Login With IOTA is Here
Identity and Access Management (IAM) has been a pivotal topic on the internet for the last couple of decades, enabling users to be on-boarded in systems ranging from e-commerce to social media and e-governance. Traditionally, IAM has had to navigate tradeoffs between security, centralization and privacy, often favoring centralization at the expense of privacy and, to a degree, security. For example, they have been known to create massive centralized user databases that are misused for advertisement targeting, present an attractive target for hackers and create a huge liability in case of accidental data leaks.
The emergence of a decentralized internet, often called “Web3”, has brought with it new IAM patterns centered around cryptographic keys used to manage crypto assets, which puts the user in control but largely falls short on capabilities like ease-of-use when compared to previous solutions…
The Cyber Hut Comment: Iota is a German based entity that described itself as “An open-source, scalable, feeless, green & permissionless distributed ledger.” They are focused on the next-generation digital economy, that will encompass IoT, finance and identity - combined in a way that preserves privacy and provides high scale interoperable ecosystems based on distributed ledger technology.
Their main aims seem to be to focus on the foundational protocols needed to make this happen. As a .org top level domain there is an assumption that is also done not-for profit - funded by grants and donations.
The “Login with..” project is bringing together some of this foundational technology along with technology identified by a proof of concept market request.
The project was ultimately awarded to Walt.id. The project has two main aims - help integrate with Web 2 (aka the now-internet) via an IDP connector kit. The second aim was a more native Web 3 set of capabilities.
Web 3 is reliant on SSI (self sovereign identity) based features - where identity ownership is preserved, along with a privacy preserving way of sharing information to relying parties and service provider the identity owner wishes to interact with.
The sharing aspect is based on verifiable credentials - which will leverage trusted attribute providers who essentially sign the data to be provided to a verifier.
The interoperable Web 2-mode is focused on OIDC (OpenID Connect) a protocol synonymous with modern identity providers as a layer atop of OAuth2 - relaying JWT (jot-tokens) to relying parties with key-value pair identity assertion data.
The futuristic Web 3 approach is based on something called SIOP (a Self Issued OpenID Connect Provider). The TLDR approach here, is that instead of having a centralised identity provider (IDP) such as Facebook, your bank or government, each wallet managed by an identity owner is acting as their own identity provider.
This provides a more peer-2-peer model that is privacy preserving and more controllable in theory.
Clearly it is early days for mass adoption, but many consumer identity and access management platforms are starting to research new ways of providing scalable privacy focused authentication and data sharing models.
IAM Vendor Intelligence Radar by The Cyber Hut is a reader-supported publication. To receive new posts and support our work, consider becoming a free or paid subscriber.