It’s estimated that at least 50 billion devices will be connected to the Internet by end-2020. That’s more than six times the entire population of the world! With this rapid increase of the Internet of Things (IoT), the concept of identity management has extended to the Identity of Things (IDoT).
WSO2 Director of Security Architecture Prabath Siriwardena wrote a white paper that explores the benefits, risks and challenges of implementing an IDoT solution based on the concept of “connected identity”.
He explains that through IDoT, organizations can assign unique identifiers with associated metadata to devices, enabling them to connect and communicate securely and effectively with other entities over the Internet. Your ultimate goal is to reach out to as many customers, partners, distributors, and suppliers as possible that would result in more business interactions and revenue growth. This would greatly increase the number of external digital identities that interact with your enterprise. An external identity provider can be treated as an identity silo that shares its identity data or IDoT via APIs. You first need to trust the identity provider in order to accept the given user identity. Beyond this, you need to speak the same language to transport the identity data. If not, you need to either fix the identity provider’s end to speak the same language or do the same for your own enterprise.
This is not a scalable approach, and will eventually end up in a spaghetti identity anti-pattern. To avoid this, you should build a protocol-agnostic security model. With the identity bus or identity broker pattern, your enterprise isn’t coupled to a specific identity provider or a given federation protocol. The broker maintains the trust relationships between each entity as well as identity tokens between multiple heterogeneous security protocols. This creates a common, connected identity platform that enforces controlling, auditing and monitoring of identities.
Some benefits of this pattern include
- Frictionless approach to introducing new service and identity providers and removing existing ones.
- Easy enforcement of new authentication protocols.
- Ability to perform claim transformations, role mapping, and just-in-time provisioning.
- Centralized monitoring, auditing and access control.
- Easy introduction of a new federation protocol.
When implementing an identity broker you need to follow certain fundamentals. It needs to be federation protocol, transport protocol, and authentication protocol agnostic. Additionally, it should provide the ability to perform claim transformations, home realm discovery, and multi-option and multi-step authentication, among others.
WSO2 helps you solve identity management needs across your enterprise applications, services, and APIs by utilizing the full breadth of the WSO2 platform. By combining WSO2 Identity Server’s comprehensive security model based on OAuth 2.0 with WSO2 API Manager, you can easily build an end-to-end API security ecosystem for your enterprise. Avoid vendor lock-in and enable integration across systems with WSO2’s open source model, which acts as a fully functional enterprise identity bus.
To learn more, download Prabath’s white paper here.