Identropy Podcast

Listen to Identropy's Jim McDonald and Jeff Steadman on their podcast at "Identity at the Center".

Both Jeff and Jim have over a decade of experience in the Identity & Access Management space and guide companies on their IAM Program journey through Identropy's Advisory Services arm.
In this episode, Jim and Jeff have a conversation with Mike Vesey from idRamp about what blockchain is and how it is affecting the IAM world.

Brought to you by

Want to join the conversation? Leave us a message here: or email us at .

We hope you enjoy this episode and please subscribe to our podcast for updates on new episodes!

LISTEN HERE or read the full transcript below.

*Disclaimer from Identropy: These transcripts are produced using automated tools, so may not be an exact word-for-word transcription. (i.e. - if you read something that sounds wrong, it's the tool's fault!) As always, for a better experience, please listen to the actual podcast.

 Podcast #20 Full Transcript:

 Identity At The Center #20 - Blockchain with Mike from idRamp

Jeff: Welcome to the Identity at the Center podcast. I'm Jeff and that's Jim. Hey, Jim.

Jim: Hey, Jeff.

Jeff: So we're going to skip our normal friendly upfronts, inane banter, and jump straight today's topic, which is blockchain identity.

Jim: That's why most of the people listen. Maybe we should start over. But there's also a joke-rouser. That's why most people listen to our podcast.

Jeff: The inane banter up front.

You know what? We're gonna leave that till the end because that just shows that real life people. Yes, we too. Sometimes we'll stumble over things, but that's fine, so we're going to skip the inane banter which we just had and get right into blockchain identity. It's a topic that you and I have been discussing off and on since we started this podcast. Oh, back in July. So couple months now, we've brought in some experts to help us out today to help us with that conversation we have from How are you doing Mike?

Mike: I'm doing well. Thank you. Thanks for having me on the show.

Jeff: Thanks for joining us. Before we get started here, what if you could just kind of give a brief introduction of yourself and your kind of role in the IAM space and then we'll jump right into the blockchain extravaganza?

Mike: Sure, idRamp was really just born out of out of identity challenges and complex corporate identity ecosystems that we would work in. And, I would say in the last 18 months, we really converted to adopting more of a blockchain based model and integrating the blockchain based identity into our existing federation story for enterprises. So that’s where idRamp is and where we came from and we're excited to talk about it.

Jeff: So before we get too far down the pipeline, I think we probably want to talk about what is blockchain. Can you give a brief or a simple explanation around that is maybe something that you would describe it to your mother or a young child? Is that possible?

Mike: Certainly, and that's the right place to start because it really frames everything else. And one of the most important things about talking blockchain identity is really dispelling, and outlining what it's not. Right, because that's always where the confusion comes in. Everybody has a notion of blockchain and crypto currencies and all the places that we have already. And so, let me go through a scenario, because I think this really draws a pretty fine point on how blockchain is used in identity verification and an authentication. So let's assume that I want to know something about you. So I'm maybe a home address, for example. Now, I can certainly ask you and you can tell me, and I had no reason to really not believe that if I needed a little more proof, you could pull out your driver's license right out of your physical wallet, your leather wallet. And you could show that to me. And I'd say, yeah, I'm pretty comfortable that I now have the address. What if I really wanted to know if what if you pulled out your passport and showed me the address and your passport and then maybe you dug around and found your voter I.D. card and you pulled that out and you said, here's an address on this.

