Friday, April 1, 2011

Trusted Managed Identities Services Business Model

I have been giving some thought about what the Business Model would be for Managed Identity Services in a trusted identity ecosystem.  

I decided to start by defining the main actors in the ecosystem:  

  • Identity Owner:  Normally considered the end-user, the subject the digital identity represents.
  • Identity Provider:  The service provider that stores and manages the digital identity for the Identity Owner 
  • Relying Party:  The subject requesting authentication and/or authorization to the digital identity data.
  • Trust Provider:  The service provider that assures the relying party the validity of the digital identity stored at the Identity Provider.


Now what?  How can we make money from Managed Identity Services?   What benefits are there to each actor in the ecosystem to validate the capability of such a system?

The Identity Owner benefits from such an ecosystem by allowing them to maintain identity data in a central place where stronger authentication can be used.  When identity data is stored in duplicated disperse stores, as it is today, the end-users demand ease of use over security.   Will the Identity Owner be willing to pay for such service by an Identity Provider for its benefits?  Probably not!

Identity Providers only benefit when someone pays for their services.  Identity Owners do not want to pay for the service; will the Relying Parties be willing to pay for it?  Let’s see…

Relying Parties, in this business model, benefit the most.  The Relying Party reduces costs of authentication and authorization services and passes the risk for such service to the Identity Provider.   Relying Parties, when possible, can maintain the privacy of their end-users by trusting the validity of the identity data to the Identity Provider.   Relying Parties, due to the reduced costs, have the ability to pay and Identity Provider for their services.   Assuming a trusted identity ecosystem, Relying Parties can accept identity data from different Identity Providers by also enrolling in trust services from a Trust Provider.  

Trust Providers allow Relying Parties to be certain the Identity Provider is known to be responsible for due diligence in assuring Identity Owners legitimacy.  Once again, the Relying Party assumes the cost of trust services, since it benefits by passing the cost to validate the identity data from an Identity Provider.

Will Relying Parties be willing to pay for such services?  I think they already are --> Janrain 

The closest ecosystem that resembles Trusted Managed Identity Services is the Credit Card industry where:

Identity Owners = Credit Card Holders
Identity Providers = Credit Card Companies
Relying Parties = Merchants
Trust Providers = Credit Card Networks

The Business Model for Trusted Managed Identity Services has a lot of potential to produce profits.  The technology is there, the standards need to mature but that can only happen if they are used.  We just need someone to be the first to accept the risks and take the profits.  Who is first?