We bring you an engaging discussion between Martin Kuppinger, the founder and Principal Analyst at KuppingerCole, and Slávek Licehammer, our Identity Governance Strategist and Global Identity Leader for Academia, recorded at the European Identity Conference 2023! Dive into the future of digital identity as Slávek shares his insights on distributed identity, eIDs, and e-wallets, and explores how these innovations intersect with IGA. Discover how combining these worlds can enhance authentication, streamline onboarding, and improve data quality. Listen to the recording or check the transcript to gain expert perspectives on navigating the complexities of digital identity in today’s evolving landscape.
Stranscript
Martin Kuppinger:
Hi, I’m Martin Kuppinger. I’m right here with Slavek from Evolveum. We’re here to talk about the future of digital identity and the perspectives of Slavek on this topic. Welcome!
Slávek Licehammer:
Thank you. I’m happy to be here to have this talk with you.
Martin Kuppinger:
Okay. So, hen is future of digital identity, what is the first thing that comes to your mind?
Slávek Licehammer:
We are here at this conference and I hear a lot of people talking about distributed identity, eIDs, e-wallets, and all this stuff. And we at Evolveum, we are in the business for identity management part of the solution.
I’m always thinking how to combine these two worlds, because the digital identity, distributed identity is mostly about authentication. Then I discovered… exactly, I’m getting to this… because you need to aggregate the data somewhere because people are having this distributed identity. But at the end they want to access services within a single organization or some project, and you still need identity management as a strong layout where you can aggregate all the data and have this firm foundation. And also use it to be able to provide some additional pieces to the distributed identity again.
Martin Kuppinger:
And I think that this is one part and the other thing is for instance, a wallet with the proof “This is Martin” can help us immensely, incredibly in onboarding process, for instance. This is a low hanging fruit for success of that integration, where you say, just so to speak the joiner process, in IGA, Identity Governance Administration becomes simplified a lot, because you have proofs, verified identities, a lot of credentials, a lot of attributes you can use up to birthright provisioning.
Slávek Licehammer:
Exactly. I was the same thought. You will have a lot of attributes from different sources and maybe even with the different quality, so this gives us in front of new problem, how to manage these basically different values for the same attribute. Maybe a different level of assurance or maybe some source that you can trust or if you provision to a third party, the third party might trust this information. So we need to manage this and this is what we need to improve.
Martin Kuppinger:
Yes, I think we will not have the same level of assurance of all attributes any more, which we currently probably also don’t have. We just assume we have it. I think every IGA problem struggles with identity information quality. Because factually, we don’t have verified data. We have wrong data, incomplete data, out of date data, etc., and we need to work with that. There is this assumption that the data in the identity system is correct. I think what you’re saying is, with this are decentralized identities, or distributed identities and all the different attributes we can get from there, you potentially have a means to get better in quality. And to understand, which quality is or which attribute of which quality and how trustworty.
Slávek Licehammer:
Yes this is exactly one of my points. There are other problems because sometimes you have quality data but user might prefer something else. For example, if you have foreigners, you have transcribed the name from the different alphabet to our latin alphabet. And you might have official translation, something that the person refers, because it’s natural and you need to work with this in a different way.
For example, if you have something like social n etwork, you can go with a referred name and if you’re something official and you need official name, you need to select the official data. I think this is the future of distributed identity and how we process it with identity governance tools.
Martin Kuppinger:
I envision that we use a lot of data to automate our legal processes. So if the proof of employment disappears, we trigger a legal process. So if there’s no valid proof of Martin with KuppingerCole Analysts anymore, we can trigger process in IGA. And if something changes the attributes, this may trigger a legal process. So I think there are really some cool things we can do with that, isn’t it?
Slávek Licehammer:
I totally agree, and this opens a lot of new possibilities, especially when you are thinking outside a single organization and you start thinking about some potential collaborations.
Martin Kuppinger:
When you think for instance about pharmaceuticals, where you have, this is the employee, the workforce, but then you have, patients, researchers, people from universities, suppliers, etc.
You have super complex B to B to C, etc., and B to B to whatever environment. And I think in these environments we have a huge potential to simplify things compared to how we IGA traditionally.
Slávek Licehammer:
Yeah, that’s true. And this brings another challenge, with privacy protection, especially in the medical sector, where you’re treating patients, and you might have a lot of sensitive data.
Martin Kuppinger:
What is shared. Exactly. It gives us this option to say, only that part is shared in that context. You’re right.
Slávek Licehammer:
We were experimenting with on a technical level how to store provenance data to attributes, so you know the origin and you can also store how sensitive the information is and maybe even what you are legally able to do with such information. And to use this within IGA to put automatic rules to process that and maybe even let users affect these rules and put really users into control of his or her personal data.
Martin Kuppinger:
Okay. Thank you very much for sharing your thoughts on that aspect of the future of digital identity. I think there’s so many things going on and decentralized or distributed identities, or self-sovereign identities surely are important topics. So thank you very much for taking the time.
Slávek Licehammer:
Thank you very much for this nice little talk.