Now, I'm really sure that if I send you a letter, you're gonna get it right. I'm pretty sure I've got your physical address. That's the way the world works today. So what is happening in the industry right now is all of those Government Issue credentials that I just mentioned. There are projects going on all over the world where government entities and corporations are transforming the way they issue those physical credentials and also issuing a digital counterpart. So many states in the US here are either active in projects or looking at projects to perform digital validation or digital copies of your driver's license. And all of that stuff is going to be issued and live together. And now it opens the market to applications to create digital wallets instead of physical wallets for you to hold those credentials. And the really important thing is that you are holding those credentials.  It's not being held in some cloud based service or Google or Facebook or someone else that's acting as a champion of your identity or steward of your identity those are yours, and they're issued in some digital wallet. That could be an app on your smartphone; it could be a website somewhere. I mean, there’s going to be a lot of different permutations of digital wallets. But the takeaway is ultimately you are responsible for the information in there and you alone have the ability to grant access to the content contained within, so, does it pertain to blockchain? You know, I didn't mention anything about storing information on the blockchain because in fact, we're not right in this scenario,those credentials are being held in your personal wallet, and here's where blockchain fits. So back in our scenario now, I have my digital wallet and it contains those three digital credentials, my digital driver's license, voter I.D. and passport. And now I'm going to ask you digitally to prove your address. So this is some application or some site or something that I've developed. And I'm going to say I would really like to know your home address and I'm going to ask specifically for your home address from your driver's license and your passport and your voter I.D. card. What happens is you're going to receive a prompt, right. From your digital wallet and it's going to say, hey, Mike really wants to know your address from these three sources are you willing to share that information? And I'm going to say, sure. And I send that information back to the application. And I now have attested that digitally. So that's great. But it's not any more secure. All I've done is trade one physical process showing you a credential for a digital one. Blockchain allows when that issuer issues that credentials. So the state issues that driver's license, they sign that with some cryptography and they can store those keys or store that representation. Think of it as like a certificate of authenticity. And they say, I certify that this information contained within this credential that I have issued mine is accurate and it's valid, hasn't been tampered with and it has not been revoked. So now what happens in that application when the application asks for that address in those three different sources, it can also go to the blockchain and provide real time validation that all three of those things are still valid? And if all of that checks out now, I absolutely know that that's your address. So that's the role the blockchain plays in identity. It's never storing the information that you hold near and dear. It's only providing the ability to validate that information on a globally deployed network.

Jeff: So what happens when there is a conflict in the accuracy information? What if my wallet is different than, let's say, the driver's license or the DMV? They would say, yes, this license is valid or not. How does that get resolved?

Mike: Sure, and this at the risk of getting too technical. The proof that is asking for that makes that determination, so, if I ask for your address, your wallet can return and address from any credential that satisfies that. If I specifically ask for your driver's like the address contained with on your driver's license, that's the only credential that can provide that proof. So in the case of where that information is not available, then it's up to you. I guess as the as the proving party to decide how to go by. You can say, OK, well, since you don't have an address for my state issued driver's license, maybe I'll take an address from some other credential or some other piece of information. Does that answer your question?

Jeff: Yeah, I think so. I think one of the things that cares about two is, you know, one of the concepts of blockchain is that we understand as you have this immutable record right in the data essentially traverses the chain and it's not really held a one spot. If I wanted to tamper with one data source, theoretically, there should be some check right somewhere that would say, wait, this data sources out of sync with all these others. What's going on here?

Mike: Correct, you're absolutely right, and what we're seeing in emergence and now are things like sovereign foundation, which is they're building a public permission ledger. So and they're providing a governance layer to help with things like that. So, one of the really big challenges is we have to provide public proofing so that anybody can validate or ask for validation of those credentials.

But in order to provide governance, we really have to have control over the people that are issuing those credentials and how those credentials are being issued.

So, I think that's actually another reason why this technology is now ripe for adoption, because we have some of that governance concept and governance layer in place. And it's not truly, the wild, Wild West.

Jeff: What's the speed like, is it the bigger the blockchain? It's just faster connections are needed or how does the processing take place when you've got let's say a pretty big worldwide blockchain going. What applications have to take into account to what they expected time to read mail for results and those sorts of things?

Mike: Sure. And the nature of the network, as I have described it, really takes a lot of the complex processing out of the amount of information.

And the amounts of those proofs that are being generated are pretty lightweight because of the nature of what they're validating. I don't know exactly how many stewards are in sovereign's network. Now, I think there's an excess of 70. So there are a lot of nodes that are running globally, handling this load. And now we've never seen any indication that performance is going to be a problem in the way that this network is designed.

Jeff: Got it. Now, you mentioned the term Steward for the folks that are familiar with that term. How do you define Stewart on a blockchain?

Mike: Sure. So a Steward is an organization that has been vetted and granted the ability to promote trust anchors and the trust anchor is basically anyone that runs a node on the network.

