Use case spotlight: Quick SSI integration for identity and access management with IdRamp

September 30, 2019

By Helen Garneau, Director of Marketing & Communications, Sovrin Foundation

Fixing the internet’s identity problem is hard. Over the past 20 years, there have been various networks, protocols, and standards created to fix this problem, resulting in a mishmash of one-off identity systems. While some of these attempts may have provided incremental improvements, fixing a few specific problems, none have offered a holistic solution. The Sovrin Network rises above these siloed solutions with a decentralized metasystem for the exchange of verifiable credentials, done in a privacy-preserving way called self-sovereign identity (SSI). 

One of the most exciting vendors in the SSI landscape is called IdRamp. As a Sovrin Steward and leader in the development of decentralized identity solutions, IdRamp’s service is designed to easily add distributed ledger self-sovereign identity to any business strategy without modification to legacy systems. The IdRamp service improves security and user experience  while reducing data liability. 

We caught up with CEO Mike Vesey to talk more about the IdRamp solution and learned a bit about his views on the future of self-sovereign identity solutions. With more than 20 years of experience in identity strategy, development, integration, and operation for global enterprises and medium to small businesses, Mike is experienced in startup management and enterprise application design. IdRamp is the culmination of his experience solving complex identity problems for global businesses.

Sovrin: What motivated your work in decentralized identity?

Mike Vesey: Throughout my career, I have been fortunate to have worked with leading companies like Disney, Microsoft, Intercall, EY, Deloitte, Bank One, and PricewaterhouseCoopers. I’ve seen many large enterprises dealing with multiple silos of identity information, that require interoperation with other systems, while trying to maintain maximum security and business agility. 

The common use of stack identity platforms has increased the risk of hacks and breaches by multiplying the volume of redundant, centralized identity silos. In recent years, new cloud services have followed that path looking to maximize revenue with even more redundant identity silos. To them, larger identity silos means more revenue. At some point, the identity industry lost focus on security over revenue. 

I see this condition continuing to plague the industry. Businesses think they are investing in identity security only to find increased risk, cost, and loss of agility with centralized models. This situation inspired my focus on looking at decentralized solutions to increase security without increasing data exposure. 

S: What is IdRamp? Where did it come from? 

MV: The vision for IdRamp evolved out of our team’s personal experiences on the front lines of identity and access management (IAM). We have deep experience delivering solutions for large multinational, small, and medium sized businesses. Our engineers and architects have spent the better part of our careers working closely with global enterprise clients, and unfortunately, hearing the same customer pain points over and over.

Time and time again, we saw companies using stack IAM platforms that were extremely difficult to change and very slow to adapt to new business opportunities. Oftentimes, these companies ended up building extremely expensive, custom solutions just to keep up.

Sovrin: What are some of the services and products IdRamp offers?

MV: IdRamp is a decentralized identity service that operates as a digital bridge to unify and protect credential silos across any industry or vendor stack(s). IdRamp is focused on helping businesses easily add decentralized SSI into their existing strategy. Our service provides interoperability with traditional IAM platforms without requiring large lift and shift upgrades. IdRamp’s flexibility enables rapid integration into new business opportunities.

This means businesses of all sizes can deploy a cost-effective, stand-alone decentralized IAM platform tailored to their individual needs. IdRamp is vendor agnostic and interoperates with all leading identity management platforms. 

Key IdRamp service features include:

• Bring Your Own Identity (BYOI) – Give users control of how they access applications and services. Combine self-sovereign identity with social and corporate identity logins. Integrate self-sovereign identity into existing infrastructure without modifying legacy applications, directories, or infrastructure systems.

• Decentralized Authentication –  Secures the identity threat surface by eliminating the need for public network-facing identity and access management systems. Users authenticate through a distributed system that increases reliability, scalability, and security. Data is safely encrypted on the user’s device, never stored in a centralized database, or transmitted over the internet.

• Credential Management – Provide digital credentials for a wide range of identity, supply chain, and product certification use cases. Manage the credential lifecycle according to your business workflow. Adapt self-sovereign credentials into any business or consumer application.

• Directory Free Identity Management – A full range of self-sovereign identity and access management capabilities. Implement single sign on, orchestrate multi-factor authentication, enforce fine grained access policies, combine multiple identity providers, and measure usage with intelligent analytics. No identity directory required.

• Password Elimination – Improve user experience and security with password free access to all applications and services. Intelligent credential management removes the need to remember an individual user id/password for each application. Cryptographic keys replace the need to share sensitive access information with third parties.

