Identity, Security Program Controls/Technologies

AAA CISO: Identity in metaverse will be decentralized, federated and self-sovereign (WATCH)

General views of the Philipp Plein fashion show during Metaverse Fashion Week on March 24, 2022. (Photo by Vittorio Zunino Celotto/Getty Images)

As the metaverse becomes a reality, the world's population is going to spend a lot more time representing themselves in the form of their digital identities. And with this shift from the purely physical world to the digital world comes new risks and challenges around identity, privacy and the user experience.

In a preview of a panel session he would appear in during the Identiverse conference this week, Gopal Padinjaruveetil, vice president and CISO of The Auto Group Club (or AAA), told SC Media that for the most seamless and user-friendly authentication experience, identity management in the metaverse will need to be decentralized, federated, dynamic and risk-based, and self-sovereign.

"There's no question that such kind of systems cannot be centralized," said Padinjaruveetil in a video interview. "So there's two principles that it's it's going to be operating on: It is going to be decentralized identity, and it has to be federated."

Click here for more SC Media coverage from the Identiverse Conference.

Padinjaruveetil envisioned a metaverse with different ecosystems created for various services, including healthcare, finance and membership organizations such as AAA.

"And what's going to happen is that there's going to be federation ... both inside ecosystems and outside ... with other ecosystems. ... And as you move from ecosystem to ecosystem, you want to have authentication, you want to pass on some credentials, and that's going to be built on trust."

Individual ecosystem owners will need to apply their own dynamic versions of risk-based authentication based on the contextual situation, with an eye on creating as frictionless an experience as possible, continued Padinjaruveetil.

Meanwhile, users must continue to own their personal digital identities, and should have the power to decide how much identity data they wish to share with each service provider, Padinjaruveetil continued.

"With consent, I'm willing to give it to you for certain purposes," he said. "That's got to be the foundational principle in this world. It has to be self-sovereign."

For more on Padinjaruveetil's thoughts and predictions on how identity will the metaverse will shape up, watch the embedded video.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.