Blog post

When IAM Meets (the Idea Of) Blockchain!

By Homan Farahmand | January 24, 2016 | 4 Comments


It seems the technology market has an emerging champion, Blockchain! Every day we hear how Blockchain can change the world. What most interest me is how Blockchain may affect the realm of Identity and Access Management. Many IAM architects may have a similar question while sifting through the available information. But this can be a bit confusing as most technical information on Blockchain tends to focus on Bitcoin and financial services future. It may be useful to envision – and I really mean envision – how IAM solutions may benefit from ideas surrounding the use of Blockchain technology. Let’s see how we can draw parallels between IAM and Blockchain.

We know one of the core IAM disciplines is the governance and administration of digital identities, entitlements, and assignment of entitlements to identities within an enterprise environment. Our goal is to ensure identities can (verifiably) access resources based on their entitlements. From the governance perspective, that means the right entitlements should be assigned to the right identities. The assignment must be certified periodically by reconciling identity and entitlement data, typically in a central repository.

Blockchain, in general, is an organizing model for the discovery, transfer, and coordination of all discrete units of anything of value [1]. In this model, Blockchain can track activities related to the unit of value in a tamper-proof and decentralized ledger. Blockchain technology can implement this model by establishing a peer-to-peer network among a set of nodes that each store a copy of the ledger. These nodes ensure the data integrity after adding new records to a block, using a consensus protocol to confirm the validity of the activities and maintain the chain of blocks. The protocol uses a special hashing algorithm to store the data and pointers to external data. This feature of the Blockchain establishes a decentralized governance structure which is theoretically autonomous. Of course, there are many limitations and technical challenges which we leave out for the sake of focusing on the vision.

It is possible to envision an IAM-centric Blockchain ecosystem that keeps track of identities, entitlements, entitlement assignment, and access events, all autonomously in a heterogeneous environment. In this model, ‘entitlement’ is our unit of value (currency) and the registered ‘identities’ (people or things) are participating in ‘access’ events (transaction) based on their assigned entitlements. The blockchain ledger is the authoritative registration log for identities, entitlements, and access events that works based on a push model. The consensus protocol among the nodes validates the correct assignment of entitlements to identities and the correct access to resources by validating policies before confirming the assignment. Any change in the assigned entitlements can be thought of as a transaction similar to exchanging coins. Similar to the Bitcoin wallets, our IAM Blockchain can have its clients or plug-in components for just-in-time access to records in the Blockchain.

This example doesn’t imply that Blockchain has to (or can) manage all aspects of identity governance and administration but it demonstrates how IAM architects may leverage Blockchain as a new technological component to potentially reinvent IGA capabilities. The hope is to address the existing challenges of IAM record keeping more efficiently and effectively in real-time. Again, this is supposed to be an example idea on how Blockchain may impact IAM solutions, not a validated design in any way.

So, what do you think? We like to hear from you.

[1] Swan, Melanie (2015-01-24). Blockchain: Blueprint for a New Economy (Kindle Locations 2551-2562). O’Reilly Media. Kindle Edition.

Leave a Comment


  • David Busch says:

    I agree with the concept and have pondered the idea of blockchain technology leveraged to safeguard the digital identity manifestation of a person, be it social, personal (banking, government, etc.) or business focused. Perhaps we could all bring our own blockchain to work and be granted access to enterprise information/services and governed with OUR Identity. BYOI – Blockchain Your Own Identity 🙂 or perhaps BYBI – Bring Your Blockchain Identity.

  • An emerging problem in scientific journals is validating the identity of peer reviewers. For example, there have been cases where a researcher will create fake records in the publisher’s database, recommend those names as reviewers, and then write reviews of their work themselves under false names ( provides a persistent digital identifier for scientists (although there’s no validation step to prevent creating duplicate or fake IDs here, either).

    In biomedical sciences, names could be checked against author names in the NIH’s PubMed database of published papers. University identities might be available in some cases, too.

    Do you see a potential for blockchain technology as a way to automate validation of researcher IDs? I’ve just started learning about it and wonder if there’s an application for journals publishing (which definitely are not at the cutting edge of technology!).

  • peter rietveld says:

    As DLT is essentially a heavyweight technology for situations with disputes on the data level, it should not be necessary in Enterprise IAM – not with authoritative sources.

    In CIAM that could be a different story, when the CIAM is shared by multiple competing parties. But which major store would contemplate sharing customer data with the competition? It would work and solve some real issues but i’d say no one would take the initiative.

  • Gus says:

    Heard recently about microsofts Baas intitiative. Havnt seen much on the subject but IAM ..but block chains a service seems to have in its delivrable.IAM capabilities. From compliance and governance standpoint would love to see its reporting capabilities.