[Log In] []

Exploring the science and magic of Identity and Access Management
Tuesday, June 18, 2024

Blockchain – Enabling the Fourth Phase of Identity?

Author: Mark Dixon
Friday, May 5, 2017
10:49 am


The most intriguing work in the Identity world today is the potential application of Blockchain/Distributed Ledger technology for user-focused Identity Management.

I am certainly not a blockchain expert, but I believe these concepts have the potential to solve several nagging problems that have been facing us for many years, including:

  1. Individual users can confidently leverage their own identities across multiples organizations, including employers, government agencies, online vendors, etc.
  2. Multiple organizations across public and private sectors could rely on digital identities just as confidently as these organizations currently relay on identification documents such as passports, drivers licenses, etc.
  3. The huge proliferation of multiple identity relationships that must be set up for individual users to access and use online resources could be drastically reduced.
  4. The overall digital infrastructure for managing identities could be significantly simplified. 
  5. The ability to secure digital identities could be significantly improved in an increasingly hostile online world.

We certainly aren’t there yet, but I am encouraged by work being done.  Some of the recent articles I have read on the subject include:

BlockChain TechnologiesThat Go Beyond Bitcoin.  Item 3 of 6 is “Digital Identity.”  

Blockchain technologies make tracking and managing digital identities both secure and efficient, resulting in seamless sign-on and reduced fraud.

The Path to Self-Sovereign Identity, blog post by Christopher Allen: 

I want to share a vision for how we can enhance the ability of digital identity to enable trust while preserving individual privacy. This vision is what I call “Self-Sovereign Identity”.

Christopher outlines four broad stages since the advent of the Internet:

  1. Centralized identity
  2. Federated identity
  3. User-centric identity
  4. Self-sovereign identity.

He then proposes “Ten Principles of Self-Sovereign Identity” that appear to provide a foundation upon which to construct standards and systems to build a real “Fourth Phase” identity system:

  1. Existence. Users must have an independent existence. 
  2. Control. Users must control their identities.
  3. Access. Users must have access to their own data.
  4. Transparency. Systems and algorithms must be transparent. 
  5. Persistence. Identities must be long-lived.
  6. Portability. Information and services about identity must be transportable.
  7. Interoperability. Identities should be as widely usable as possible.
  8. Consent. Users must agree to the use of their identity.
  9. Minimalization. Disclosure of claims must be minimized. 
  10. Protection. The rights of users must be protected.

The following two articles appear to draw heavily from the concepts presented by Christopher Allen.

The Journey to a Self-Sovereign Digital Identity Built on a Blockchain.  According to IBM’s Jai Singh Arun, 

Permissioned blockchain technology provides core capabilities that enable a trusted digital identity network to build and operate.

I agree that blockchain technology is essential to achieving the goals outlined by Christoper Allen.

A Self-Sovereign Identity Architecture. (PDF file) A topic paper from the ID2020 Design Workshop:

to identify what a self-sovereign architecture would look like for the Web as well as a number of technical requirements of such an architecture. This topic paper outlines that proposed architecture and its primary components and actors.

It is good to see that smart people are working together to explore how to transform these foundation principles into reality.

IEEE launches standards program focused on blockchain and identity. 

Technical organization and standards leader, IEEE, is launching a new program to create standards around consumer and patient data protection, specifically as it relates to blockchain and identity. Called, Digital Inclusion through Trust and Agency, the initiative will bring together technology innovators, policy experts and academic researchers to address the topic.

Standards will be necessary to make blockchain – based identity systems pervasive in the world.

Blockchain-based Identity meets the Sovrin Foundation. According to Phil Windley, Chair of the non-profit Sovrin Foundation:

Sovrin is building a scalable, privacy-protected, auditable (based on time-stamped data written to the distributed ledger) ecosytem empowering individuals to manage their identities, support granular selective disclosure and provide organizations with trusted connections to individuals. 

