From Passports to Digital Workers
Key Points
- Grant Miller traces the roots of identity management back to the 16th‑century passport introduced by King Henry V, framing modern identity as a continuation of early border‑control concepts.
- He explains that today’s identity management separates “who you are” (authentication) from “what you’re allowed to do” (authorization), adding roles and tasks to the classic who‑where‑what model.
- Miller illustrates his own identity as an example—Grant, IBM CTO, distinguished engineer, access‑focused—showing how each attribute determines the tools, data, and systems he can access.
- The talk emphasizes that digital workers (both humans and automated agents) primarily interact with other computer systems and data, executing jobs and retrieving information rather than engaging in simple one‑to‑one human interactions.
- Ultimately, effective identity governance ensures that the right roles perform the right tasks on the right resources, mirroring the historic need to verify travelers’ identities and permissions.
Sections
- From Passports to Digital Workers - Grant Miller links the 16th‑century introduction of passports by King Henry V to modern identity management for digital workers, illustrating that the core principles of verifying who someone is, their origin, and their permitted actions have stayed fundamentally the same.
- Identity Governance in Client-Server Systems - It explains how organizations must identify and control both human and non‑human system identities in client‑server environments, using functional or system IDs, network restrictions, and governance frameworks to manage access and tasks.
- From Monolithic Systems to Digital Workers - The speaker contrasts traditional generic, monolithic systems with purpose‑built, autonomous digital workers that perform specific tasks, collaborate with each other and humans, and are evolving toward assistant‑like roles.
- Rethinking Digital Workers in Enterprises - The speaker urges viewing digital workers not as monolithic bots but as privileged agents assigned specific tasks within integrated process flows.
Full Transcript
# From Passports to Digital Workers **Source:** [https://www.youtube.com/watch?v=DYMv926QeRE](https://www.youtube.com/watch?v=DYMv926QeRE) **Duration:** 00:11:55 ## Summary - Grant Miller traces the roots of identity management back to the 16th‑century passport introduced by King Henry V, framing modern identity as a continuation of early border‑control concepts. - He explains that today’s identity management separates “who you are” (authentication) from “what you’re allowed to do” (authorization), adding roles and tasks to the classic who‑where‑what model. - Miller illustrates his own identity as an example—Grant, IBM CTO, distinguished engineer, access‑focused—showing how each attribute determines the tools, data, and systems he can access. - The talk emphasizes that digital workers (both humans and automated agents) primarily interact with other computer systems and data, executing jobs and retrieving information rather than engaging in simple one‑to‑one human interactions. - Ultimately, effective identity governance ensures that the right roles perform the right tasks on the right resources, mirroring the historic need to verify travelers’ identities and permissions. ## Sections - [00:00:00](https://www.youtube.com/watch?v=DYMv926QeRE&t=0s) **From Passports to Digital Workers** - Grant Miller links the 16th‑century introduction of passports by King Henry V to modern identity management for digital workers, illustrating that the core principles of verifying who someone is, their origin, and their permitted actions have stayed fundamentally the same. - [00:03:04](https://www.youtube.com/watch?v=DYMv926QeRE&t=184s) **Identity Governance in Client-Server Systems** - It explains how organizations must identify and control both human and non‑human system identities in client‑server environments, using functional or system IDs, network restrictions, and governance frameworks to manage access and tasks. - [00:06:11](https://www.youtube.com/watch?v=DYMv926QeRE&t=371s) **From Monolithic Systems to Digital Workers** - The speaker contrasts traditional generic, monolithic systems with purpose‑built, autonomous digital workers that perform specific tasks, collaborate with each other and humans, and are evolving toward assistant‑like roles. - [00:09:19](https://www.youtube.com/watch?v=DYMv926QeRE&t=559s) **Rethinking Digital Workers in Enterprises** - The speaker urges viewing digital workers not as monolithic bots but as privileged agents assigned specific tasks within integrated process flows. ## Full Transcript
Howdy, everyone.
My name is Grant Miller.
I am a distinguished engineer and the CTO for Access Transformation at IBM.
And I'm going to talk about digital workers and how those relate to identity management.