• Add Self-Sovereign Identity to Your Application – IdRamp provides developer friendly APIs to easily build self-sovereign identity into your application. This eliminates the need for a central registration identity store or complex identity platform investments. With the Idramp micro services fabric, development teams can create entirely new SSI applications.

Sovrin: What kinds of companies will benefit from the IdRamp services?

MV: Our B2B solution offers businesses of all sizes a secure, scalable, easy-to-use decentralized system for IAM. Any business that deals with a human identity, IoT, or credential management will benefit from IdRamp’s products and services. With IdRamp, SaaS providers can eliminate the identity silo with a more secure self-sovereign social authentication experience.

Sovrin: How have some of the recent advancements of decentralized identity advanced the work of IdRamp?

MV: Today, small and medium businesses are running into the same large business challenges as their dependence on cloud services increases. Decentralized SSI models are the natural solution to these problems. SSI and the Sovrin Network are helping the industry take a step forward into better security and business agility.

The Sovrin Network has been the most important recent advancement in decentralized identity. Sovrin has transformed our ability to bring decentralized SSI to customers. Sovrin increases the speed of developing new capabilities because the framework is maintained by a large community of leading edge developers. 

The Sovrin Network provides a quantum leap in reducing the cost and complexity to develop decentralized SSI services. Without the Sovrin Network, the cost to deploy would be too high for most businesses. Technologies like the Sovrin Network will become industry standard building blocks for SSI and credential management. They will continue to foster rapid innovation, improved security, and digital trust across all types of businesses.

Sovrin transforms security by offering a truly independent public utility for digital identity. Without a vendor agnostic public utility like Sovrin, businesses have no practical method to reduce centralized data silos which increase regulatory burden and overall risk. Commercial silo alternatives will never provide the same level of transparency, interoperability, and protection.  Decentralized identity is no longer a next generation strategy. It is for this generation here and now.

Sovrin: We were fortunate enough to get a peek at IdRamp at Internet Identity Workshop last spring. Please describe your demo. What was the most exciting part of it?

MV: Yes, in May of 2019, I had the opportunity to travel to Mountain View, California and attend the Internet Identity Workshop at the Computer History Museum. Using IdRamp, we showed how an ‘employee’ could use verifiable credentials and log into Slack all without a hard to manage username and password. It was a wonderful opportunity to show how SSI and the Sovrin Network can operate with real business needs today. 

The most exciting part of our demo was showing that our solution is not merely aspirational. IdRamp provides an enterprise ready method to adopt SSI and the Sovrin Network into many new use cases.

Sovrin: Did Hyperledger Indy and the open source community play a role in the development of IdRamp? 

MV: Yes, Hyperledger Indy provides a powerful distributed ledger built exclusively for decentralized identity. This is a key building block that allows IdRamp to offer commercially viable decentralized services. The open source community is populated with brilliant participants that provide endless value to any developer team focused on ledger identity.

Sovrin: What do you think the next five years looks like for digital identity? 

MV: Many businesses today are stuck in two or three generations of old identity systems. Others are creating new centralized password-based systems. While these newer systems may offer passwordless capabilities, they don’t actually eliminate the vulnerability. 

Data abuse, fraud, and the culture of digital disinformation will continue to thrive. Password leaks will remain a leading cause of data breaches. Human identity will increasingly become a function of Human Resources and brand trust. Decentralized SSI adoption will grow as businesses seek methods to maintain trust with employees and customers through self-sovereign security.

Regulatory compliance for GDPR and privacy by design will increase in complexity and scope. A need for government and utility-based credential verification will increase. This activity will amplify adoption of decentralized SSI as the most secure solution for data protection and credential verification and usability.

The power of decentralized credentials will open many new use cases for supply chain automation, product trust, and verified certification. We are experiencing demand coming from a wide range of industries like agtech, education, genetic engineering, marketing, fintech, medical, and many more. Ultimately, we are all walking into the identity of everything where trust and verification will be inextricably tied to decentralized SSI.

Forward-thinking businesses that adopt decentralized SSI, will be the ones that find a cost-effective way to protect assets and eliminate password vulnerabilities and centralized data liability. Decentralized SSI will help businesses move away from legacy IAM systems with less cost and complexity than prior generations.

This new focus will transform the industry back to the core principles of security and business agility. New revenue models will come forward and eventually put an end to the centralized directory model.

To schedule a demonstration or learn more about IdRamp please visit https://idramp.com/contact/.

###

Photo by Pedro Lopes on Unsplash