By Leemon Baird

Swirlds Launches with Ping Identity and Distributed Session Management

We had a great week in New Orleans at the Cloud Identity Summit.   Patrick Harding, CTO of Ping Identity, set the stage by introducing Swirlds hashgraph in his keynote, describing some of its features and the importance of distributed consensus to future identity applications. Patrick and the team at Ping believe that distributed consensus provides a new tool that may be used to address long standing, hard problems in IAM, an example of which is global session logout.   

Mance Harmon followed by giving a presentation on Distributed Session Management (DSM), the first application, being built by Ping, that will be built on top of the Swirlds hashgraph platform. DSM aims to solve two problems:

  1. Modern identity protocols such as SAML, OAuth and OpenID Connect are often used to enable Single-Sign-On solutions.    In other words, users sign into an SSO server once, and then can use any number of website or applications without signing in again.  However, there are many cases where a system administrator may want to forcibly sign-out the user from each application. For example, verifiable session logout is needed when a device is lost or stolen, or when an employee’s employment is terminated.  
  2. Providing a ‘kill switch’, which is a necessary component of a Continuous Authentication system.  In Continuous Authentication, application sessions never time out.   The session persists until the Continuous Auth system determines it should no longer persist because confidence in a user’s identity falls below a predefined threshold.  In that case, the application session must be terminated, and the user must reauthenticate.   

In each of these cases, it is important to have a kill switch that verifiably works across protocols and clients types (e.g., web browsers and native applications).   Distributed Session Management is a solution proposed by Ping to solve precisely that problem.  Ping demonstrated the solution and also delivered a Version 1.0 API specification to the OpenID Foundation to be considered for standardization.

Why Swirlds hashgraph for DSM?

Why did Ping choose to build DSM on top of Swirlds, as opposed to say, any of the existing blockchain technologies previously available? Because true Distributed Session Management has the following requirements, which can uniquely be solved by Swirlds:

  1. Low Computation (i.e., no proof-of-work)
  2. Resilience to Denial of Service
  3. No single point of failure
  4. Cryptographic proof-of-receipt
  5. Cryptographic proof-of-transmission
  6. Trusted consensus timestamps
  7. Scaleable (both transactions per second and nodes)
  8. Immutable record for audit
  9. Distributed trust
  10. Reliable storage and high availability

When compared to other consensus technologies (Leader-based, non-Proof-of-Work blockchain, and Proof-of-Work blockchain), Swirlds hashgraph is the only technology that natively provides the combination of Proof-of-Receipt, Trusted Consensus Timestamps, and Scalability, without the need for Proof-of-Work.

The full whitepaper on Distributed Session Management can be found at the Ping Identity website here.

In addition to DSM, at the conference,I provided both an introduction to the Swirlds hashgraph, as well as an in-depth introduction to developing on the Swirlds platform.  We hope to provide links to videos in the coming days.

Feedback from the initial demonstration was very positive, and Ping will continue to demonstrate this to customers over the coming months. We are very excited about the potential application of Swirlds’ technology to identity as an early pioneer. In today’s world, it has become just as important (if not more) to be able to cut off access to sensitive information, so it doesn’t fall into the wrong hands, as it is to grant it. Ping will be helping organizations do just that, and we are excited to see how this, and future identity applications of Swirlds, can help organizations further improve their overall security posture.