Before I get in too deep into the whole thought and idea of digital work as an identity,
I kind of want to go back a little bit and see where identity and the whole process came from.
You really have to go back several hundred years, actually to the late 16th century,
when King Henry, the fifth, introduced the concept of the passport.
And this was the first time that we really saw the idea of identity management and governance come into play.
And so what happened is that we had an individual.
Who wanted to travel and go across borders.
And we needed to know who they were.
Where they were from.
And also what they were allowed to do.
Were they allowed to travel to a different border, to a different country?
A nice thing that also was introduced at this time 500 years ago was the concept of recording everything.
So making sure there was a record of all of your travels and all of the times that you crossed over borders.
And this is what we saw come out in the in the 16th century.
Now, fast forward today and we get into IT
identity management.
And the concepts are basically very much the same as they were 500 years ago.
So we still need to know who a person is, where they came from and what they are trying to do.
And this is so that we can make sure that the right people and the right roles of an organization
can perform the tasks and job that they're assigned to do.
Now we term, our terminology has changed a little bit since then.
Instead of who, where, what necessarily we actually call this authentication.
So we authenticate who the person is and the where and the what has really become the authorization.
Where what job are they trying to do?
What is their task?
What is the role they're trying to do?
So we've add did a little bit more to this than what we had before.
So we have the role.
And we have the task.
So let me go back to my introduction.
When I introduced myself at the very beginning of this, I said, Who am I?
He was Grant.
I am from IBM.
My role was a DE.
And my task is access.
And so all of these components really define my identity and ultimately drive what I'm allowed to do,
what tools I can access, what data I can access, what systems I need to access to complete my job.
Now, as we also look at this and think about this, I'm not just acting with other humans and individuals.
I do a lot of that.
But primarily what I'm going to be dealing with is working with with other systems.
And so they'll be a computer systems that I need to interact with.
There'll be data that I need to interact with.
And so oftentimes I will connect into a system to run a task or run some sort of a job.
It'll retrieve data that will bring that back to me, or I might retrieve data directly myself.
There are also times when it's just not a 1 to 1 system in human interaction,
but there will be another computer system in the background somewhere.
So this is a client server kind of model and we need to interact across different systems and all of those are interact with data.
So we have a whole bunch of non-human identities working with human identities.
But the concept around identity stays fundamentally exactly the same.
We still need to know who these systems are.
And a lot of times we do this with functional IDs or we do them with system
IDs or some way to represent the system that's coming in.
We also know where this could be.
What IP address do we allow to come in from, what networks, what sub networks.
And we also need to know, again, what they're allowed to do.
So there is some task that the system is trying to do.
So it's very much what we've always seen and what we've been seeing in the past, same concepts that have applied.
Now, one thing that has emerged over the last the recent years is
now we have lots of systems, lots of digital identities, real lots human identities.
And we do manage and we need to govern all that.
And so we have added governance.
Across all of these systems, which is identity, governance and administration and.
And this now can look and make sure that any IDs, any systems, are they still in place?
Are they still allowed to do what they do?
Have you changed jobs?
Have you left the company?
Are you a new hire?
All of these things, all the lifecycle management around identities still need to be governed.
So this is where the governance play of that.
So this is what we're pretty much fairly used to in how identity management works today.
So let's jump ahead a little bit.
And now we have the concept of automations and intelligent systems coming into play.
Now, early on, we really had chat bots.
And we had copilots.
And these are systems that we can interact with as a human and work with the with the chat bot.
The chat bot may also work with systems to retrieve data or take actions
that need to be happen and then bring insight and information back to us.
And that's okay, right?
It's still behaving a lot like how we have thought of systems in the past and we still need to know who, where, what's allowed.
All of these things still happen
and we're still actually, you know, logging all of the actions that all of these systems are doing.
Now, the interesting thing about this system that's happening, these are autonomic systems.
We still think of them very much like non-human identities.
So they're still operating as functional IDs or system IDs or connecting
in ways that we have been familiar with for a long time and how to do it.
So we've applied all that.
So the governance that goes on across these is still very much the same.
We still govern this much like we would any of these systems or any are much like we do humans.