So unlike other public non permission blockchains where you can just stand up a server and plug in to the network for permission to blockchain with the governance layer such as this, you have to be vetted and certified. So Steward has the ability to take an organization and say, OK, you want to start issuing credentials and doing proofs to use for your services or employees or whatever the case might be a Steward who has the ability to form that relationship and grant them the ability to deploy their own nodes on the network.

Jeff: So who does the vetting than Steward? Is that an organization like sovereign or some other organization that would be responsible for that?

Mike: Yeah, that's correct. The sovereign foundation provides that's actually their biggest role is just to provide the oversight and the structure and during that vetting of the Stewards.

Jeff: Got it. And then I would assume or at least let me say, I hope that once you become a Steward, there is still some sort of process to validate that's still accurate going forward. Is it like a yearly certification or some other timeframe?

Mike: That's correct. It is not a terribly easy process. There are a lot of hoops to jump through. But we found pretty easy, pretty straightforward.

And it's definitely worth the heavy lifting up front just because there's so much certainty and control over things like performance and knowing that, the people that are signing these requests have actually been through that, that governance process.

Jeff: So our different blockchains interoperable with each other?.

Mike: That is a very, very good question. And there's a lot of work going on in the industry right now. So did routing. The decentralized identifier became a standard very recently, and it is the standard that everyone is marching toward right now and using whether you're building on a theorem or hyper ledger. Everyone is has standardized on this decentralized identifier, which is great news for the industry. There is still a lot of routing conversations going on. And there's a working group for the call, Universal Resolver, which is basically a way to use prefixes in the in the decentralized identifiers to handle the routing between networks. That is going to be a place where we obviously have to have some evolution to make sure that all of the different networks that are coming up to handle identities have the ability to accept and consume credentials no matter where they're created. So we're still pretty early days in that conversation. But there are a lot of people at that table. And the big you know, the big people in the industry are certainly leading that charge and making sure that the technologies come out from Microsoft or IBM and the hyper ledger team are all consumable and interoperable.

Jeff: Ok. I would imagine that's something that's going to have to get rapidly iterate if blockchain is going to grow, because I can see something like people getting fair, a vendor lock in or something like that where they're stuck on one chain. And they should've gone to another. I like it at very similar to kind of like G-mail versus Yahoo! Mail in the old days. And now its outlook which mail system Orion, it's got a very deep hook into people and it's very difficult to make change sometimes.

Jim: And I'm also wondering the international concerns where you might have which used to dress as an example, but some of those conventions change from country to country and certainly, language differences. I'm wondering, are there any impacts when it goes down, especially if you're looking at a global enterprise? Maybe talk about that, Mike.

Mike: I think is pretty rare. I don't think there's any issues internationally that I know of anyway.

There are, in fact, most of the work that is being done in practice right now are coming from places not in the US. The Province of British Columbia is way ahead of where we are. They're issuing digital credentials to their citizens today that are actually, I believe, are going to go on the sovereign network and the provable there. There's other countries that are, so much further ahead than where we are. And so we're catching up, though, and really things like the network and the ability for us to inter operate with technologies as the technology like hyper ledger and hyper ledger Indy, for example, is the spec that everyone on sovereign or a lot of most people in sovereign network anywhere are following this Indy spec. And what that means is I can issue a credential and that credentials consumable by a multitude of wallets. You don't have to use just my agent or my application in order to hold that credential and provide validation of that. So that's the common framework that everybody is writing to. And that's why it's getting exciting in this industry, because we're seeing now multiple people come in and and are able to issue credentials. And those credentials are immediately consumable by a host of other applications. So I think that's the most exciting thing that I'm seeing right now.

Jeff: What about data sovereignty? I know that there's a big deal sometimes about where the data is stored. Countries like Russia and China tend to want to have it within their own reach and control and be able to inspect the data. How would that apply to the blockchain that spreads across and by its very nature distributes that data pretty much everywhere?

Mike: Yeah, and you might be a little bit beyond me there, I'm not sure if there are any active nodes running in Russia or China and how that would play.

