Identity as a service

Identity as a Service (IDaaS) is an approach to digital identity management in which an entity (organization or individual) relies on a service provider to make use of a specific functionality that allows the entity to perform an electronic transaction which requires identity data managed by the service provider. In this context, functionality includes but is not limited to registration, identity verification, authentication, attributes and their lifecycle management, federation, risk and activity monitoring, roles and entitlement management, provisioning and reporting.

This definition focuses on the interaction of four elements: the entity, the service provider (which could be the entity in some cases), the specific functionality and the electronic transaction.

Considerations

  • This is not just a technical definition. It is important to think AbOUT IDaaS from a legal and jurisdictional standpoint as well. In this context, the definition of ownership, responsibilities and liabilities is significant to all parties involved in IDaaS.
  • The strength, rigorousness and thoroughness by which IDaaS is provided determines its identity assurance level, which should be measurable in an objective and demonstrable way, such that they can convey a specific level of confidence or assurance to the parties. This in turn will translate to a risk mitigation level that the parties can agree to be sufficient for a specific type of transaction.
  • While IDaaS is particularly relevant for cloud computing based services, IDaaS could also apply to on-premise models. Organizations can view its internally-facing (and possibly internally deployed) identity management infrastructure as identity services, allowing the demarcation of service scope and BOUNDARIES that will make outsourced, on-premise, cloud-based models or any combination therein more concrete, and easier to evaluate in business terms.
  • IDaaS applies to terms in identity management such as "Cloud Identity" or "identity management co-sourcing".
  • IDaaS applies to both Enterprise and consumer identity management. Evidently, the actors, the types of transactions, the levels of sensitivity in them, and other elements will vary greatly from Enterprise to Consumer environments, but the notion of how digital identity management applies to each could be thought of in the context of IDaaS.