SMART ACCESS PROTOCOL – START YOUR DECENTRALIZED ACCESS MANAGEMENT
Assigning user rights in a company’s IT systems is one of the most important tasks of any system administrator. Poor security safeguards or overly complex methods for granting access rights can lead to severe data breaches which can cost a business dearly. Today, most systems rely on outdated system administration methods that suffer from slow, static, ill-defined or otherwise faulty processes. Digital identities are often distributed across the heterogeneous mix of systems, (IoT) devices and applications. The Smart Access Protocol consolidates and brings all user identities into a centrally controllable system – while using a decentralized data structure.
What is IAM?
Identity and Access Management is the act of managing digital identities, administering access rights to enterprise resources and auditing of these user access rights. In short: It’s about managing which identity can do what for which resource. A resource can be a file or document, but it can be also a specific area of a used system like ERP or other IT systems. A resource can also be an IoT device. While there are a lot of resources, we use every day, we have to manage them very reliably. One crucial challenge of an IAM is the ability of a cross-platform functionality.
What is „SAxP“, the Smart Access Protocol?
SAxP is a technical protocol for a safe access management based on Blockchain Technology. The entire process of the SAxP is highly automated and empowers organizations to sidestep lengthy, tedious and costly auditing processes for employees’ system access, while removing the possibility of human error.
Authentication vs. Authorization
“Authentication means confirming your own identity, while authorization means granting access to the system. In simple terms, authentication is the process of verifying who you are, while authorization is the process of verifying what you have access to.”1
The BlockAxs SAxP is supporting several identity providers and certificates. It describes the decentralized way of a distributed access protocol on Blockchain for granting access, so the focus is authorization, not authentication.
Today’s systems often form many (and sometimes good) partial solutions of the IAM. SAxP creates a uniform overall solution for managing the authorizations of all usable systems and devices (“resources”).
Why Blockchain Technology?
Many startups have to justify why they suddenly see the blockchain as a healing tool for their problems and want to use it, although in many places it doesn’t seem necessary at all. We will explain the advantages of using SAxP with a blockchain in more detail in another article.
However, to briefly answer the question: We see the data structure “Blockchain” as the most suitable for our product. Especially the creation of the complete log of all actions makes a monitoring and a later auditing representative and valuable, working safely between companies is easier to implement, …
By the way, blockchain also inspires us to completely rethink administration in today’s sense.
First step to a decentralized administration
In system architecture, we rely on decentralized data structures, but we trust central stakeholders, isn’t that a paradox?
The SAxP offers a distributed way of access control, but this is just the technical perspective. Because of its dynamic you can use SAxP for your own processes and structures. As a protocol, it offers you more than “just granting access”, it brings you a framework to redesign and decentralize your administration as much as you want. By using on-chain “multisignature” it is possible to define shared rules for shared accesses. As a result, you don’t need an administrator anymore. Rather, it is about the fact that those responsible can also bear the responsibility – together as a network. Like in a blockchain network.
Decentralizing administration therefore means distributing responsibility and relieving those responsible by means of a simple and secure system, since one can rely on a fixed consensus.
HR Scenario and Use Case
To get a closer insight into access management, take a look at this simple use case. One way to understand SAxP is to see how access management is used in real-world scenarios and how people work with each other. The use case is described in general terms, without the mechanics of how you’d use the dApp or API.
As mentioned before, in theory, assigning user rights should be a fairly simple process. Yet in practice the assignment of roles and rights are plagued by labyrinthine information chains and
hampered by the modularity of large and different IT systems. Existing processes are often simply inefficient, maintaining new systems is a major task and all this brings a lot of security gaps.
A newly hired employee working for a company requires access to files, information and systems to carry out their duties. Currently, the process is highly unpredictable and sluggish, making high costs, security risks (least privilege, compliance issues) and the entire enterprise less efficient.
Therefore, we created the Smart Access Protocol. Through our system, the new employee is entered into the HR system and automatically receives all necessary authorizations through previously defined roles (digital groups). Furthermore, if the employee needs new authorizations, he can send a request directly via a user interface to the responsible person(s), who can react directly, without having to request a single admin.
Those responsible receive an in-App notification to check the authorization request. The required number of confirmations from the responsible persons are received by the blockchain and logged securely. Authorization is not granted until all necessary requirements have been fulfilled (on-chain verification).
The scenario of the new employee or the request of permissions is a daily obstacle which has to run fast and efficiently! However, this is only a light scenario for a better understanding of our product. In the following blogposts we will show you how to make the corporate structure more efficient and how to develop access management from a central structure to a completely decentralized structure. Let’s start!
1(Difference between Authentication and Authorization | Difference Between) http://www.differencebetween.net/technology/difference-between-authentication-and-authorization/#ixzz5j1sL3Xo1)
Let’s get started. BlockAxs time is now.