6F/ Bridging The Gap! (Between Traditional IAM & SSI)

From IIW

Bridging the Gap (Between Traditional IAM and SSI)

Session Convener: Scott Heger & Bill Nelson (Identity Fusion)

Notes-taker(s): Bill Nelson, Steve Venema

Tags / links to resources / technology discussed, related to this session:

Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:

WHITEBOARD PICTURE: See image(s) for these notes in the IIWXXXIV Book of Proceedings here:


Traditional IAM solutions involve three components (IDM, AM, and User). Is there a correlation between the three components of the trust triangle and if so, does it make sense to use existing IAM implementations as a bridge to SSI adoption?

There was a lot of “passionate” discussion around the feasibility of this, some for and some against.

There are existing solutions that are attempting to address the “bridge”.

In general, the main topics of discussion included:

  • The bridge is possible from a CIAM solution, but not necessarily from a workforce solution.
    • Approach a particular industry
    • Identity specific use cases where SSI might apply
    • Perform a POC with forward looking companies
  • Relying Parties need to see value in the solution

Steve’s Notes: Topic is how to transition between traditional identity to decentralized identity

Traditional: showed diagram of IDM & AM, with storage repo (e.g., LDAP) under IDM User accesses an app, redirects to AM for authN and returns session token

Compare to… Issuer - Holder.- Verifier

IDM adds Issuer

  • It would be connected to public ledger

User is holder, with their own repo (Wallet)

AM adds verifier roll

Q: Yair Sarig @ VMware: Why would a business do this A: removing liability of data in ldap repo

C: Vittorio: New system offers new opportunities and scenarios, doesn’t look like a migration, more like an augmentation

Ledger could be a private ledger or public

  • Kilt, CVC

Stephan Baur: Using US Healthcare as a connical example, we can’t have every hospital create an account for every patient


George Fletcher; lets separate workforce and consumer

  • I think about this from a RP perspective
  • What is the business justification for RP to support SSI
  • As a RP in CIAM, you always have to manage identity,

Nitov P: <emphasized the number of systems a typical (hospital) and investment behind it We need incremental value

?? how can we enable the benefits without requiring expensive changes to customer apps ??