WebRTC and Identity Relationship Management

Identity and Access Management (IAM) services were built for internal use behind the firewall. They were not designed to manage identity and access control across corporate boundaries. In the new cloud, social, and mobile era, many enterprises now find themselves with more identity silos than ever.


There is an initiative to design a new dynamic Identity Relationship Management (IRM) system that serves employees and customers, partners and devices. This is where my motivation for the study, analysis and finding a solution for IRM comes from. The main idea of my approach is to replace Identity and Access Control pattern with Identity-Based Network* (IBN) pattern that has a built-in IRM system.

Today a new open standard emerges for real-time communication with potential to change the way we connect with businesses. WebRTC, a free open project authored by Google, now being drafted as an API definition by the W3C, enables for real-time, peer-to-peer video, audio, and data transfer between browsers.

Every single WebRTC browser client is de facto an Internet of Things (IoT) node**. It doesn't have a static ip address or domain identifier. In order for a WebRTC application to set up a connection, its nodes need to exchange some information. The signaling server is used to coordinate this communication.

Publish Subscribe (Pub/Sub) design pattern is becoming crucial for distributed signaling systems. There are a few different communication protocols and implementations supporting Pub/Sub, such as XMPP, AMQP, MQTT, SignalR and Faye. By properly implementing OAuth2 authorization mechanism into Pub/Sub systems, users can authorize publishing and subscription requests. In this way users should be able to manage their connections and relationships with customers, partners and devices.

The IBN architecture is built on top of the WebRTC network that after identifying communication participants and evaluating their relationship, legitimises entities to reach each other and exchange data.

*    An OpenID Connect/OAuth2-backed network.
** The WebRTC client is used as an analogy to IoT and as a new way of communication with IoT.