As digital transformation has accelerated, the handling of customer identities has become more complex, prompting many organizations to implement dedicated Customer Identity and Access Management (CIAM) solutions. But as CIAM is still a relatively new technology, there are countless exciting new capabilities on the horizon. In a three-part article series, we’ll look at the most relevant CIAM trends from the recent Gartner Hype Cycle and their implications for CIAM initiatives:
- CIAM, OAuth 2.0 and OpenID Connect
- Document Centric Identity Proofing
- Bring Your Own Identity
- MFA and Password-less Authentication
- Decentralized Identity Management
CIAM Trends: Enabling Business Growth Through Digital Ecosystems and Innovative Services
Customer & Identity Access Management (CIAM) encompasses the management of customer identities, as well as the integration of existing identities and leveraging of innovative digital services. It is not just about providing access to IT systems and digital services, but also about marketing products and building relationships with customers. The integration of existing identities, such as Apple or Google identities, can significantly improve the user experience, while robust CIAM solutions and protocols like OAuth 2.0 and OpenID Connect are key to leveraging innovative digital services like digital assistants.
In addition, CIAM solutions are essential in defining and enforcing rulesets for participation in digital ecosystems. For example, developer portals can be used to expose APIs to third parties and partners, paving the way for multiple exciting new business models, such as sharing telemetry data with insurance companies to get better premiums. The success of such models depends on standardized identity protocols and strong customer identities.
OAuth 2.0 and OpenID Connect: Opportunities and Challenges
OAuth 2.0 and OpenID Connect are crucial protocols for defining and enforcing rulesets for digital ecosystems. However, Gartner has recently highlighted that OpenID Connect has not fulfilled expectations so far. Token design, authorization and functional limitations are key issues for these protocols.
Token Design
Token design is not very complicated, but there are some questions that the identity team must answer beforehand. For example, will the tokens be signed? Will they be encrypted? Which algorithm will be used? How will the keys for encryption and signature validation be distributed? Once onboarded, changing the configuration becomes less of an option, so it’s important to bear this in mind from the start.
Authorization
In the enterprise context, authorization is typically managed via clearly defined roles. Similarly, in the new CIAM world, we have specific scopes, but how do they interact and affect each other? Looking at the user perspective is not enough. Companies must also consider the application perspective: what is Alexa allowed to do, for example? When defining a robust authorization for customer identities, companies must consider the application perspective as well as the user perspective.
Functional Limitations
Functional limitations are also a concern when building CIAM systems, especially in features like Session Termination and Consent Management. While standards are being developed to address these issues, they are still in early stages and may undergo changes. Understanding the robust foundations to rely on is crucial to building a successful CIAM system.
Conclusion
CIAM is a vital technology that is central to leveraging innovative digital services. OAuth 2.0 and OpenID Connect are critical protocols for defining and enforcing rulesets for digital ecosystems, but they also present challenges.
In the second part of this article series, we will discuss Document Centric Identity Proofing and Bring Your Own Identity and their potential to revolutionize CIAM.