It used to be simple: If you need an account or permission in a corporate system, you ask the administrator. If you wanted to know who has permissions for what, you ask the administrator. That works fine until the administrator loses all overview. With corporate IAM, the goal is to distribute decisions about entitlements among many employees to decentralize power, and to better structure the whole process of giving access to target systems. But still all workflows are executed in a centralized system with a single large database. Especially when using cloud applications, wouldn’t it be great if they don’t have to rely on a single central system for authentication? With the use of a transaction chain, it is possible to allow or deny permissions and create accounts directly for people in a company. Target systems can then check independently if someone has access, without trusting a single server. The data that is shared with a target system can be reduced to a minimum, security will be improved, and the approval history is immutable. The question, “Who has access to what?” can now always be transparently answered.