Event Recording

Martin Kuppinger - The Future Model of Identity: Blockchain ID and the Digital Transformation

Distributed Ledger Technologies ("Blockchain") are the foundation for the most disruptive changes to business we are either already observing or that are on the road to becoming a reality. Based on these technologies, both new business models and fundamental changes to established models become possible – and what is technically feasible and economical beneficial will happen.

However, there is still one missing element for fully leveraging the Blockchain potential: Identity. Identity in that context is far more than just identification, authentication, or authorization. It is about linking people, transactions, and digital assets. It is about managing properties, rights, agreements, and contracts – linked to persistent, reliable identities. This is where Blockchain ID comes into play, because it is the only way to enable many of the business scenarios of tomorrow. There is still some way to go for Blockchain ID, starting from making it more than an ID for identification, authentication, or authorization.

Okay. While China comes back to give me the, the switch for the slides. It's a pleasure for me to welcome you to yeah, I see. Number 12. So it's really already number 12. I just still remember two years ago we had our 10th anniversary and we are again, two years ahead, and it's another year of growth for our conference. So again, we are growing this respect to all numbers, which is what makes me proud of my team, which organizes the conference. And again, we will have a lot of talks about hot topics, about saw leadership and also about best practices. So I think that is one of the things which makes this conference so unique. This mix of both the saw leadership, the forward looking topics and how to bring this all to reality. And that will be what we do today as well. We start with one thing which will be more the future model of identity.
So, so I'll talk about, yeah, the bad B word, blockchain and digital transformation and how this relates to identity. So that will be my big theme for today. But if you look at a trend, you will see, I also talk about a variety of other topics over the course of the next days, but I think the blockchain ID thing obviously is a very hot thing in these days. And so we look at that and I will try to bring in my view on where I believe blockchain identities will help to shape the future of identity or not. That is sort of my big theme. So with that, I directly wanna start with my keynote and talk a little bit about how digital transformation and blockchain and identity relates first. So I think two, three years ago, I, the digital transformation thing was the big topic of my opening keynote.
So what is happening there? And so we see this, this big changes which really affect the way organizations do business. So we see it as smart manufacturing, the connected things, the connected customer, the device and the apps, and this is happening and that's reality. And as organizations, we have to do that. And that also means a lot of things into our organizations and the way we do business and the way we structure our organizations is changing. So we have these changing business models. So we might have more paper use instead of traditional sales models. We have new competitors, we have the new entrance to the market. We have different types and far more agile partnerships than we had ever before. We see a lot of innovation. So this is what is happening and which, what is changing and affecting organizations. And we also have a couple of technologies, which are not only hot, but which are essential and important for organizations to succeed in that digital transformation. And amongst these technologies, we have obviously the cognitive and AI thing, that was a main theme. In last year's keynote. We have big data, we have cyber security and we need cyber security. We have robotics and we have blockchain and not entity. These are some of the technological cornerstones for digital transformation.
Yes, there's a lot of hype around blockchain. No doubt about it, but hypes, commonly have some foundation. Yes. When we go from that first hype to the reality, a lot of things change. And I think we are already in this transition phase, but it's, I'm convinced blockchains are here to stay, how they will look like we will have to see yes, that might still be block trains as trains of blocks. It might be Tanes or other types of graphs. It might be that on that, on that. I think we still see a lot of evolution. That thing behind us, it's the distributed lecture thing. This is sort of the, the common denominator we have here, which UNIV unites the various approaches. And we can't use them in a variety of use cases. So we see a lot of ideas around supply chain management. So how do I track shipping?
How do I do our stuff here? Contract fulfillment with smart contracts, very obviously micropayments. So not only the large payments, but obviously the micropayment thing is one of the, the important things we might potentially solve better using blockchain technology than without bottle less currency. So if you look at international trades and a lot of other things than bottle, less currencies still are something which obviously can help us. So this is for the digital transformation. There are things which help us to transform organizations, which potentially are enabled better by blockchain than by other approaches. On the other hand, we have the identity and we are an identity conference. So obviously our stress is a little more over the course of my keynote, where we have the consumer identity thing. It's, it's very clear if we want to succeed in the digital transformation, we need to manage the identities of the consumer.
We need to get better in identification verification for the ones who attended the blockchain ID innovation. I yesterday we had a couple of use cases around KYC around know your customer and verification of customers. That is the part with video end or other things. That's, from my perspective, still painful. I had to go through it as a process recently with a German tele telecommunications operator. It was another one with the T it was horrible. It took me three tries to finally get the contract done. And so I wanted to do it only once in my lifetime. That might be something where identity and blockchain come together, making, making it easier for me personally, the identity of things is an important thing in identity authentication the password. I think it's that for how many years? 30 years or so, but it's still here identity of services.
So how do we manage that privacy? Obviously these days are very hot topic with the GDPR finally coming in effect roughly 10 days from now, which will be a very interesting time again. So we have this relationship between digital transformation, blockchain, and identity, and to start with why do I believe that blockchain and identity have some interesting intersections? I wanna start with sort of a short history of identity. So looking at the who, the what, the, how, and then the aspects of security and identity. So when we go back to the very early days of the computer, so sort of before the mainframe, even what did we had? We had very few computer experts, very few internal applications, punch cards. It was more about physical access to that system, but identity really was a no brainer back then. It was quite a while ago, but my life was computers started more or less at sort of the end of the punch card.
So I'm old enough to have seen these things in the age of the mainframe. We had still a relatively limited number of employees, some more applications terminals to access this. So for protecting the system, it was a little bit more physical access and a little beyond, so a little bit authentication maybe. And it was some administration. Then at the mainframe level, we had the client server, more employees central and decentral applications accessing all that stuff. We have PC and the terminal alienators and stuff like that. Username password a little bit more sometimes in authentication, even back these days. So authentication became more topic. Then we had this face of the internet coming up, the new economy. Some of you might remember that around the year 2000, where we had the first touchpoint, more or less to, to partners and customers. Yes, there was a little bit of ed fact and other stuff before, but basically it's really started there internal services.
