Business to business (* times) to customers is an ever-growing business model, a de-facto trend implemented at Telcos, FinTechs, and other verticals, including IoT vendors. The main Identity-related problem with these complex environments is not necessarily where we think it is. Our experience has shown us that the problem lies not so much in authenticating users, services, and things, but rather in managing their access; i.e., managing authorization. This becomes particularly critical and hard at larger scales.
Federation standards are great at granting external parties access to internal resources, those standards nevertheless do not help in enforcing anything beyond very coarse access control to an organization’s resources. All those new identities need to be authenticated, as well as authorized. We often see cases where such external identities are all placed in the same bucket (let’s call it a group) and given the same type of access. But this doesn’t scale if an organization has hundreds, or even thousands of resources, apps, devices, or services to protect, or if an organization’s clients can resell its services to their own clients. In those cases, one has to deal with the client's clients too, and maybe even to the client’s client’s clients!
We can’t possibly place all these external parties in the same buckets anymore as systems become complex and volumes increase. Additionally, users require more and more personalized access nowadays. It is therefore not scalable anymore to perform these tasks manually, at least not with the traditional tools. At Nulli, we believe that the solution is to use the data itself, expressed as a graph, to derive access decisions i.e. the access policies are derived by finding paths between relevant data nodes in the graph.
Using a graph-based approach and platform simplifies the problem to the point it becomes manageable and flexible enough to cater to any future trends. Nulli’s Alex Babeanu will deliver a virtual presentation, B2* and Beyond, at Identiverse 2021 that will address this topic in detail.
To learn more, get in touch with us.