So now let's jump to current and even maybe projecting a little bit into the future.
And now we're starting to get the idea and the concept of digital workers.
Now, digital worker is a little bit different in that instead of
these systems, which are really they're they're somewhat generic and monolithic.
Systems.
In other words, you ask, they have a task, they can go off.
They know exactly what they're supposed to do, what they're supposed to interact with.
They've been built that way and they return a response.
These systems are actually a lot more autonomic, and they're really specifically designed to be digital workers.
And they have a specific task.
They are assigned to accomplish one specific task.
And and in the end of the day, what they're really doing is augmenting.
Human teams.
So they're really here to support us, to do automation, to help in flows.
And the way to really think about this is that it's not just a single digital worker that exists.
There could be multiple digital workers.
And and they're working together.
You know, they have to interact with each other.
They have to interact with maybe potentially a copilot.
They have to interact with systems.
And a lot of times in the future, we may see that we will get digital workers that are really more of a digital assistant.
So instead of as an individual, I work with a system or any of these other
parts of the enterprise, I will just work with my assistant.
My assistant then will work with other digital workers and they will start figuring out what needs to be done.
Now, where I describe this to be more of a generic monolithic system, these become what is known as a gen tech flows.
And this is because we have multiple agents, multiple digital workers,
all trying to interact together and it becomes part of a flow.
And that flow can change as we try to do different questions that I want to have answered.
Now we get back to identity management.
A lot of this still remains the same.
I still need to know the who, the where, though, what they're allowed to do.
I need to log everything.
But now there's a little bit of a spin on this,
that's a little bit different because now I have a whole ecosystem
of these digital workers who are interacting with a lot of different stuff.
And so if I'm starting the conversation and I ask the digital worker
and they ask a digital worker and they ask a digital worker, the whole identity now needs to cascade,
I'm the one actually asking and my rights and privileges need to flow through the whole system.
So all of this who aware what now must cascade.
And it does this for humans.
Plus digital workers.
And so this adds a layer of complexity over what we have before.
And the same thing projects out on our governance, governance.
And the path was I can govern my chat bot, I can govern my systems and the identities user,
I can govern the humans and what the humans are doing.
But now I have this network in this ecosystem,
and so I have to have a more integrated view of what tasks they're doing, what tasks
are allowed and what actions and logs that I'm seeing them happen.
So it becomes a much more integrated environment.
And this is where we are seeing everything change.
All right. So what does that mean for you?
So I'd like to leave you with four things to think about as
you start dealing with the digital worker and the digital worker age that's coming.
And I want you to think about things that you need to take into consideration.
The first thing that you should think about is don't think of digital workers as systems, right?
Don't think of them as monolithic chat bots and copilots.
You really need to think of them as a digital worker and they're going to have privileges or rights,
and they're going to be working on behalf of other agents or people.
So that's the first thing to consider.
A second consider then you need to consider and do is when you start thinking about
a process of an enterprise, you think about processes and flows that you do work.
Break those processes down into task.
And your digital worker should be assigned the task.
They manage that task instead of having a chat bot that can do whatever you need for it,
each step and your process should have a task and that should be assigned a digital worker.
And then you bring digital workers to get together, an agent to flow, to do whatever it is you're trying to accomplish.
So break everything down and you kind of think of this much like you think of an object
already in program or you have high cohesion.
In other words, an agent is assigned a very specific task
and you have loose coupling so that you can simply ask it what it needs to do.
And it doesn't get intertwined with a lot of other systems.
Keep it very simple.
The third thing that you need to really take into consideration
is understand this whole ecosystem, understand all of these interactions, understand
what it means to have a humans interacting with digital workers,
with systems, with bots, and what all that drives from an identity perspective.
Keep that in the back of your mind as you start thinking and designing through the system.
And then finally, IGA or identity governance and administration becomes the who, the where, the what has to be propagated.
It has to be cascaded.
It has to be integrated across all of that stuff.
Out single systems of governance in the past are going to evolve.
So you have to start thinking about that as you're doing your solutions.
And with that, I hope that this helps your understanding of digital workers and where things are going.
And I'll see you next time.