I am impressed with the work the Sovrin Foundation is doing.  The fact that an independent, non-profit organization has been established to be the independent overseer of a blockchain-based identity service seems to provide a solution to the inevitable conflicts of interest that exist if organizations like banks, credit bureaus, credit card issuers or the government provide identity services.

I am working to better understand the concepts and challenges in this exciting area.  It is going to be a fun ride.





Comments Off on Blockchain – Enabling the Fourth Phase of Identity? . Permalink . Trackback URL
WordPress Tags: ,

Yellow Jeep Technology Convergence – Take 2

Yellow Jeep Journey
Author: Mark Dixon
Thursday, March 6, 2014
9:21 am

Recently, I posted a diagram illustrating the convergence of technology for the Yellow Jeep Journey  After further thought, I believe the following diagram is a bit more accurate.  By separating Social Media and other services from the Yellow Jeep cloud, we can focus on what functions should exist within the Yellow Jeep cloud and what services will used from other sources.



Roll on Yellow Jeep Journey!

Comments Off on Yellow Jeep Technology Convergence – Take 2 . Permalink . Trackback URL
WordPress Tags: , , , ,

Yellow Jeep Technology Convergence

Yellow Jeep Journey
Author: Mark Dixon
Tuesday, March 4, 2014
9:33 pm

Recently, I blogged about my interest in leveraging five major converging technologies (Identity, Internet of Things, Mobile, Social and Cloud) to transform my Yellow Jeep into a rolling laboratory, enabling me to experiment with and demonstrate how these important trends can enrich our lives.

This diagram will provide a framework for exploring my ideas:


The three big areas of exploration:

Instrumenting the Yellow Jeep – What sensors, actuators and control systems can be installed in the Yellow Jeep to monitor the vehicle, provide real time and historical data about its journeys and provide appropriate interaction with the driver and passengers?

Cloud functionality – What functions should exist in the cloud to receive and store data from the Yellow Jeep, provide appropriate supervisory control mechanisms and data analytics, and support user interface applications?

User Interface – What can users see and do via mobile or web applications to trace, interact with and analyze the Yellow Jeep and those who travel with me?

In the next few days, I’ll blog about my ideas in each of these areas.  If any of you would like to share your ideas, please let me know!

Roll on Yellow Jeep Journey!


Comments Off on Yellow Jeep Technology Convergence . Permalink . Trackback URL
WordPress Tags: , , , ,

#YellowJeepJourney: Identity, IoT, Mobile, Social and Cloud

Internet of Things, Yellow Jeep Journey
Author: Mark Dixon
Saturday, March 1, 2014
9:48 pm

I recently launched a personal web site and blog, Yellow Jeep Journey,  to provide a personal canvas where I can document my efforts to reach an aggressive weight loss goal, and more importantly, share my experiences in finding personal freedom, light, power and joy along the way.

But the Yellow Jeep Journey and Discovering Identity blogs are now coming together in an exciting way.  I am exploring how to more effectively integrate my professional pursuits into my quest for personal improvement.  I will cross-post my ideas about this pursuit on both blogs. I hope to garner the insight and support of my professional colleagues and associates as I move forward on this exciting endeavor.

So, here we go …

If you were to take the journey of your lifetime in a Yellow Jeep, how would you customize the Jeep for the journey?  Tires? Lift? Engine? Lights?  Yep – an integral part of the Jeep Mystique is modifying your own vehicle to suite your individual taste.

However, crazy engineer that I am, I have been thinking deeply about equipping my Yellow Jeep in a different way.  Of course, the tires and lift will be there, but I can envision more.  Suppose I could make my Yellow Jeep into a rolling laboratory of sorts, to test, play with and demonstrate the convergence of some of the most important technology trends in the world today? 

I have been heavily involved for the last decade in Identity and Access Management technology.  It has been a great ride, but I want to explore how to apply that technology in new and different ways.  Our world is experiencing great growth and innovation in the areas of cloud computing, mobile technology, social media and the most exciting to me – the Internet of Things. What if my Yellow Jeep could go beyond the traditional Jeep configuration and be equipped with the latest computing equipment and electronics that leverage and even break new ground in these converging forces?


