28 Enterprise identity and access management realized with SSI

As a new model for decentralized digital identity, SSI is coming into the enterprise IAM (Identity and Access Management) space from the “outside in”. But some longtime experts in that space have recognized that SSI can have as much of a positive impact on enterprise IAM as the Web information sharing model (which also came from the “outside in”) brought to enterprise networks. Dr. André Kudra, co-owner and CIO at esatus AG, is one of those IAM experts who saw the potential for SSI right from the outset—he led the effort for esatus to be one of the founding stewards of the Sovrin ledger in 2017. In this chapter he lays out the case for how enterprise IAM should embrace SSI.

28.1 Contemporary IAM Solutions and their Limitations

28.2 Self-Sovereign Identity: The Innovative IAM Solution

28.2.1 Bring Your Own Identity (BYOI) is Now Possible

28.2.2 SSI is a Global Phenomenon with Many Active Communities

28.3 Building the Bridge between Classic IAM and SSI

28.4 Real-World Case Study: Implementing SSI-based IAM in an Enterprise

28.4.1 Jumpstarting Practical SSI Application

28.4.2 Enabling SSI Login for a Production Application

28.4.3 Tailoring SSI Access Control Policies

28.4.4 From Org Structure to Schema

28.4.5 From Schema to Credential Definition

28.4.6 Access Compliance Considerations

28.4.7 Modeling Access Rules

28.4.8 Conducting the Staged Roll-Out

28.4.9 A Real-Life Example of Using the System

28.5 A Good Start—What Are Next Steps?

28.6 The Opportunities of SSI-based IAM for Corporations

28.7 Conclusion and Call to Action