I do know that by nature of the data, there is not any there's not any personally identifiable or any data that we would consider at risk. These are just records of decentralized identifiers and in a public key,  there's not any significant data at risk that would cause concern. But I do appreciate fully having worked in some of those regions. The complexity of just deploying the technology may be a challenge in itself.

Jeff: So maybe we can shift gears and talk maybe more on the internal enterprise use case. What are some current or maybe near-term use cases that you could see? Let's just take, for example, a U.S. company. They operate their own environment and, they sell widgets or whatever it may be. Things are taking place inside the firewall. Where would blockchain come in handy for somebody like that?

Mike: Sure. I see it. And I've been around, the identity space for a long time and. One of the biggest, heaviest and most expensive systems to maintain is the identity and access management system. It's a beast and it's involved in every transaction, every service, authentication, ever. User authentication goes through the identity and access management system. So if you have an application that is very heavy in nature and we all know, obviously, a nine o'clock Eastern time when everybody's logging in and onboarding, that's always a huge spike in IAM systems, right. For an organization that has primary user base in eastern US, we see, systems are ramping up their scaling up, providing more resources. And it's you know, there's a great exposure also if that system happens to fail. So the IAM systems today are critical, but they're also front and center. All of that information is exposed publicly because our services are tied to it directly. And they're absolutely critical, if a system is deferring to that, IAM system for our authorization and authentication. It absolutely has to be available 100 percent of time. So one thing that we think of where digital credentials really plug in and help here is they can help flatten out that peak and valley spike that the IAM systems go through. So if you consider that a user comes in and they log in through their IAM system and some intelligent policy says, OK, you're in human resources. So we're gonna give you a credential to use a.S.A.P or something, and maybe it says, OK, here's a sales guy. We're gonna give you access to Salesforce and issues credentials for the services that these users consume throughout the course of their day and then those systems that the user are interacting with instead of deferring back to the identity management system. If instead they just say present your digital credential and I will grant you access directly as long as that credential has not been revoked using the same scenario and flow that I outlined at the beginning of the podcast. Where that service says I just need to know who you are and I tell them directly from that credential that I present from my personal wallet. And that gets validated on the ledger. So the enterprise is not revoked, my ability to log into Salesforce. Therefore, I can then I'd never have to go back through, I never have to be dependent upon that identity and access management system. I still may want those metrics and all that can be baked in, but they can be distributed at the perimeter instead of centralized at the IAM, so for a service, like, sovereign webcasting service or something where we have 30000 users that are going to descend on this particular platform for a for a webcast, they're all going to come in a two to three minute period that's going to really be heavy on the IAM system, it's going to cause a great spike, big load and a real dependency on that to be up and active. If instead we just say, oh, you're registering for a webcast create, here's a digital credential and issue that to the consumer, then all the consumer has to do is go to that webcasting service, present that credential be validated and go do their webcast. And the IAM never sees that traffic. So I think there is significant performance and cost savings in infrastructure that an enterprise can realize. But also, security, you can literally take the IAM system off the front line; the IAM system that we use in idRamp isn't even publicly available. So it all sits on the Internet and you pick up your credentials and then you go interact with your services. And the identity and access management system is never physically available to the public Internet.

Jim: Hey, Mike, when you mentioned that you would start taking a webcasting example, you would issue a credential, can you use your name presented that credential, the other wallet, so picturing something in the browser or something as managing a certificate. Can you get down and keep it, basic blocking and tackling? How would the user go about presenting?

Mike: Well, sure. It certainly could be something in the browser that was referencing a kind of an identity hub that contained that collection of wallets.

The story I'm on behalf of the users. It could also be a personal wallet application living on your IOS or Android phone. So it could mean literally the wallet itself is just a virtual software agent and it can be it can live anywhere. You could write it right into the browser if you choose. We see the most popular without question, the most popular way that those digital. Those personal digital wallets are being developed today is smartphone applications. So these are sitting on IOS and Android devices. But there are also a lot of players that are building the ability to really hold those in a kind of a personal wallet, Identity management system at that point, if you will. And while I feel that has less long term value than something I give you personally, I totally understand and respect the fact that we may need some kind of a middle gap there before we get to a full user hosted wallet. But,   I'll riff on that a little bit because there is a big advantage to a personal wallet. If we have a world where there's a bunch of these personal identity wallets and they're coming on the scene. There's more and more every day.

