At a time when every person has to manage countless digital identities and accounts privately and professionally, Customer Identity & Access Management is essential.
Why is Customer Identity & Access Management important?
Customer Identity & Access Management ensures that a person can only access the resources at a certain point in time, for which the person has the necessary permissions. One person must be able to log into their online bank account but must not view the neighbour’s account. Referred to the work environment, a person should only see their personal time recordings and sick leave days, but not that of the colleague from the next table.
What is Digital Identity?
Digital Identity is a part of Customer Identity & Access Management. A digital identity consists of data that clearly identify a person. The exact data is not specified and can accept different forms. So it does not always have to be the classic data first name, last name, date of birth.
Digital Identity can be defined in different ways:
Attributes: Properties relating to one person or organization and identify them- Master data - last name, first name, age
- Contact details - phone number, email address
- Biometric data - fingerprint, iris, voice
- Local data - whereabouts, IP address
Claims: Statements about the owner of an identity towards another organization or person
- “I am of legal age”
- “I have a residence within the EU”
Trust: Trust that the claims are correct
Digital Identity is becoming increasingly important for companies, supervisory authorities (regulatory requirements) and governments in a connected and digital data-based world.
A company has to ask itself the question every day how it can make the process of authentication of its customers or employees as simple and barrier-free as possible.
From Centralized Identity to Digital Identity
Unfortunately, the concept of Centralized Identity is still the predominant paradigm for digital authentication but is gradually replaced by Digital Identity.Centralized Identity is primarily characterized by data silos and bad user experience. Data silo means that one or more accounts have one or more accounts within an organization, but the accounts are not linked to each other. A customer of a Telko provider has, for example, an account for the invoice portal and a separate account for the customer forum. For the customer, it is cumbersome to manage various usernames and passwords for calculation portal & customer forum at a company.
A further development is the Federated Identity, mainly known as a social login (Google, Facebook) on websites. Federated Identity has a significantly better user experience than Centralized Identity, but a big disadvantage: lack of acceptance among authorities, banks and insurance companies. In addition, the personal data is usually stored by US companies and it is unclear what really happens to the data. It is known that US authorities regularly analyze data without the knowledge or consent of the person. It is known that US authorities regularly analyze data without the knowledge or consent of the person.
With a Digital Identity it is possible to authenticate with authorities, banks and insurance companies. An example of this is the ID Austria from Austria.
ID Austria can be integrated into existing Customer Identity & Access Management solutions without any problems and is compatible with WSO2 Identity Server and Evolveum midPoint.