What is Identity and Access Management
What is Identity?
Identity is something that can be used to uniquely recognize who you are. As an example when someone asks who you are, you can introduce your self with your name.
Your name can be used to identify you if it is unique. But if there is another “Mary” in your domain you will have to be more specific. The domain can be something like country, organization, school, university and etc.
To identify someone we can use three things.
1. Something you know
What you know is basically something unique to you and only you know about that.
Eg: Password and PIN number of a debit card
This type of identification is very user-friendly but it is not secure. That is because we usually use the same password in many places because it is hard to remember different passwords. Therefore if your password is revealed to some other party they get the opportunity to access information from different resources.
2. Something you have
This is something you have that can be used to identify you uniquely in a particular domain.
Eg: Passport, National identity card, Debit cards, Driver’s license and Access cards.
These type of identity adds more details and security than a password but these are expensive to manufacture.
3. Something you are
This is some part of your body or your physical behaviour that can be used to uniquely identify you.
Eg: Finger print, Retina scan, DNA and Voice recognition
This method is highly secure but it is really costly to conduct this kind of identification process.
Anyhow, we need to use at least one of the above methods to uniquely identify a person. Which method to use depends on the situation, expenditure and various other factors. For more secure options one can combine these methods as well.
Why do we need an identity?
Now we know the three basic methods that can be used to identify a user. Uniquely identifying a user is also called as authentication. So the next problem is why we need to authenticate a user. Authentication is needed to exactly identify a user who is using some valuable resources. After authentication, a user will be granted some particular privileges. Identifying such privileges and managing them is called authorization.
In the IT industry, there are many protocols used in the identity domain like OpenID-Connect, SAML, LDAP and etc. All these protocols are trying to solve the problem of identification and access management. There are several implementations that help your applications with identity and access management like WSO2 identity server.
Hope this helped you guys to understand what is identity and why we need an identity.