And the web was the what. So we had really starting to access web applications and SAS, the web and emerging standards as the way to access security wise. Honestly, there was not that much new. So it was still a little bit the same way of thinking. And we started seeing some Federation things, making it easier and web access management, all that happened there. So right now at the digital age, when we look at that, and that's why I believe it's important to talk about a topic, which is my main theme today. So everyone, everything is accessing. It's a totally different world, far bigger than ever before. What are we accessing or what we use things we use, devices services, just everything we increasingly rely on open standards. We are not where we should be, but we are really making progress. We have more biometrics built on the smartphones, mobile ID, other stuff.
But the big question is how do we really handle identity for the digital age? And that is from my perspective, the big question mark, and that's where we need to get better and make progress on. In fact, the missing element in identity is identity, so to speak. So when I take back this, when I look at the identity life cycles across these various stages, and when I look at the identities, we are good in managing. So when I look at the life cycles identification, it's the very initial step, which is hard to really do well. So to identify someone really very reliable, that's more at a DNA level or things like that than the verification, the authentication authorization audit. And we have the identities of employees, the partners, the customers, the consumer, and maybe the universal identity, because I really hate to have so many different identities I have today.
I have every, every other day when I sign up for another service or a new app, I have to create a new username and a new password in that age, in that digital age. That's ridiculous. So when we go back, so in the early days identification, we've walked to the people and said, okay, I know you're that employee number, whatever I can identify you in some way I can, was verify the same procedure. When we only looked at the employees, it became more complex when we started looking at others. So it's relatively easy to do identification verification for our employees. It's not that easy to do it for an anonymous customer. So some other problems showed up and for the identities, it was more or less employees first. And then in the age of the new economy, we started opening this up right now. The question clearly is how do we handle verification?
That's one of the things with the question, mark, but I think there are some interesting approaches around KYC, blockchain, etcetera. And the question is on the other hand, how do we really do well with consumer identities and with the universal identity? And this is from my perspective, the area where we need to look at, because this is the challenge I think everyone is facing from both ends. So me as an individual, for me, it's, it's a problem to have all these accounts, username, passwords. I might say, I want to have something where I can control it. Very flexible from one place. On the other hand, for me as a business, it's always about thinking if I want to unboard customers with whom do I work. So who's the one who can provide me the identities. And there's not a single answer in that. So this is the missing element.
On the other hand, when we look at blockchain, obviously there's one big missing element in blockchain, which is identity. Why? So when we look at there's a lecturer, so very simplified with notes, there are parties which have wallets and private keys in their wallets and whatever else and other parties in the same and somewhere there are minors, minors, or stakeholders or approvals, depending on the consensus model and other things. And there's some software below that. So very simple, how this looks like, obviously we need to authenticate for access to the wallet. We need to handle that wallet in a very secure way. That's an identity problem very much, by the way, we need also to be able to use that wallet, the same wallet in various devices, without security issues, et cetera. But there's a lot of identity challenge behind that. There's the authentication of approvals.
For instance, if you look at IOT angular, so then obviously if you have an approver, then you need a good authentication for smart contracts. You need to identify to verify, to authenticate for other things, connected things along the supply chain. Things need to be verified. They need to authenticate. So we have a lot of things which are around identity when we look at blockchains. So in fact, we could pick up more of these. In fact, the missing elements we have in blockchain are one of the big missing elements, probably not the only one, but one of the things we have to solve better than we did right now is identity and are a lot of things going on. There's a lot of work in progress, a lot of interesting stuff, but we still have a, some way to go until we are where we need to be and where we want to be.
So the first question I wanna bring, in my opinion, is will blockchain ID on one hand, does it have a potential to get better in what we do in identity? Traditionally, part one and part two, does it have a potential to go beyond that, to do things with identity or around identity? We are either not good or not even capable yet. So when we look at traditional identity, we have, as I've said, the identification. So that is when you get your, whatever your national passport handed over the verification, where you say, okay, I verify myself and know your customer process. Based on my passport, I authenticate with some type of authenticator. My access is authorized audited, and we have this big privacy thing, obviously as well in here.
So identification is something which you can't solve this technology that well at the end, you need to show up. You need to prove some things which verification starts if already touched KYC. That's where things really become interesting. How can you do this process once instead of many, many times, how can you use it? That's also where we have a very obvious, very immediate business case because KYC is painful to the individual and it's costly to the business. And if you can rely on something which is done already, we improve convenience for the user and you save money for the business. So that's where, so to speak, the low hanging fruit in the business case comes on. And for us education, there are some things like putting a lot of authenticators into a wallet using them very flexible, simple than before for authorization, we see some potential auditing. We had yesterday at a blockchain ID innovation at a very interesting use case by T-Mobile us for privacy.
I remember I've been here at that stage six years ago, and I believe doc Earls was that conference as well. Doc was talking about vendor relationship management. I was talking about life management platforms and privacy. So how do I control what I share was a topic back then, I believe that what we had in mind back then right now might become a reality, support it by blockchain technologies, but not only by that and beyond that, I think there are so many interesting use cases. When we look at what can we do around blockchain ID without going too much into detail. So linking people and transactions in the lecturer, linking people and assets who owns that asset. We are the D IDs like touches in a minute or in another way, managing properties who owns what managing rights, smart contracts about rights and properties and other stuff.