And I have my employees go out and download one of these personal identity wallets, and it's theirs identity. They create their identity however they see fit. They put the attributes in there that they see fit. If I can inter-operate with that as an enterprise. And I can say, great. You've got your personal wallet. Here are some credentials that you need from my organization to interact with these services that I think you need access to. And the user says, OK, great, I'll just put those in my personal wallet. You're really tearing down a huge barrier and a huge wall that exists today between the employee and the employer. Now, my employer is literally my technology partner. I'm not saying here is an identity I created for you and to use it go through this proprietary laptop with this proprietary VPN client and all of this really proprietary software. Instead, I'm just saying, these are your access credentials and you put them wherever you hold your identity information and it will seamlessly coexist. I mean, I think that's a very powerful message that the enterprise can put out as well. And it really does bring the two closer together and in true partnership forum, which is a popular place to be for the enterprise today.

Jeff: I think it's cool. I think it's powerful. I just don't think companies are there yet. I think there's a trust issue. I think I feel like where organizations do not want to expose their active directory right to outside of the network, for example. But I see the benefit of having something like an Apple wallet. Right. Or a Google Pay wallet or a Samsung pay wallet where your credentials are in there and stored and you have a way to visually organize them and somehow use that kind of analogy to authenticate to a network. Are you aware of any companies, who are doing what you just described, where they're letting their employees, give them that digital credential?

Mike: I'm not, obviously, other than idRamp. We do. And others that are close to the technology are doing similar things.

But, that is and I agree with you on one front that I think they are standoffish about access. But I also think that lends itself to this technology very well. They don't want to provide access to that active directory. So, hide it, keep it behind the scenes. I come. In and I authenticate and maybe this is even it can be as literal as going into H.R.,  and for your onboarding process. And at that time, they say, yep, you're you. And they issue that credential and it lives in your wallet. It doesn't tell anyone anything other than, I've got this association with my employer. And so there's no information really to leak.

They're secure. They're more secure than allowing you to go to Active Directory over some Internet connection and log in, anything short of an encrypted connection, VPN.

So, I mean, I think there's a lot of technology advantages that we could devolve into that are going to help tighten security and control that information, as well as providing a reduce friction for user consumption.

Jim: Also think, I mean, to your point, Jeff, think that a lot of companies are followers, right?

And so but there are some companies that will say, see a solution that is better in some way or another, be leaders in that way. And, I think if governments are adopting this and then some of the bigger players like Apple and Google started adopting this, then you'll see more. I mean, certainly the companies that I tend to work with are not looking to be bleeding edge, if you're doing enterprise, identity management is an area where you want to take a lot of risks. However, technology leaders, companies, when they start to say this is important, we're using it. Other companies will follow suit.

Mike:  I agree with that, and you're right, the Enterprise is pretty conservative with how they're doing this, which is why I really believe it's important to build bridges from where we're at today into this new technology. So we're not asking for a lift and shift. Ironically, I think there's a huge improvement to the SMB market and the smaller organizations that don't have the infrastructure and staffing of some of these large enterprises to protect themselves. I think even kind of a closed ecosystem for credentialing for their employees is a huge step forward. If their employees can bring in a self-sovereign identity and they don't have to build out a complex identity management infrastructure. Instead, all they have to do is associate a set of metadata with some personal identity, that's a transformation of things as well. And it gets them a lot more velocity and a lot more control over what's going on without having to go and invest in these massive IAM systems that  the enterprises is buying. So I think there's some opportunity for both sides there as well. One thing that's really interesting and I think this is what's going to help really lead to a lot of adoption as well as if we assume now that our government credentials are being digital issued.

And that's going to happen. We're going to have there's going to be the debates with where they go and ability and all that stuff. We're gonna have to figure that out. And I think we figure that out by leading instead of waiting. We try to inform and guide these organizations and enlighten them into the art of the possible before they end up just building another set of silos that we have to worry about tearing down at some point the future. But what really starts to happen then is if I mean, think about onboarding an employee. Now, if I know that you as a consumer have a credential from the Social Security Administration who, by the way, is working on that very thing, and I know that you have a state issued driver's license, or at least I hope you have a state issued driver's license and you come into on-board for H.R. Maybe I want to validate so I can simply present a proof request to you as a consumer and say we would really like to know your educational background.

