It has been a busy summer for the ForgeRock team, taking its Identity Live Series to Austin, Berlin, Sydney and last week Singapore. Before it reaches London in October and Paris the following month we caught up with its VP Innovation & Emerging Technology, Eve Maler to talk about some of the big identity issues.
With ForgeRock What innovations and technologies should we be looking out for in the near future?
My role in ForgeRock’s office of the CTO is to drive innovation in the areas of privacy, consent, and authorization — and we can find exciting developments here. Think of many Internet of Things scenarios, such as in healthcare, the smart home, and connected cars, where a loosely coupled ecosystem of infrastructure manufacturers, cloud services, and sensors exchanges data for marketing, payment, health, or even physical safety purposes. Sometimes it’s not even about data flow per se, but about device control — something you don’t find most regulations talking about.
People want to be in control of these exchanges. It’s sometimes not practical to ask for classical “opt-in” consent for real-time access events across such an ecosystem, given constrained interfaces and new requirements for fine-grained purpose descriptions. These smart devices and their users also need to be prepared for dynamic many-to-many consent relationships in a way that smartphone-to-owner relationships don’t.
In the ForgeRock Labs, we have been working to answer these needs by combining our platform support for User-Managed Access (UMA) with an Identity Relationship Management (IRM) approach that involves a graph engine. This enables an individual to control permissions flexibly but conveniently by establishing relationships between any two “things” with an identity — people, mobile devices, vehicles, homes, you name it.
What is the biggest challenge in delivering consumer-facing identity and what needs to happen to overcome it?
The biggest challenge is delivering, gracefully and at scale, the types of solutions required when “you aren’t the boss of” the people you’re serving — even though the security and fraud management pressures keep growing daily. The business use cases for consumer-facing identity don’t just include authorization. All sorts of value flows over these connections, and customers now demand superior experiences and hyper-personalization — increasingly along with superior privacy hygiene and control.
Overcoming this challenge requires treating identity as an honest-to-goodness conduit for business value, which typically isn’t done for employee-facing IAM projects. Digital identity is a big part of how physical products transition to become digital services; check out this talk to learn how simple purchases of sports equipment have been upended by the digital era and benefit from an identity-centric basis. And digital identity must be a big part of how consent, and therefore consumer trust, is managed over time; check out this article about how DNA testing companies are treating consent as much more than a compliance issue. This is why, within ForgeRock’s platform, we have a profile and privacy management dashboard that puts a “single pane of glass” management capability over all of a user’s consents, permissions, app connections, and data/device sharing episodes.
Often identity, security, authentication, privacy and trust are mentioned in the same breath. Is this helpful or a hindrance?
As long as we define our terms, it can be helpful! They are certainly all related. For example, lest one think that the identity of a “smart thing” can be entirely divorced from privacy concerns, an organization in Europe called FIU Region 1 did a legal study for an effort called My Car My Data and discovered that “almost all car data is personal data” by virtue of a connected vehicle’s ownership registration.
Are we getting closer to ‘solving’ the identity challenge? Or will we always be chasing the horizon?
The world is making measurable progress, at least in terms of interoperability. When some of us started working on (what became) SAML in late 2000, federated single sign-on was a twinkle in people’s eyes. Now many aspects of achieving federated identity are pretty routine, and a lot easier than they used to be. But challenges will always remain because three things are endless: the road to innovation; bad guys’ capacity for cleverness; and consumers’ capacity to demand value, convenience, and respect.
Next month ForgeRock will be in London for its first ever Open Banking Hackathon. It takes place from 21st – 23rd September at Norton Folgate, Liverpool Street and you can register here.