That's all related to identity. And these are highly interesting use cases, all the stuff around pseudonymity anonymity, the relationship compliance and so on consent. There are a lot of things we potentially can do better. And I will not go into detail on all these things because we have so many keynotes and other sessions over the course of this conference, which go into detail on various of these topics, but potentially blockchain ID might enable things to do better. So the new identity part going beyond part was a sort of a based on a persistent, reliable identity. And that's the thing, which in fact, the blockchain ID from my perspective brings into that equation, which helps us doing things better. So in a nutshell, blockchain IDN SSI explained again, very high level, very rough SSI, self identity. The idea of I control what happens with my attributes.
I have a wallet I might in the future, or maybe sometimes today import various types of credentials, which then are digital assigned and encrypted. And so on proof of issues who issued it, who owns it, me, it's still welled, things like that, where I use other IDs. In fact, to add them to the, that might be the national E I D the bank ID. So my wallet contains a little bit of my digital life, as well as it contains a side of the private keys, my private attributes. So these are not on the blockchain. They are in my wallet, and there are some things to, so around the wallet. And on the other hand, I have the blockchain where this concept of decentralized identifier currently seems to be the hottest thing, which in fact relates me with someone else and sort of with a network address, which then goes back to my wallet and or other things where we can then share and agree and do all the things so off lecture and in a secure peer to peer interaction, we have things like the sharing, the private attributes, defining the agreements, things like that.
So we keep that separate from the blockchain, because if a, an attribute is on the blockchain, it's not really private anymore, it's not self-sovereign anymore. So obviously that is in a, in a very high level of view, some of the, sort of the, the essential concept we see evolving in many of the blockchain ID discussions that might change in the one way or another, but the segregation of having the, the, the off letter and the own lecturer part, I think is a very essential one for the success. So basically what are the blockchain ID success factors and the challenges because we are not yet there. So we are in a good drag. I believe a lot of very, very smart people, working hard, discussing intensively, not always agreeing, but I think that's part of the evolution. So what are success factors and challenges for blockchain ID really becoming this central element, which helps us solving things we didn't solve well right now.
So there are success factors that are challenges is sometimes you might just change the wording and move the success factor to challenge or wise versa, obviously. So a success factor will be to reach the critical mass. It's the hand and act problem. We have it here as well. We always have it. We need a critical mass. We need interoperability with existing IDs, and we need interoperability between different types of blockchain ID. There are also some interesting work streams going on. We need, and that's a big challenge. We need easy to use, easy to secure wallets. So the wallet is highly important. So how do we protect our private keys? We need good answers on that simple answers on that. We need good solutions to make them wallets roam, all that stuff we need. I start with the others first privacy by design, obviously. So what we do here must be privacy by design and security by design, because these are the keys to our personal kingdoms, and we want them to be secure and we need predictable and affordable costs, which are a little bit, two different things.
The affordable one is it should be something which people are willing and able to pay. Part one. The predictable one is another one. I'm a strong believer that business models only work if cost is predictable. And if a cryptocurrency brings in too much of a volatility, then it's the wrong type of blockchain. So we need to be very careful here and think about what are the models, the payment models, the cost, and figure out ways which are very predictable. But honestly, I'm convinced that most people to get rid of dozens and more accounts and passwords would be easily willing to say, okay, I pay, pay a few euros or dollars a month for that wallet app, whatever it is, which makes my life so much easier. So there are some sorts of payment models. And when you go back to what we wrote about the live management platforms and other staff be some six years or so, we discussed a couple of very interesting business models, which help to make this a success.
So there are are ways to do it. What other challenges, regulatory compliance, right? To be forgotten. So if you store things in the blockchain, in the lecture itself, which might need to be forgotten, then you have a problem. That's the reason why I talked about this off lecturer and on lecture thing before troop pseudonymity. So the made thing can become a challenge. So made data, which allows you to identify someone is considered PII. In the context of GDPR, we need the governance of the wallets for the wallet. So who provides the software? Who cares for that things don't go wrong here and who owns, or who governs the blockchain. We need this go saying, we need to figure it out. We need a business model for node operators. So someone who operates a node must have a business model, which works for him as well.
So for Bitcoin, it's relatively easy for others as well. In that case, it might be a little bit more complex performance, scalability. We need a sustainability for the lifetime ID that be potentially easier. Once we have some options and some protocols for interoperability, which would allow us to switch between various approaches. And obviously very, obviously we need cyber attack resilience. So the question is going back to that, I think there's a lot of potential in blockchain ID. And we will hear far more about that over the course of the day and over the course of the conference. Not everyone will potentially agree with me, which was fair. Going back to my question. I said, the big, the one big thing missing in identity is sort of identity the universal identity. And you know, when I go back to the very first European identity conference we had Dhar on the stage. Some of you might remember him. We talked about becoming an identity provider it's 11 years ago. So we are number 12 right now. He didn't succeed. And many others also didn't. So which options we have, we have enterprise IDPs. We have to serve party IDPs like Facebook, LinkedIn. We have the IDP as a business, as a standalone business. The one which is sort of a joint business bank ID, national ID, blockchain ID, when looking at critical massive users, enterprise ID can't make it. Others typically also didn't make it Facebook did it.
So the critical mass thing is hard to solve. Blockchain ID has a potential, it might succeed trustworthiness. That's where things get hard for Facebook. Particularly these days global use again, a national idea is not for global use. So they are the red buttons and you see everything side of blockchain ideas already red blockchain ID might get red. If they fail the critical mass for things like that, standards in interoperability, still a long way to go. So where's the potential for the universal ID. We know that all the other approaches will not deliver on that. They might deliver on national things, be very successful. There. They might be integrated with a blockchain ID approach, but they won't deliver the blockchain ID has that potential. If it delivers on that, that will be time will tell with that. I come to my final slide. What I think is blockchains need identity and identities need blockchain. So it's something which is tightly related and this blockchain idea then will help us potentially to succeed better in the digital transformation. Thank you. So we have some.