Over the next several weeks, I will use this blog to record and refine my thoughts about how to leverage these technology trends to make my Yellow Jeep a powerful and exciting example of how these trends can all be leveraged together to enrich and enlighten our lives like never before.

Hope you will come along for the ride!

Roll on Yellow Jeep Journey!

Comments Off on #YellowJeepJourney: Identity, IoT, Mobile, Social and Cloud . Permalink . Trackback URL
WordPress Tags: , , , ,

#MobileIDM Tweet Chat Archive

Author: Mark Dixon
Friday, March 15, 2013
4:57 pm

MobileidmLast Week, on Thursday, March 7th, the second @OracleIDM Tweet Chat (AKA Tweet Jam) was held. It was great to participate with many others on this lively and informative chat. The Chat Archive for #MobileIDM has been posted here for review.

Comments Off on #MobileIDM Tweet Chat Archive . Permalink . Trackback URL

Identity Relationship Diagrams

Author: Mark Dixon
Wednesday, March 13, 2013
2:37 pm

Searching back through the archives, I realized that I had first used the term “Identity Relationship Diagram” in a blog post on July 21, 2005. I stated then:

In the discipline of database design, Entity Relationship diagrams are used to diagram database schemas. In a database, neither entity nor relationship is complete without the other. It is the definition of relationship between data elements that adds value – hence the pervasive utility of the relational database.

A simple “Identity Relationship Diagram” (my term) helps to illustrate the concept. Identities are shown in boxes; relationships are shown as arrows.


More recently, following Ian Glazer’s proposal that graph databases replace directories and relational databases in Identity systems, I discussed using directed graph diagrams to illustrate identities and relationships:

We can visualize identities as nodes, each with relevant properties, and relationships between identities as edges.  Interestingly, the edges, or relationships, may also have identities and properties of their own.  

After further study and thought, I believe that “Identity Relationship Diagrams” can be very useful in illustrating concepts in the Identity and Access Management domain. The following diagram, prepared using Graphviz graph visualization software, is helpful to illustrate two general areas of discussion.


The top half of the diagram illustrates basic relationships between individuals how those individuals can belong to groups.  This is the basic construct of the Facebook Identity Graph.

The bottom half of the diagram illustrates how people interact with things via services.  These are the basic elements in the Internet of Things.

My thoughts about how to use this diagramming method are still developing.  Stay tuned for more.

PS.  For those interested in trying out the Graphvis software, the Dot graph description language code to create this diagram is:

## Entity Relationship Diagram – prepared by Mark Dixon

digraph test {


graph [ fontname = “Arial”, fontsize = 20, size = “20,10” ];
node [shape=circle,fixedsize=true,width=2.5,color=blue,style=bold, fontname = “Arial”];
edge [color=red, fontname = “Arial”];

i1 [ label=”Person\n Name = Mark\n ID = i1\n hair color = white\n residence = US”];
i2 [ label=”Group\n Name = Dixon Family\n ID = i2\n attribute 1\n attribute 2″];
i3 [ label=”Thing\n Name = My Fridge\n ID = i3\n attribute 1\n attribute 2″];
i4 [ label=”Service\n Name = Fridge Service\n ID = i4\n attribute 1\n attribute 2″];
i5 [ label=”Person\n Name = Holly\n ID = i5\n hair color = brown\n residence = UK”];

i1->i5 [ label = “Parent of\n ID = r1a\n attribute 1\n attribute 2” ];
i5->i1 [ label = “Child of\n ID = r1a\n attribute 1\n attribute 2” ];

i5->i2 [ label = “Belongs to\n ID = r2a\n attribute 1\n attribute 2” ];
i2->i5 [ label = “Contains\n ID = r2b\n attribute 1\n attribute 2” ];

i1->i2 [ label = “Belongs to\n ID = r3a\n attribute 1\n attribute 2” ];
i2->i1 [ label = “Contains\n ID = r3b\n attribute 1\n attribute 2” ];

