPro.

]]>
Identiverse® 2022 https://idpro.org/identiverse-2022/ Mon, 29 Nov 2021 19:22:15 +0000 https://idpro.org/?p=1383 Identiverse 2022 is slated for June 21-24 in Denver, Colorado, and is anticipated to operate as a mainly in-person event.  […]

The post Identiverse® 2022 appeared first on IDPro.

]]>
Identiverse 2022 is slated for June 21-24 in Denver, Colorado, and is anticipated to operate as a mainly in-person event.  As with every year, the bulk of the agenda will be put together from proposals received through the open and public Call for Presentations (CFP), which will open for submissions in early December, and run until early January.  The content committee will then review submissions, and proposers will be notified of decisions in February 2022.

The conference this year will have a particular focus on Trust, which the Oxford English Dictionary primarily defines as a “Firm belief in the reliability, truth, or ability of someone or something; confidence or faith in a person or thing, or in an attribute of a person or thing.”

Questions of trust lie at the very foundation of our identity systems.  We trust standards bodies to develop protocols that will be useful, practical and secure.  We trust developers and vendors to build products, solutions and services that will implement those standards in performant, scalable and extensible ways.  We trust providers to deliver robust services that we and our customers can rely on.   We trust executives to listen and to support and fund the crucial work that we do.  And, of course, we develop and implement mitigations in case our trust is misplaced.

But trust is broader than this; and trust goes both ways.  As consumers and as citizens, we would like to trust that organisations won’t collect information they don’t need; that they will handle that data safely and properly; that they will keep pace with rapidly evolving best-practices in identity, security and privacy.  A world in which that trust is not assured is an uncomfortable world at best; and many people today live, work or interact in circumstances which are not inherently trustworthy. 

The OED has a secondary definition of Trust.  “To take on (also upon) trust (formerly also †to take up in (also upon) trust  †to receive in trust and variants): to believe or accept a statement, story, etc., without seeking verification or evidence for it.” (Emphasis added).  

Over the past 24 months, we’ve seen an explosion in digital identity assurance and verification programs.  Mobile drivers’ licenses, COVID and other healthcare passes and certificates, digital boarding cards, facial recognition for age verification and in-store check-out… the list is long, and it is growing.  As a result, we’re also seeing an explosion of interest in governance and interoperability within and between use-cases and sectors: trust frameworks, attribute mapping and matching, account linking and more besides.

These advances hold great promise to make our lives more efficient and connected; to reduce friction, and fraud, and risk.  But a balance is needed, too.  Trust is a fragile thing—hard to gain, easy to lose, difficult to rebuild.  Organisations and institutions must take care not to overstep the bounds of our trust, lest they lose our engagement and, in the end, our support.

Trust is an important topic, but it’s certainly not the only issue of note in the industry!  The topic focus each year for Identiverse infuses but does not dictate the agenda and the event.  New and emerging standards and architectures; deployment stories and leading practices; identity for connected devices; new approaches to privacy, security, devops, engineering; sector-specific identity practices in healthcare, manufacturing, government, education, financial services and more; and specific identity-related disciplines like CIAM, auth’n, auth’z, self-sovereign, IGA…. That list barely scratches the surface: and your proposals on these and many other topics will inform and contribute to the agenda.

This year’s content committee and I look forward to seeing your proposals; and I trust that we’ll be able to get together in person in Denver in June.

Andrew Hindle

Independent Consultant, Board Member IDPro

Andrew is an independent consultant specialising in digital identity, cyber security and privacy. He is a founding member, and Chair of the Board, of IDPro; he participates as a voting member of the User Managed Access Working Group at Kantara; and he is an active member of the Open Identity Foundation (OIDF).  Since 2015, he has been Content Chair for Identiverse®. Andrew has over 20 years experience in the software industry in a range of technical sales, pre-sales, product marketing and business development roles. He maintains CIPP/E, CIPM and CIPT privacy certifications with the IAPP; a CIDPRO certification from IDPro; and holds a BA in Oriental Studies (Japanese) from Oxford University and an advanced professional diploma in corporate governance. Outside of the world of identity, Andrew is Chair of Trustees for his local scouting group, rides regularly with a local road cycling group, and plays keyboard, guitar and bassoon (not at the same time) with more enthusiasm than skill, and for an audience of one. Andrew is based in the UK.

The post Identiverse® 2022 appeared first on IDPro.

]]>
Blurring the Boundaries between IAM and CIAM https://idpro.org/blurring-the-boundaries-between-iam-and-ciam/ https://idpro.org/blurring-the-boundaries-between-iam-and-ciam/#respond Thu, 10 Oct 2019 20:50:00 +0000 https://www.idpro.org/?p=655 Hi! As a follow-up from my presentation at Identiverse, I wanted to share my thoughts about the blurring boundaries between […]

The post Blurring the Boundaries between IAM and CIAM appeared first on IDPro.

]]>
Hi! As a follow-up from my presentation at Identiverse, I wanted to share my thoughts about the blurring boundaries between IAM and CIAM in this blogpost. 

In a world where the network boundary no longer ends at the corporate firewall, identity has become the central mechanism for securing, managing, and enabling experiences that help businesses work more directly—and more productively—with all their constituents: employees, vendors, suppliers, partners, and customers. Today, whatever relationship a person has with a business, they can connect to it anytime they want using the device of their choice and a wide range of SaaS applications. But this didn’t happen all at once.

