It seems the technology market has an emerging champion, Blockchain! Every day we hear how Blockchain can change the world. What most interest me is how Blockchain may affect the realm of Identity and Access Management. Many IAM architects may have a similar question while sifting through the available information. But this can be a bit confusing as most technical information on Blockchain tends to focus on Bitcoin and financial services future. It may be useful to envision – and I really mean envision – how IAM solutions may benefit from ideas surrounding the use of Blockchain technology. Let’s see how we can draw parallels between IAM and Blockchain.
We know one of the core IAM disciplines is the governance and administration of digital identities, entitlements, and assignment of entitlements to identities within an enterprise environment. Our goal is to ensure identities can (verifiably) access resources based on their entitlements. From the governance perspective, that means the right entitlements should be assigned to the right identities. The assignment must be certified periodically by reconciling identity and entitlement data, typically in a central repository.
Blockchain, in general, is an organizing model for the discovery, transfer, and coordination of all discrete units of anything of value . In this model, Blockchain can track activities related to the unit of value in a tamper-proof and decentralized ledger. Blockchain technology can implement this model by establishing a peer-to-peer network among a set of nodes that each store a copy of the ledger. These nodes ensure the data integrity after adding new records to a block, using a consensus protocol to confirm the validity of the activities and maintain the chain of blocks. The protocol uses a special hashing algorithm to store the data and pointers to external data. This feature of the Blockchain establishes a decentralized governance structure which is theoretically autonomous. Of course, there are many limitations and technical challenges which we leave out for the sake of focusing on the vision.
It is possible to envision an IAM-centric Blockchain ecosystem that keeps track of identities, entitlements, entitlement assignment, and access events, all autonomously in a heterogeneous environment. In this model, ‘entitlement’ is our unit of value (currency) and the registered ‘identities’ (people or things) are participating in ‘access’ events (transaction) based on their assigned entitlements. The blockchain ledger is the authoritative registration log for identities, entitlements, and access events that works based on a push model. The consensus protocol among the nodes validates the correct assignment of entitlements to identities and the correct access to resources by validating policies before confirming the assignment. Any change in the assigned entitlements can be thought of as a transaction similar to exchanging coins. Similar to the Bitcoin wallets, our IAM Blockchain can have its clients or plug-in components for just-in-time access to records in the Blockchain.
This example doesn’t imply that Blockchain has to (or can) manage all aspects of identity governance and administration but it demonstrates how IAM architects may leverage Blockchain as a new technological component to potentially reinvent IGA capabilities. The hope is to address the existing challenges of IAM record keeping more efficiently and effectively in real-time. Again, this is supposed to be an example idea on how Blockchain may impact IAM solutions, not a validated design in any way.
So, what do you think? We like to hear from you.
 Swan, Melanie (2015-01-24). Blockchain: Blueprint for a New Economy (Kindle Locations 2551-2562). O’Reilly Media. Kindle Edition.
Read Complimentary Relevant Research
Predicts 2017: Artificial Intelligence
Artificial intelligence is changing the way in which organizations innovate and communicate their processes, products and services. Practical...
View Relevant Webinars
How to Protect Mobile Apps
Securely enabling applications on corporate- or employee-owned devices is key to protecting enterprise data from misuse. From containers...
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.