i1->i3 [ label = “Owns\n ID = r4a\n attribute 1\n attribute 2” ];
i3->i1 [ label = “Serves\n ID = r4a\n attribute 1\n attribute 2” ];

i4->i3 [ label = “Controls and Monitors\n ID = r6a\n attribute 1\n attribute 2” ];
i3->i4 [ label = “Reports Results\n ID = r6a\n attribute 1\n attribute 2” ];

i1->i4 [ label = “Requests Function\n ID = r5a\n Function 1 = set temperature\n Function 2 = request status” ];
i4->i1 [ label = “Reports Results\n ID = r5a\n attribute 1\n attribute 2” ];


label=”Identity Relationship Model”


Comments Off on Identity Relationship Diagrams . Permalink . Trackback URL

Graphs of Identities

Author: Mark Dixon
Thursday, February 28, 2013
4:44 am

Some interesting ideas are swirling in my mind in response to Ian Glazer’s challenge, “Killing IAM in Order to Save It” and Dave Kearn’s article “Pervasive and Ubiquitous Identity.”

Whether or not we need, as Ian suggests, to completely restructure IAM systems in order to progress is still subject for debate, but the concept of thinking about and representing relationships between identities in a directed graph format is intriguing to me.

According to Wikipedia, “Graph databases are based on graph theory. Graph databases employ nodes, properties, and edges.” The following diagram gives a simple example. 



Using this method, we can visualize identities as nodes, each with relevant properties, and relationships between identities as edges.  Interestingly, the edges, or relationships, may also have identities and properties of their own.  

As Dave suggests, identities are not only for people, but for things, platforms and services.  The simple diagram below begins to illustrate this concept:





The relationships (edges) are primarily verbs that describe what actions the relationship supports.  A primary role of identity management systems is to establish these relationships between people identities and service or thing identities in such a way that valuable actions can be performed.

These are a few of my thoughts.  What do you think?

PS. Can anyone recommend a good directed-graph drawing tool for Mac?


Relationship Value

Author: Mark Dixon
Friday, February 15, 2013
6:18 am

In the book “The Emergence of the Relationship Economy,” Jay Deragon proposes that:

The value of the relationship is categorized into four elements of the individual, and may be of one dimension or a combination.:

  1. Economic
  2. Intellectual
  3. Emotional
  4. Spiritual

To understand the juxtaposition of Identity and Relationship, I listed some of my current relationships in the following tables:


People Relationships

IR people


The first table lists a few people relationships I have.  The first, my wife, provides value to me (that sounds kind of crass, actually) in all areas.  Her economic value comes not from revenue (she chose dual careers as  Homemaker and Stay-at-home-Mom), but in her thrift, wise use of money and sound economic advice.  In addition, I deeply value her wisdom, friendship and spirituality.

My relationship with Claudia is in quite stark contrast to my very distant relationship with my employer, Larry Ellison.  Sorry, Larry, I see the value of our relationship as primarily economic, although I must admit receiving a bit of intellectual stimulation from reading about your personal exploits.

On the other hand, my relationship with John, a colleague at Oracle, began as an economic relationship as we worked together in the sales organization, but grew into a deep friendship, with intellectual, emotional and spiritual value.

The final example is Neil, the Bishop of our church congregation and close neighbor.  We have developed a  friendship I value highly, based on strong spiritual, emotional and intellectual relationships.

It could be an interesting experience to assess the value we receive from all of the people with whom we interact in some way, but the real purpose of this post is to explore the value of relationships with information systems.   The following table illustrates a few of the systems with which I interact regularly.


System Relationships

IR systems


I definitely have an economic relationship with Oracle Payroll.  Twice every month, a nice paycheck drops into my bank account, and I log onto the payroll system to see how much money I pay in taxes and investments.  While I admit to deriving some emotional satisfaction from that process, we’ll let it remain as an economic value.

In contrast, the different email systems I use can provide value across the board, as I communicate with people on a wide range of subjects.