When we dropped the boundaries around the corporate network, IAM solutions helped us manage employee access to resources and apps the same way we did when everything was on-premises. The increased flexibility and internal productivity of this model were so beneficial that employees wanted to work the same way with their business partners. 

At first, the only way to give partners access to apps, collaborative spaces, and business data securely was to create an organizational account for each partner employee. These accounts had to be managed and secured. Someone had to create each account, onboard the user, perform helpdesk tasks like resetting forgotten passwords, and retire unused accounts. With B2B IAM solutions, we can now support collaboration with less management burden by giving external users access to resources based on the work identity from their organization. 

This was a great step forward, but we also wanted ways to better engage with customers, particularly those using mobile devices. This meant publishing web and mobile apps with beautiful, tailored user experiences. But, as with B2B, allowing each consumer to create an account would increase the management burden. The business would also become responsible and liable for protecting customer accounts and the information associated with them. Customers, for their part, would have to keep track of another username and password.

CIAM solutions make it possible for consumers to use their social identities to sign up, set preferences, stay in contact, and make purchases. They not only reduce the management burden and liability for businesses, they enable powerful scenarios like using CRM systems to keep track of customer interactions and purchase behavior, which helps businesses improve products and services, target marketing more effectively, and customize offers.

Meeting people where they are: the next evolution in identity

Identity has made great progress. We now have solutions addressing the core business scenarios of making employees productive, collaborating with other organizations, and engaging with customers. But we’re now dealing with constraints and complexity because each of these solutions supports a different scenario with a different technology stack. Since IAM solutions for B2B are optimized for extending the employee experience to partners, they focus on security management, access management, lifecycle management, and built-in governance. CIAM solutions, which are optimized for enabling consumer engagement, focus on customized, branded experiences that are largely self-service.

These separate solutions extend IAM capabilities, letting us recognize individuals to give them secure access to apps and information they need. Although they weren’t designed to work together, they’re more similar than most people realize. So, why keep them separate?

  • What if we want to make it easy for business partners to collaborate with our employees, but we want to support self-service, so we don’t have to be their helpdesk?
  • Can we set up a customized, branded portal that shows business partners all the resources they have access to in one place?
  • What if partners are too small to have an IT department? Can we let them sign-in with their own email address or a social ID the same way I let consumers sign in with theirs?
  • What if partners do everything via phone apps and never use email? Can we let them sign-in with their phone numbers?

Because the above scenarios mix components of IAM and CIAM solutions, customers get confused about which stack to adopt, and what they choose may not have everything they need. What if, instead of a different solution for each type of business relationship, we had a single solution that meets people where they are? In other words, what if the solution centered on the individual and all the types of relationships they may form with an organization?

When it comes to people and their relationships with a business, most don’t have a single role: employee, business partner, or customer. They may be a business partner in their work life and a customer in their consumer life. They should be able to sign into an experience using a single identity, select the appropriate role, and switch experiences by switching roles. 

Here’s how this could look:

Natasha engages with Woodgrove Title Insurance both as a real estate agent and as a homeowner.
She signs into the Woodgrove Title Insurance portal using her Gmail account as her username, which is also her Google ID.
When prompted to select her role, she selects Registered Agent.
She now sees the Woodgrove experience customized for the real estate broker she’s associated with, Fabrikam Residences. From a dropdown list, she can switch to her consumer role as a Home Protection Plus customer.
She then sees the Woodgrove experience that’s customized for consumers.

This is just one type of rich experience made possible by combining the collaboration functionality of IAM for B2B with the customized user journeys enabled by CIAM. Other possibilities include relationships with an organization that change over time. 

For example, individuals start their college careers as applicants. Once accepted, they become prospective students. Once they matriculate, they’re students, and once they graduate, they’re alumni. If they take graduate courses, they become students again. If they take a teaching assistant position as part of their graduate studies, they’re now students, alumni, and employees.

An individual interacts with their university in a different way in each of these roles. With a holistic external identities solution, the university can provide a custom experience designed for each of these relationships.

To enable such scenarios, we need an identity solution that meets people where they are. It must accept identities from many sources and allow organizations to build secure, customized user journeys and experiences based on the relationships they have with other organizations and individual people. The identity solution needs to be flexible, so it can accommodate the future.

Because the boundaries between the different relationships individuals have with organizations are blurring, the siloed solutions we have today aren’t flexible enough to carry us forward. Trying to fit individual people into an IAM or CIAM bucket just doesn’t work. We need to meet people where they are.

It is therefore a perfect time for you to evaluate if the identity journey in your organization meets people where they are!

For example –  

Consider embracing Bring Your Own Identity (BYOI) if you’re still creating accounts for customers or allowing them to create accounts, as that adds business risk. 

Make sure to deeply understand your branding needs and find a solution that is flexible. 

Make sure you can partner with organizations of all sizes, from mom and pop shops to large businesses.

Offer experiences that are intuitive and contextual that helps users understand what they’re doing and in what context they’re taking actions.

In short, are you meeting your users where they are?

I’m extremely excited about this vision! If you have scenarios that you’re trying to achieve in your transition towards digital transformation, I’d love to hear from you! Let’s talk!

Sangeeta Ranjit
Principal Program Manager
Microsoft Corporation

The post Blurring the Boundaries between IAM and CIAM appeared first on IDPro.

]]>
https://idpro.org/blurring-the-boundaries-between-iam-and-ciam/feed/ 0