Video Links

Stay Connected

KuppingerCole on social media

Related Videos

Webinar Recording

A Comprehensive Approach to Solving SaaS Complexity

As businesses adopt cloud-based services as part of digital transformation programs to enable flexible working, boost productivity, and increase business agility to remain competitive, many IT and security teams are finding it challenging to gain oversight and control over the multitude of…

Analyst Chat

Analyst Chat #135: Can DREAM Help Me Manage My Multi-Hybrid Infrastructure?

The IT environments have become complex, and this will not stop as more technologies such as Edge Computing start to take hold. Paul Fisher looks at the full scope of entitlements across today's multi-hybrid environments. He explains how this new market segment between the cloud,…

Webinar Recording

Multi-Cloud Permissions Management

Most businesses are adopting cloud services from multiple providers to remain flexible, agile, efficient, and competitive, but many do not have enterprise-wide control over and visibility of tens of thousands of cloud access permissions, exposing the enterprise to risk of security breaches.

Webinar Recording

Erfolgreiche IAM-Projekte: Von Best Practices Lernen

Häufig beginnt die Suche nach einer Identity-Lösung mit einem ganz konkreten Schmerzpunkt im Unternehmen. Ein nicht bestandener Compliance-Audit wegen überhöhter Zugriffsberechtigungen, technische Probleme, wegen komplexer Systeme frustrierte User und eine…

Event Recording

The Role of Managed Security Service Providers (MSSPs) In Your Future IAM Application Landscape

Trying to “do identity” as a conventional IAM or Security workload with in-house resources and vendor platform deployments may not satisfy identity and access today’s requirements for IaaS, PaaS, databases and other cloud infrastructures. There are now a growing number of…

How can we help you

Send an inquiry

Call Us +49 211 2370770

Mo – Fr 8:00 – 17:00