The Future of Digital Identities in the IT World 2024

19. Januar 2024

Information technology continues to evolve, and the question posed at this year's it-daily.net conference was: Do traditional Identity and Access Management (IAM) systems still have a future? To answer this question, we must first explore "Zero Trust Architecture" and the latest developments in digital identities.

Zero Trust Architecture: The New Paradigm in Access Management

Zero Trust, or "no trust," is a radical new concept for access management in the IT world. The idea is simple: Every access to a system, whether by a machine or a human, must always be authenticated and verified individually and in real time, rather than relying on a comprehensive security perimeter around the system.

The German Federal Office for Information Security (BSI) supports this approach. However, despite its benefits, Zero Trust is not standardized and requires significant maintenance, as individual access rules must be defined for each system.

The Challenge of the Authorization Model in a Zero Trust Architecture

Traditionally, IAM systems have had to answer the question: "Who can do what in what system?" With the advent of Zero Trust and the need for individual authentication, we need to rethink and adapt our authorization models.

This means developing a new authorization concept that can be integrated into the Zero Trust architecture. This is an exciting challenge.

The Importance of Self-Sovereign Identity and Decentralized Identity

To effectively implement Zero Trust, concepts such as Self-Sovereign Identity (SSI) and Decentralized Identity come into play. These approaches give users control over their digital identities and allow them to securely store digital credentials.

SSI and Decentralized Identity mean that users can manage their digital identities in a digital wallet on their smartphones. This wallet holds "verifiable credentials" that include identity credentials, certificates, and other important information.

The key advantage of these digital wallets is that users have full control over what information they share and with whom. This increases user privacy and security.

Decentralized Identifiers and their importance

Decentralized Identifiers (DIDs) are another critical component of the system. These DIDs are pseudonymous features that help establish connections between different identities. They are fundamental to the effective use of decentralized identity in various applications.

Pioneers such as Sovrin have already demonstrated how these DIDs work in practice and how they promote user empowerment.

Regulation and the European Digital Identity Wallet

The European Union is working to take the eIDAS law to a new level, including the creation of a "European Digital Identity Wallet". This wallet will not only enable personal identification and legal signatures, but also manage non-government credentials such as employee IDs and tickets.

However, the technical specifications and interoperability have not yet been fully clarified. This is a complex process that will take time.

Timeline and outlook

The implementation of these new approaches will take some time. Negotiations on the eIDAS 2.0 law are still ongoing and implementation will take time.

Overall, the outlook is promising. The IAM industry recognizes the value of decentralized identity and zero trust and is ready to adopt these new approaches.

Germany's role and challenges

Germany plays an important role in this development as one of the leading stakeholders. The Federal Ministry of the Interior, Building and Urban Affairs has launched a consultation process for eIDAS 2.0 and the EUDI Wallet. This is an important step to ensure that Germany plays an active role in this development.

However, there are also challenges, especially regarding the available budgets. These must be sufficient to support the implementation of these new technologies.

Conclusion: The changing IAM industry

Overall, it is clear that the IAM industry is facing significant changes. The future promises more security, control and flexibility for users, but there are still many technical and regulatory details to be resolved. It is critical that these developments are based on open standards to benefit everyone. The future of digital identity and access management is exciting and promising.

Conclusion and assessment by Dr. Andre Kudra

Dr. Andre Kudra, our digital identity expert, sums it up: 

"The future of digital identities and access management is exciting and full of possibilities. We are only at the beginning of this evolution. Let's explore the possibilities and shape the future together."

Want to learn more? Download his presentation, given at the Thought Leadership in IT 2023 conference hosted by it-daily.net, as a PDF for a deeper dive. Even better, you can invite Dr. Andre Kudra to speak at your event and ask him questions directly. Contact us to learn how digital identities can make your business processes more secure, transparent, and sustainable.