Comprehensive Software Reviews to make better IT decisions

Sr hero 001 Sr hero 002 Sr hero 003 Sr hero 004

How Will Blockchain Impact IT? Part Two: Identity Management

More than one billion people in the world today have a problem: they don’t have formal documentation. They have no ID.

This isn’t really a problem in the developed world (though about 1% of Americans don’t have government-issued photo ID), but in lower-income countries it can be crippling.

Tech companies have recognized these challenges. Microsoft jumped into this space in 2017, and has been in the process of piloting a blockchain-based digital identity management service. This is part of Microsoft’s commitment to ID2020, an initiative designed to bring identification to the underprivileged, whose lack of documentation might serve as a hindrance to full participation in modern life.

Paradoxically, our digital identities today are massively decentralized. They’re the property of others. I’m an Info-Tech employee; my Info-Tech credentials are stored on an Active Directory server. Sure, my passwords are encrypted, but they’re still accessible to any insider willing to decrypt them. They’re also exclusive to my Info-Tech identity (much to my chagrin, as I input incorrect passwords).

Microsoft’s announcement is a step away from these balkanized identity management practices they’ve identified, which, I should note, they’ve benefited from greatly. Microsoft’s model involves an extension of their authenticator software, allowing it to manage cryptographic keys that link back to an “ID Hub” that is encrypted with that selfsame cryptographic key.

This model’s main strength is that Microsoft doesn’t have visibility into this Hub. They’re democratizing identity management by advocating for the system’s construction using open source technology that could sit on top of public blockchains, like Bitcoin, to serve this purpose. Ideally this could be rolled out across organizations and create a secure identity that follows a user around. This is the sort of system they have in Estonia, where a secure digital identity is a big part of their national value proposition (for lack of a better term).

Of course, there are some problems with this model. It’s going to take a while to be meaningfully rolled out; the data quality is only as good as the nodes writing to the chain. And while this circumstance might be good for employees, do companies really want to decentralize credentials? Questions definitely remain.

Still, expect to see some blockchain-powered identity management solutions cross your desk soon. The march towards our decentralized future will not be slowed by paltry concerns such as these.

Are We Solving Problems?

Like the BloodChain (featured in another note), blockchain as a solution to identity and access management solves problems that we’ve generally already solved in the developed world. Established organizations with legacy identity and access management controls probably don’t want to give that control up, even if it is theoretically in employees’ best interests (loosely defined).

Around the world, though, this decentralized solution could help the undocumented integrate into the economy. This is a good thing. For companies with operations in parts of the world that have large undocumented populations, or might seek to hire these people, this identity and access management solution is potentially very valuable. Charities and other organizations that work frequently with disadvantaged populations might also be a good fit for this technology.

Outside of these specific circumstances, however, it is difficult to argue that any organizations would actually make the leap and adopt this technology.

Recommendations

  1. Don’t worry about it. Outside of a select few very particular cases, the idea that an organization would want to give more control of identities to employees is …weak. It might make recruitment easier? Why decentralize when you’re the one who stands to benefit from centralization?
  2. Use decentralized ID management to empower potentially undocumented employees. If you operate in an environment where identification is harder to come by, blockchain-powered identity management could be valuable for you. Contact ID2020 and explore your options.
  3. Explore ways to incorporate people without formal identification, if applicable. This is a humanitarian recommendation, and is obviously subject to legal and regulatory requirements. But recognizing that some people do not have access to identification goes a long way towards improving their lives.

Bottom Line

Identity management is an interesting blockchain use case, but not one you’re likely to encounter outside of a very particular set of circumstances (like employing a large number of people who don’t have ID). Ultimately, identity and access management is likely going to remain centralized within organizations. After all, why would they give up control if they don’t have to?


Want to Know More?

How Will Blockchain Impact IT? Part One: Decentralized Storage

BloodChain and the Future of Healthcare in the Developing World

The Back End of Blockchain

Demystify Blockchain: How Can It Bring Value to Your Organization?