Are today's identity fundamentals such as single sign-on, multi-factor authentication, passwordless authentication enough for the future of Web 3.0? Asanka from WSO2 will elaborate on his idea of Creating a Seamless Access Experience with the Digital Double on Thursday, May 12, at the European Identity and Cloud Conference 2022 to address the next digital era.
To give you a sneak preview of what to expect, we asked Asanka some questions about his presentation.
What do you mean by the digital double in your presentation title?
Yeah, I think it's a really good question. So we are in an experience economy and an experience economy comes with the digital experience that we are providing for end-users and the differentiators that we generate as an organization comes through the digital experience that we provide. So to create a digital experience, we have to have a digital representation of everything, I would say people, places, and things. So that particular digital representation I call it a digital double data, few parallels to digital double as well, like a digital twin, digital self. But I thought that the best way to explain this digital representation is the digital double. And I coined this term in the 2016 timeframe and we were heavily using it when it comes to the CIAM site and general digital application architecture as well as implementations.
What advice would you give to someone just getting into identity?
Yes, I think traditionally security and identities are an afterthought. But my first advice is it's not an afterthought. When you start designing an application and when you are thinking about providing a solution, you should start thinking about security and then securing identity and applying it from design the phase. So that's the first piece of advice I would like to give. The second thing is about having an understanding of the business as well as the technology because don't just build an identity solution by looking at the technology, look at the business requirements. Only then you can identify which principles, that you can apply when it comes to solution building. And then I think from the technical side, you have to get the understanding about the standards, specifications, those types of things. It's a must as a person who's coming to the identity space. Then last but not least, I would say keep an eye on the technology because things are changing fast and because security is always the overhead for the core application. So look at the technology and then try to utilize the latest technologies as well as things that will improve the security as well as the performance impacts coming from your application security.
How do you see the identity sector evolve over the years?
Yes, I think it is already evolving. So I will take two aspects. One, internally in an organization as well as in general in the industry. So in an organization, I would say most of the organizations going through this maturity model that they will start with nonexistent, that there will be ad hoc identities and security principles applied. Then they will go to manage identity. In most cases, the organization will create and manage identities for internal and external uses. Then they will advance into more kind of a siloed approach. As an example, based on the different systems of record layers or based on different applications, that they are using, as an individual, each and everyone will have different identities. So you had to use a different username, passwords, different logins to log in. That is basically the siloed state. And then it will go to a connected stage where you will have a seamless identity across all the applications and have a more federated approach. And once you achieve that, you can optimize it by adding more protection, have observability, and then link AI, machine learning those types of additional capabilities into the core identity solution. And then enhance the footprint of the identity and access management. So that is what we see inside the organization and as an industry, I would say, identity is moving out from that centralized nature into a more decentralized manner and it is becoming more developer-focused identity and access management. And so that is one thing that we are now seeing as well as the service-centric approach of identity is changing into more a self-centric nature as well, as those are some of the things that I would say that are happening already. And then it will evolve with time.