Ping Identity, a Colorado-based IAM software vendor, is making a new product, PingOne Neo, available in a limited early access program. PingOne Neo is designed as a decentralized platform, as opposed to the heavily federated systems commonly in use.
It allows for data decentralization, storing credentials and keys on the user’s mobile device, and lets credentials be issued using a wider range of identity proofs, instead of particular government-issued ID.
It works something like a wallet, according to the company. End users request a credential from an issuing organisation, which is cryptographically signed and verifiable.
That credential becomes a part of the user’s “digital wallet,” and works like a ticket into whatever system or application it is designed to access. PingOne Neo also supports other identity standards that are popular in the market, including OpenID, ISO and W3C.
ID management technique limits attack surface
This identity management technique also improves security by limiting the attack surface for bad actors, according to Ping.
Pre-set integrations between the various identity back-ends used for verification represent potential targets for malicious hackers, the company said. Neo protects against this by checking credentials using minimal necessary identification, which means that less sensitive data is stored and transported.
“Organisations spend significant time and money obtaining and verifying information from customers and employees, then attempt to determine access, entitlements, and authorisations to remain secure and compliant,” said Ping CEO Andre Durand in a press release. “Neo eliminates the manual resource burden from businesses while empowering individuals with their own data, reducing threats of fraud or identity theft while increasing privacy.”
It's a strong move for Ping, according to IDC Research Vice President Jay Bretzmann, who noted that the company’s embrace of open standards for this type of “digital wallet” bodes well for interoperability and personal control over privately identifiable information.
“It’ll be a few years before centralised identity providers … start seeing much of an impact to those businesses,” he said via email. “But in the end, users walk away with a ‘win’ over controlling what personal data gets shared.”
Sign-ups for the early access version of PingOne Neo are available here.