In social networks, LinkedIn is the vehicle I use to primarily keep track of professional colleagues and associates, although I get emotional value out of maintaining and building friendships with people across miles and time.

Facebook, on the other hand, is where I actively seek to strengthen emotional and spiritual ties with friends and family.

Kindle also sweeps the board – my virtual bookshelf contains titles that provide value in all four areas.

This brings me to a couple of examples of my relationship with “things” that deliver value.  I can monitor and control my new home alarm system from an app on my phone.  The system provides economic protection and emotional peace of mind.

Finally, my remote thermometer satisfies an intellectual curiosity about how hot it is outside, here in the Arizona desert.

It is important to note that how a person uses or views a particular system may influence the value he receives.  For example, I know of people who leverage Facebook primarily for economic advantage.  I just choose not to do that.


So What?

How does this relate (pun intended) to Identity?  Here are a few thoughts:

  1. Exposed Personae: Certainly different facets of my personal identity are exposed as I interact with different people.  Larry Ellison will never see (even if he cared to) parts of my personality that I have reserved for my closest friends.  My closest friends will never know of parts of myself I share only with my wife.
  2. Context: The context of relationships differ, depending on time of day, distance apart, frequency of interaction, mutual interests, etc.  Such differing context has a large impact on the value derived from relationships.
  3. Connection method:  How does the relationship connect me with the person or system?  With people, is the relationship primarily in person, by phone, via email, via  a social network or all of these?  Is a digital identity required to enable the relationship?
  4. Available functionality: For systems with which I interact, what functionality is available?  What can the system deliver that delivers value to me?
  5. Authorized access: Of the sum of all functionality in a system, what am I authorized to use, or what functions do I choose to use?

Focus on Value

Yesterday’s post illustrated a few cases of how relationships can exist between identities and resources or identities and people.  I propose that we should focus not which relationships exist, but on what value can be derived from each relationship.  

In interpersonal relationships, hopefully, value flows to both parties.  In the case of employee relationships with enterprise systems, hopefully value accrues both to the employee and employer.  In the case of individuals connecting to online systems or things, hopefully each person receives value from those relationships.

And Identity is at the core of making these relationships happen.

Stay tuned …




Comments Off on Relationship Value . Permalink . Trackback URL
WordPress Tags: ,

Identities and Relationships

Author: Mark Dixon
Thursday, February 14, 2013
5:55 pm

In line with my post yesterday about viewing identities and relationships from the vantage points of “enabling” and “protecting,” I created three diagrams to illustrate how relationships between people and resources or other people provide the opportunity for value creation.

The first diagram illustrates the relationships a person may typically have with information resources within an enterprise.  The objective of these relationships is to connect individual people with the applications or systems that may deliver value, both to the individual and to the enterprise.  Typically, these relationships are granted and governed by the enterprise.


IR Enterprise


The second diagram illustrates a person’s connection to items within the emerging Internet of Things.  In some ways, this model is similar to the enterprise model, in that connections are made between people and resources.  However, in this model, individuals typically would initiate and govern their own relationships with things that would deliver value to themselves.


IR Things


In the third model, people establish relationships not just with functions or services, but with people, effectively connecting identities together via a social relationship platform.


IR Facebook


In line with my comments yesterday, I propose that in each of these cases, relationships must be established to “enable” people to derive value they seek.  Both Identities and relationships must be “protected” to prevent the wrong people from interfering with a person’s desire to derive value from the relationship, whether it be with a function, service or other person.

That’s all tonight.  More on the morrow.

Comments Off on Identities and Relationships . Permalink . Trackback URL
WordPress Tags: ,

Identities and Relationships: Enable and Protect

Author: Mark Dixon
Wednesday, February 13, 2013
3:31 pm


My thoughts for this post were triggered primarily by two items – me beginning to read “Emergence of the Relationship Economy”  and reading Nishant Kauskik’s tweet Monday:

Is Identity The New Perimeter? – http://t.co/gSQwni5d. Check out the article to see my answer. Hint: It might surprise you. #IAM

I was intrigued by the subsequent conversation:

Ian Glazer:  Good read: http://t.co/gVQHy7MI @NishantK says #IAM is the perimeter. I say relationships are the perimeter. Probably ought to blog this

Dave Kearns:  RT @lpeterman: @iglazer @NishantK Relationships designate the borders of the identity perimeter

Nishant: @iglazer If an account being provisioned to a person is a relationship, if attributes are related to a person, then IAM=Relationship M. So..