We want to know your degree status, we want to know your state of residence, driver's license, just whether you have it or not, whether it's valid. Maybe we ask for a confirmation of the address or whatever, but it really is it's a game changer from an identity proofing perspective and from an onboarding perspective.

A lot of the stuff that we go through over and over and over again as we on-board employees or we send employees up simply, wouldn't be needed or it would be much easier to access. And we don't have to create replication of that information over and over again. Instead, we just store an associate to record to a decentralized identity that we know it belongs to you in your personal wallet. And we can request information from that at any time. So it really provides a much more streamlined workflow. And the big power of using these credentials and credential based systems is not in the ability to say, OK, I'm going to issue you this thing and you can come back later and I'm going to ask you to present me that thing like a password, write me passwords. We all agree are they should have been gone years and years ago. We're still fighting them. But that's what a password is, right? You give me this thing. And then when you come back, I have to challenge you and ask you for it with credentials. I never have to give it to you. I mean, we never have to do that. All I have to do is I have to knows what I'm asking for. So you come to my service if all I need is your email address. Why am I going to force you to create a new account and create a new password and all the stuff on own? I just say you have a valid email address and if you can satisfy that, I let you in. So it really changes. It changes a lot of things because now we don't have to create and issue something for everything that we're trying to prove. All we have to do is no question to ask.

Jeff: That makes sense. Let's talk a bit about idRamp itself as a product, so I'm a CSO and we get in the elevator at the same time. What problems are you going to help me solve?

Mike: Sure. So idRamp will give you the ability to bring in any identity source. So this can be an IAM stack. It could be whatever you have and connect that with traditional federation protocols. SAML, Auth, OpenID Connect take your pick APIs and we can provide credential issuance based on that metadata so we can do. The example I used earlier was something that's absolutely possible. I can say all the people in human resources I want to issue a credential for human resources and then I can ask her that so idea and also then provides the other side of that equation where I can figure that service. I mentioned Salesforce. Salesforce today doesn't know how to go and ask hyper ledger or the Sovereign Foundation Network or they don't know how to build that bridge into that system and ask for those credentials directly. So idea and provides tools and services to do that as well.

You go into Salesforce and you can just configure as a SAML service or Auth or whatever, put it back to idRamp and idRamp do that translation for you.

So what we've built today is the bridge that will take an enterprise from a traditional IAM funnel based IAM workflow process to a decentralized credential based validation process with simple reconfiguration and clicks. So we support that in just kind of in a configuration as you go type model or we provide APIs  and web hook so you can bake that into native applications, or we can help you get there as a software Steward and trust nickers. We can take an organization all the way to standing up their own nodes and educating their staff on how to get closer to building those things themselves. So that's where idRamp is focused today, and we have a long heritage of traditional IAM we understand enterprise IAM and the challenges that exist there very well, and so we felt that it was our really our responsibility. If we're out here saying credential based access management is this really cool thing that can help save you time and money and make your make your business more, more profitable and successful and secure. And we really had an obligation to build the tools and services that the enterprise needs today in order to dip their toes in the water and start using this. So given them the ability to just say not full stop, just say, I want to take this one service and I want to take these 10 users and let them log in with the distributed credential and issue them and distributed credential. That's really what we've built. So it's a way to really do your own proof of concept and figure out if the technology is right for you.

Jeff: I think so. Where do I find talent to help me with this? Because I think there's a stigma or not, but blockchain is complex, what do I need as an organization to dabble into this?

Mike: Right and you're exactly right. It's growing. The community of people that are knowledgeable about this is growing exponentially every day. But the more exciting thing than that are the tools, the products and services are coming on board to really help the enterprise and beyond to adopt this technology. So, certainly we're willing to help. There are other organizations that are building similar tools, products and services that will help the enterprise really understand what this stuff's all about and how to do it. And like I said, the beautiful thing is all open. I mean, there's nothing close. There's nothing proprietary in what we're doing. If an organization comes in and uses our technology or technology from one of our competitors that's using the same underlying governance framework and underlying technology stack, there's absolutely nothing preventing them from completely displacing what they put in place with idRamp, with their own technology, just simply by learning more and standing up their own nodes. So that’s a real exciting thing is we give its future proofing your investment because you're not locked into a single vendor. It's truly vendor agnostic.

