What is IoT without Identity?

What is IoT with out Identity? IoT without identity is just … 

The advent of pervasive IoT offers a world of promise that is, in part, built upon leveraging the human-to-device connection for new opportunities. Without Identity, IoT is the enabler of M2M communications, but with less impact toward transforming our connected lives. IoT+Identity represents a powerful equation that brings identity, security, software, hardware, policy, and privacy experts to the same table.
From a personal perspective as the Kantara Initiative Executive Director I see 3 simple values for organizational consideration with regard to the rapidly evolving world of Identity in the IoT. This is a starting point and I’ll explain more about how our WGs are meeting the IoT challenge!
3 Core Values for the User Engagement in IoT

1. Transparency – Clearly state organizational personal data collection and use policies and practices
2. Accountability – Be accountable for adherence to stated personal data collection policies and practices
3. Engagement – Provide users with tools to be more empowered in their personal data uses

Identity as the center of IoT
Identity services represent key that unlocks IoT societal benefits.  We see opportunities for IoT to improve lives through devices that monitor our health and quality of sleep, to those that help us to manage our homes, or cars. To fully leverage the powers of IoT vendors need to know that IoT+Identity enabled products and services won’t fail and severely damage their brand reputation. Users need to know these new tools respect their privacy preferences. See “I’m Terrified of My New TV: Why I’m Scared to Turn This Thing On — And You’d Be, Too.” Collaboration is needed to address the privacy and security requirements needed for consumers, enterprise, and governments to develop scalable programs for verified assurance of technologies.
The Challenge Ahead
Access management challenges are approaching.  The numbers of relationships between people, entities, and things will grow in magnitudes of order. At the low end of the scale, the number of devices and connections will be in the billions. How will users manage their connected lives? How will they set preferences for data sharing permissions? The sheer number of devices, connections, and relationships presents unique opportunities and challenges.   User Managed Access provides critical strategic solution, based upon an open standards approach, to help empower and engage users for the management of resource access and sharing.
User Centered Information Sharing
More and more sensors and apps are gathering and communicating personal information magnifying security and privacy risks.  Personal data can fall in to the wrong hands, be sold without consent, be leveraged in ways the user did not imagine, like having one’s car insurance rates rise due to recorded driving habits. Users need to have a basic understanding of how their personal data can be managed and protected. Smart physical spaces that monitor our movements and actions via our mobile devices are becoming more prevalent. Legislation is developing around proper notice and consent practices both on-line and in physical spaces. The Kantara Consent and Information Sharing WG is developing a number of solutions to address these issues and to develop a more useable form of consent.
Interoperability is a Priority
Interoperability of IoT+Identity will also have challenges.  When device identifiers are not standardized discovery mechanisms are but one of the challenges to solve. At Kantara, the IDentities of Things WG is hard at work to deliver an industry analysis of the current landscape opportunities, challenges, and gaps to address. This group is reviewing the real world use cases around device identifier standardization from the perspectives of both the personal and industrial IoT.
It’s All About the Relationships!
Identity Relationship Management (IRM) focuses on building relationships using identity technologies, practices, and techniques. IRM is especially powerful to leverage the IoT+Identity connection. Kantara is the home of IRM development working to connect the components that are necessary to unleash the power of IoT+Identity. This week we’re at the Europe IRMSummit produced by ForgeRock. The venue is referenced by National Geographic as the 3rd top garden park in the world (See Powerscourt #3). We are surrounded by a picturesque thick fog and forest which works wonders for keeping wandering identity and hardware experts in one place!
IRM Summit Tracks

1. Identity Relationship Management (IRM) – building relationships using identity service technologies, techniques, and practices.
   See the Laws of Relationships (a work in progress) to get a flavour.
2. Digital Citizen – identity technology as an enabler of innovative and dynamic Government and civil services.
3. Digital Transformation – identity technologies that transform the way we do business and our lives.

Kantara Initiative members are hard at work innovating IRM solutions and practices for businesses, governments, and for our connected lives.  Building on the concepts of IRM, Kantara Initiative focuses on the idea of a “connected life.”  Developing open standards, innovations, pilots, and programs is the key to accelerating the transformation our digital-to-human world in a way that respects users.
To power the IoT+Identity connection we’ll need:

• inter-disciplinary software/hardware engineering, product, and policy expertise to develop common design principles.
• user respecting access managers like UMA (developing in Kantara and now an open source project of ForgeRock).
• programs to support technology interoperability and usable consent.

Kantara Initiative is home of IRM where you can connect your priorities to a broader global expertise. Join Kantara now to network among leaders to shape identity today and toward the IoT enabled future. Join. Innovate. Trust.
From the desk of Joni Brennan
Executive Director, Kantara Initiative