Identity and access management evolved around people but with the broad roll-out of IoT devices we have to deal with all those devices in our business environment. The universe is become more complex as everything is now an identity. Be it a smart device, programs, contracts, machines or robots. Nowadays everything is interconnected to share information and performs tasks.
Internet of Things refers to everything connected to the internet like drones, appliances, smart cars, GPS tracking devices, web cams, etc. To be able to to address the growing risks around IoT devices we need a framework to identify and connect devices and of course for relationship and rights management.
In a Self-Sovereign universe the most important risk will be around the relationships between the devices. We need to look beyond identity and access management to include the level of relationships that exist among device identities. For example we need to manage their authorization for sharing data and making transactions. In a not so distant future devices will make transactions on behalf of their owners which must be controlled to manage risks including transaction repudiation.
Managing the Identity of Things (IDoT) requires us to assign unique identifiers (DID's) to objects and devices as well as to manage authorizations to communicate, share, buy data, sell data in approved relationships.
It is crucial to be able to allow objects to find each other, communicate and transact with each other. As most objects are are automated entities beyond human control the rules of engagement are different. Automated and possible critical tasks such as data collection and sharing will make continuous monitoring even more important that it was ever before.
Fast innovation cycles in the automated and connected world make the management of Identity of Things extreme challenging. Data privacy and security of devices will continue to be of utmost concerns, especially, the definition of identity theft will be expanded to include device identity takeover by another device. Furthermore, identity and ownership validation along with access controls will be critical for defense in the court of law.
As CodeB we are identifying the IoT identity management risks and our identity management experts are working hard to introduce solutions whether technical or otherwise to address the risks. Obviously, effective identity management and governance will be key to making sure that IoT entities are able to communicate with one another, perform approved tasks, and demonstrate ownership for accountability purposes.