28 Enterprise identity and access management realized with SSI
As a new model for decentralized digital identity, SSI is coming into the enterprise IAM (Identity and Access Management) space from the “outside in”. But some longtime experts in that space have recognized that SSI can have as much of a positive impact on enterprise IAM as the Web information sharing model (which also came from the “outside in”) brought to enterprise networks. Dr. André Kudra, co-owner and CIO at esatus AG, is one of those IAM experts who saw the potential for SSI right from the outset—he led the effort for esatus to be one of the founding stewards of the Sovrin ledger in 2017. In this chapter he lays out the case for how enterprise IAM should embrace SSI.
28.1 Contemporary IAM Solutions and their Limitations
28.2 Self-Sovereign Identity: The Innovative IAM Solution
28.2.1 Bring Your Own Identity (BYOI) is Now Possible
28.2.2 SSI is a Global Phenomenon with Many Active Communities
28.3 Building the Bridge between Classic IAM and SSI
28.4 Real-World Case Study: Implementing SSI-based IAM in an Enterprise
28.4.1 Jumpstarting Practical SSI Application
28.4.2 Enabling SSI Login for a Production Application
28.4.3 Tailoring SSI Access Control Policies
28.4.4 From Org Structure to Schema
28.4.5 From Schema to Credential Definition
28.4.6 Access Compliance Considerations
28.4.7 Modeling Access Rules
28.4.8 Conducting the Staged Roll-Out
28.4.9 A Real-Life Example of Using the System
28.5 A Good Start—What Are Next Steps?
28.6 The Opportunities of SSI-based IAM for Corporations
28.7 Conclusion and Call to Action