The proliferation of connected devices and the Internet of Things for identity presents challenges and threats, but if we are successful, it also presents a grand scale of opportunities.
Networked devices and sensors make up the fabric of the Internet of Things (IoT). Leveraging mobile devices, sensors, and wearables is key to the future of identity and personal data. This scenario represents our “connected life.” As the IoT becomes pervasive, Kantara Initiative is focusing to discover strategic issues present at the intersection of identity, IoT and usability.
Digital identity services evolution:
Early Identity Management technology services focused on security and access management services positioned for the organizational or national perimeter. This focus may have been to a specific industry or area of the world. Today our use of technology services is global. With growing user adoption of devices that collect and share personal data, the Personal Identifiable Information (PII) data landscape is increasingly “borderless” in nature. Industry and nations are seeking to harmonize their identity, security and access structures.
Technology services that connect businesses, consumers, governments and citizens are evolving. Humans are becoming more connected to people, entities and things. Enterprise, governments, research, education, and consumers each value trusted identity services, credentials and associated personal data. In this case, trust is composed of open standards adoption, verifiable services, proportional data control, choice, context, and a mutual respect for the user.
Internet of Things opportunities and threats:
Identity services represent a key that unlocks the world of Internet of Things for human interaction in all walks of life. We see many opportunities for IoT to improve lives ranging from devices that monitor our health and quality of sleep, to those that help us to manage our homes or cars. To fully leverage the beneficial powers of IoT vendors need to know that Internet of Things +Identity enabled products and services won’t fail and severely damage their brand reputation.
Users need to know these new tools respect their preferences. See “I’m Terrified of My New TV: Why I’m Scared to Turn This Thing On — And You’d Be, Too.” Collaborative efforts will be key to address the varying privacy and security requirements of consumers, enterprise, and governments to develop scalable programs for verified assurance of technologies and policies that will transform our connected life.
The growing number of sensors and apps that are gathering and communicating personal information magnifies security and privacy risks. Personal data can easily fall in to the wrong hands, be sold without consent, or leveraged in ways that were not previously imagined, like having one’s car insurance rates rise due to a recorded habit of speeding.
Users need to know their personal data can be managed and protected for privacy. Smart physical spaces will become more and more prevalent. Legislation is developing around proper notice and consent practices both on-line and in physical spaces. The Kantara Consent and Information Sharing WG is developing a number of solutions to address these issues and to develop a more useable form of consent.
Challenges and innovations:
Caution: access management challenges magnified by Internet of Things are approaching. The sheer numbers of relationships between people, entities and things will be larger in magnitudes of order than anything that we have ever seen or are prepared to seamlessly manage. At the low end of the scale, some estimate the number of devices and connections will be around 75 billion by 2020.
How will users manage their connected lives? How will they set preferences for data sharing permissions? The sheer number of devices, connections, and relationships presents unique opportunities and challenges. User Managed Access provides an open standard approach to help empower and engage users for the management of resource access and sharing.
Interoperability of IoT+Identity will also have challenges. When device identifiers are not standardized discovery mechanisms alone present a major area for potential standardization and harmonization. At Kantara, the IDentities of Things WG is at work to deliver an industry analysis of the current landscape opportunities, challenges, and gaps to address. This report will be available to all and we encourage organizations to share their use cases or knowledge with the open group.
Kantara Initiative members are hard at work innovating Identity Relationship Management (IRM) solutions and practices for businesses, governments, and for our connected lives. Building on the concepts of IRM, Kantara Initiative focuses on the idea of a “connected life.” Developing open standards, innovations, pilots, and programs is the key to accelerating the transformation our digital-to-human world in a way that respects users.
To meet market demand for smarter devices and services that hold user loyalty the device-to-service ecosystems will need to offer the following:
- Transparency: clearly and succinctly explain your organization policy for the capture and use of personal data.
- Accountability: be accountable for your explained policy and take action if the policy is violated.
- Manageability: provide users with user data management tools to help them to easily view and manage their personal data sharing.
To power the IoT+Identity connection the following approaches will be key:
- Inter-disciplinary software/hardware engineering, product, and policy expertise to develop common design principles.
- User-respecting access personal data management tools like UMA (developing in Kantara and now an open source project of ForgeRock).
- Programs to support technology interoperability and usable consent.
About the AVISIAN Publishing Expert Panel
At the close of each year, AVISIAN Publishing’s editorial team selects a group of key leaders from various sectors of the market to serve as Expert Panelists. Individuals are asked to share their unique insight into different aspects of the campus card market. During the months of December and January, these panelist’s predictions are published at SecureIDNews.