Jeff: So I run then my own blockchain infrastructure. If I an Organization and want to get into this stand at my own nodes.

Mike: You could come to idRamp and say, hey, we really want to stand up nodes on on Sovereign's network, for example, and make us a trusted anchor, go through some paperwork. You train some employees and stand it up. And you have the ability to issue your own credentials, build your own proofs, and do everything you want to do directly with the network at that point.

Jeff: What about some IGA focused use cases around blockchain? So identity, any government installation, typically this is where automation of identities get built out. You mentioned tie things to an H.R. source access review server acacias. Do you see any play with blockchain helping with that in the future?

Mike: I do. And it's hard to visualize all the different places it can go. But I think that anytime you have the user more involved in the decision of what is being disseminated and where that only can improve your governance. In fact, if you think of an example where. Gosh, what's one of the examples I came up the other day where you're buying a stock. You're going to call up your local broker guy, and you're going to say, I want to buy a couple shares of a Tesla, because I think it's a good investment right now. And he says, all right, great, I'll place that order for you, and then it tanks and you go, wait a minute, I didn't do that. So now is it just really your word against his. If you think about it, if you think about what we just went through and digital credentials and involving me as a participating party in that. Now think about how that workflow changes. I can call and make that request and he can program that order. But before that order goes, I’m going to receive notification saying, hey, we're going to we're gonna make this transaction on your behalf. Are you OK with it? And I say, yep. And now you have you know; now I'm involved. It's more than just. Well, yeah, I call that. And I actually have skin in the game now. I'm literally confirmed that on a device that's biometrically checked, my signature, we know that it's me that made that request. So I think that's a game changer. And it really opens up a lot in the governance space to really helping organizations control who's doing what with their information.

Jeff: I can imagine casinos might be interested in that. Well, before we wrap it up here, because you've given us certainly a lot to think about. And just for the folks who are listening, you know, there was kind of a lot to cover today. So I'll be sure to put links for idRamp. Some other information in the show notes. How should people get in touch with idRamp, Mike?

Mike: Sure. Start with the Web site. We have a lot of good information out there. And contacts, and you can always send an e-mail to, somebody get back in touch with you. We love talking to people about the technology. We love talking to companies about their potential interests and synergies. So please reach out.

Jeff: Are you gonna be any conferences coming up like Gartner IAM summit in Vegas.

We are not going to Gartner IAM summit. We're gonna be at the 2020 conference in April. We're gonna be at the connect phone next month in Provo. And then I believe the next big one is probably EIC in Europe. We'll be over there. And I think we have a schedule of conferences out there. I'm not sure if we do or not, but check the Web site.

Jeff: All right. I think this is a probably a pretty good spot to leave it for this week. As always, if folks out there listening have questions, they can always get a hold of the podcast at . Want to thank Mike from idRamp for joining us. Thank you very much, Mike. I also want to thank the Identropy team. I didn't come up with all these questions on my own. I'm not that smart. So I certainly crowdsource some things to think about as we kind of move forward. I want to thank them for their questions. And then most of all, I want to thank everyone who's listening, taking the time out of their day to listen into this and thank you all for sharing. And we'll talk to you guys on the next one.


Jim McDonald & Jeff Steadman

Jim McDonald & Jeff Steadman

Jim McDonald is a professional with over 15 years leading teams through business-critical technology initiatives. Technical Strategist, Leader and Champion of Change with history of crossing organizational boundaries, cultivating strategic alliances and building consensus and alignment among diverse constituents to leverage IT as strategic asset and deliver solutions that rejuvenate and advance global business’ financial performance. Also as part of our advisory practice and with over fifteen years in the identity and access management space behind him, Jeff Steadman helps develop realistic IAM strategies and provide vendor agnostic recommendations to move the needle on IAM maturity for organizations large and small.