Digital Identity Management in the Digital world.
In the digital world we are living in, using digital identity has become an important concept like we are using physical identity in our day today lives. When it comes to digital identity we have to talk about Identity and Access Management(IAM) in advance. We need IAM to allow correct individuals to access resources and applications by managing their identities and access privileges securely. Under the IAM we can discuss traditional IAM, centralized IAM, federated IAM and Decentralized IAM.
What is Traditional Identity and Access Management?
In the traditional approach of IAM, the user will be asked to create a separate user account for each application he wants to access. Users need to remember all credentials of their accounts. Most of the cases this approach will lead to security threats because users tend to use the same or much similar usernames and passwords for every account in order to remember them easily. Hence a leakage of password and username of one account will put all accounts of a particular user in danger.
What is Centralized Identity Management?
This approach uses Identity Provider(IdP) which will manage all user identities in a centralized manner. Users do not need to create many accounts in various applications. Instead users can create an account in IdP and they can access all applications which are associated with a particular Identity Provider. When users need to log into the application, they will be directed to the login of the IdP. When a user login to IdP, IdP will authenticate the user and confirm to the associated application that the user needs to login. Also we can enable Single Sign On(SSO) mechanism where users only need to log in once and afterwards IdP handles all logins. This approach provides a more convenient way to manage user identities but still the approach lacks security. The major security issue related with this approach is that an attack on a central user store will expose all user identities.
What is Federated Identity Management?
Federated identity Management(FMA) can be considered as an extended approach of centralized identity management. In the centralized approach one organization manages identities of their users. Those users have privileges to access resources and applications of that particular organization only. The FMA extends the Centralized approach by extending the access resources across multiple organizations which are having trust relationships between their IdPs. in this case, users of one organization can access applications in another organization via the trust relationship of Identity Providers. First user is authenticated in their own IdP and then gets passed to the IdP of another organization as a validated user. Identity federation can be achieved by using social login such as using google log in or Facebook log in to get validated instead using the IdP of the organization.
What is Decentralized Identity Management?
Decentralized Identity also known as ‘Self-Sovereign Identity’ and ‘Personal Identity’ is a concept where individuals keep their identity stored in a digital wallet. In this approach individuals keep and maintain this identity by themselves. They can have multiple credentials from different issuers such as the company, government and decide what to show. The major difference between centralized approach and decentralized approach is that in Decentralized Identity Management all identities of individuals are stored with owners instead of a central user store. Instead of a central user store, a digital wallet in your mobile phone is used to store information about digital identities. This approach avoids high risk of data breach and privacy issues as the owner has the control over his digital identities.