Nishant:  @iglazer So…, question is what is the difference between Identity Management and Relationship Management? Where is the separation?

Of course, there were also bits of levity:

Paul Madsen: My take? Circumference is the new perimeter.+

Dave Kearns:  RT @NishantK: @iglazer what is the difference between Identity Management and Relationship Management? Oprah’s name doesn’t come up in IdM

First, I agree that from an information security standpoint, the perimeter has drastically shifted. There is no longer a firm physical or logical perimeter around an enterprise that can be hardened sufficiently to minimize risk to the people and systems inside.

To realize that we must focus on the individual rather than the enterprise boundary as a first line of action and defense certainly seems wise to me.

But what is the correct terminology?  is IAM really Relationship Management?  Is Identity the New Perimeter?  Are Relationships at the real border?

Although I am late to the conversation, here are a few of my thoughts on the subject:

A digital Identity represents a single person or thing in some way.  A digital Identity can certainly include attributes or characteristics that uniquely identify such a person or thing.  A digital Identity surely has value and meaning in and of itself.  However, I believe relationships are what give Identities real substance, particularly as we consider the subject in light of current and emerging business models.

Real-world relationships constitutes linkages between individuals, or between individuals and organizations, or between individuals and things. We may describe digital relationships as the attributes, permissions, entitlements and roles that define how digital identities are linked with organizations, people or things in the overall ecosystem in which the identities reside or participate.

So, is it appropriate to talk about “Identity Management” or “Relationship Management?”  I propose that both are included in the common definition of Identity and Access Management.  Surely, IAM includes managing individual digital identities (e.g.- names, attributes, credentials).  However, IAM also includes the management of relationships – assignment of entitlements to an identity is a good example.

However, I think “management” is the term that is out of whack – not identity or relationship.  Management typically implies one way force, control or direction.  This is the case for traditional IAM – the enterprise creates, owns and governs the identities and associated relationships for all of its users.

On the other hand, in the philosophy behind personal identity management implies that each individual should create, owns and governs his or her own Identity free of coercive control from an enterprise.

I don’t think the boundary is as cut and dried as that.  It is helpful to consider what enterprises really want and what individuals really want.  If we look at the issue that way, I think the verbs “enable” and “protect” are more descriptive than “manage.”

As an individual, I want to participate in systems that “enable” me (as defined by my digital identity) to form relationships that deliver value to me.  I also want systems that “protect” both my identity and the relationships I enter against threats from impostors, thieves and vandals.

On the flip side, I think enterprises seek similar value.  They want to “enable” their users (think digital identities) to establish relationships with systems, people and things that will deliver value to the enterprise.  They also want to “protect” the identities and relationships of their users against threats from bad folk.

The CRM/VRM debate is an example of looking at relationships from different viewpoints.  At one extreme is the enterprise wanting to exert onerous control over all its customers to maximize commerce – hence customer managed by enterprises.  At the other extreme is the enlightened consumer wanting to be free from enterprise tyrany – or vendors managed by consumers.

However, the optimal answer probably somewhere on the scale between the extremes.  In both cases, if we concentrate on what both parties really want, we will progress to a more optimum solution.

If we are to progress toward a highly cooperative ecosystem where multiple  relationships deliver superior value as envisioned by “Emergence of the Relationship Economy,” we must build infrastructure to “enable” and “protect” identities and relationships from multiple points of view.


Comments Off on Identities and Relationships: Enable and Protect . Permalink . Trackback URL
WordPress Tags: ,
Copyright © 2005-2016, Mark G. Dixon. All Rights Reserved.
Powered by WordPress.