When talking about identity and access management systems in the enterprise it’s about how you authenticate an employee to enable access to systems. Single sign-on is almost a necessity and an organization may layer various authentication factors in there along the way based on security and risk.
An overlooked problem for enterprises is making sure employees are logged out of systems. “The identity industry has solved the single sign-on problem with SAML and then OAuth but on the flipside, universal logout has not been solved,” says Mance Harmon, senior director of Labs at Ping Identity.
To help solve this problem, Ping has announced a seed investment in Swirlds, a new platform that uses hashgraph to solve the universal logout problem and create a new standard for Distributed Session Management. Some have looked to blockchain and its distributed consensus algorithm to generate distributed trust, but it has a limitations.
Swirlds uses hashgraph, which includes three properties: fairness, distributed trust, and resilience to Denial of Service attacks. Global logout is necessary in case an employee is terminated or the employee’s device is lost or stolen.
When applied to identity management, the Ping Distributed Session Management system built on the Swirlds hashgraph platform reduces risk by giving IT organizations a “kill switch” for identity authentication in instances of employee terminations and lost or stolen devices.
The standard enables global session logout for all active Single Sign-On and Application Sessions across both web and mobile apps, independent of the identity protocol being used. It also generates a cryptographic timestamp and proof of receipt, providing the assurance and certainty that session commands are received and when they were received.
The system puts in place a session management database that the identity provider uses and each of the apps enabled by single sign-on also has access to, Harmon says. When an employee logs into an app an authentication session is placed into the session management database and hasgraph ensures that the record is accurate.