Digital Identity

Description:

The rise of network-based, automated services in the past decade has definitely changed the way businesses operate, but not always for the better. Offering services, conducting transactions and moving data on the Web opens new opportunities, but many CTOs and CIOs are more concerned with the risks. Like the rulers of medieval cities, they've adopted a siege mentality, building walls to keep the bad guys out. It makes for a secure perimeter, but hampers the flow of commerce.

Fortunately, some corporations are beginning to rethink how they provide security, so that interactions with customers, employees, partners, and suppliers will be richer and more flexible. Digital Identity explains how to go about it. This book details an important concept known as "identity management architecture" (IMA): a method to provide ample protection while giving good guys access to vital information and systems. In today's service-oriented economy, digital identity is everything. IMA is a coherent, enterprise-wide set of standards, policies, certifications and management activities that enable companies like yours to manage digital identity effectively--not just as a security check, but as a way to extend services and pinpoint the needs of customers.

Author Phil Windley likens IMA to good city planning. Cities define uses and design standards to ensure that buildings and city services are consistent and workable. Within that context, individual buildings--or system architectures--function as part of the overall plan. With Windley's experience as VP of product development for Excite@Home.com and CIO of Governor Michael Leavitt's administration in Utah, he provides a rich, real-world view of the concepts, issues, and technologies behind identity management architecture.

How does digital identity increase business opportunity? Windley's favorite example is the ATM machine. With ATMs, banks can now offer around-the-clock service, serve more customers simultaneously, and do it in a variety of new locations. This fascinating book shows CIOs, other IT professionals, product managers, and programmers how security planning can support business goals and opportunities, rather than holding them at bay.

Table of Contents:

Foreword

Preface

1. Introduction

     Business Opportunity

     Digital Identity Matters

     Using Digital Identity

     The Business Context of Identity

     Foundational Technologies for Digital Identity

     Identity Management Architectures

2. Defining Digital Identity

     The Language of Digital Identity

     Identity Scenarios in the Physical World

     Identity, Security, and Privacy

     Digital Identity Perspectives

     Identity Powershifts

     Conclusion

3. Trust

     What Is Trust?

     Trust and Evidence

     Trust and Risk

     Reputation and Trust Communities

     Conclusion

4. Privacy and Identity

     Who's Afraid of RFID?

     Privacy Pragmatism

     Privacy Drivers

     Privacy Audits

     Privacy Policy Capitalism

     Anonymity and Pseudonymity

     Privacy Principles

     Prerequisites

     Conclusion

5. The Digital Identity Lifecycle

     Provisioning

     Propagating

     Using

     Maintaining

     Deprovisioning

     Conclusion

6. Integrity, Non-Repudiation, and Confidentiality

     Integrity

     Non-Repudiation

     Confidentiality

     Conclusion

7. Authentication

     Authentication and Trust

     Authentication Systems

     Authentication System Properties

     Conclusion

8. Access Control

     Policy First

     Authorization Patterns

     Abstract Authorization Architectures

     Digital Certificates and Access Control

     Conclusion

9. Names and Directories

     Utah.gov: Naming and Directories

     Naming

     Directories

     Aggregating Directory Information

     Conclusion

10. Digital Rights Management

     Digital Leakage

     The DRM Battle

     Apple iTunes: A Case Study in DRM

     Features of DRM

     DRM Reference Architecture

     Trusted Computing Platforms

     Specifying Rights

     Conclusion

11. Interoperability Standards

     Standards and the Digital Identity Lifecycle

     Integrity and Non-Repudiation: XML Signature

     Confidentiality: XML Encryption

     Authentication and Authorization Assertions

     Example SAML Use Cases

     Identity Provisioning

     Representing and Managing Authorization Policies

     Conclusion

12. Federating Identity

     Centralized Versus Federated Identity

     The Mirage of Centralized Efficiency

     Network Effects and Digital Identity Management

     Federation in the Credit Card Industry

     Benefits of Federated Identity

     Digital Identity Standards

     Three Federation Patterns

     Conclusion

13. An Architecture for Digital Identity

     Identity Management Architecture

     The Benefits of an Identity Management Architecture

     Success Factors

     Roadblocks

     Identity Management Architecture Components

     Conclusion

14. Governance and Business Modeling

     IMA Lifecycle

     IMA Governance Model

     Initial Steps

     Creating a Vision

     IMA Governing Roles

     Resources

     What to Outsource

     Understanding the Business Context

     Business Function Matrix

     IMA Principles

     Conclusion

15. Identity Maturity Models and Process Architectures

     Maturity Levels

     The Maturity Model

     The Rights Steps at the Right Time

     Finding Identity Processes

     Evaluating Processes

     A Practical Action Plan

     Filling the Gaps with Best Practices

     Conclusion

16. Identity Data Architectures

     Build a Data Architecture

     Processes Link Identities

     Data Categorization

     Identity Data Structure and Metadata

     Exchanging Identity Data

     Principles for Identity Data

     Conclusion

17. Interoperability Frameworks for Identity

     Principles of a Good IF

     Contents of an Identity IF

     Example Interoperability Framework

     A Word of Warning

     Conclusion

18. Identity Policies

     The Policy Stack

     Attributes of a Good Identity Policy

     Determining Policy Needs

     Writing Identity Policies

     An Identity Policy Suite

     Assessing Identity Policies

     Enforcement

     Procedures

     Conclusion

19. Identity Management Reference Architectures

     Reference Architectures

     Benefits and Pitfalls

     Reference Architecture Best Practices

     Using a Reference Architecture

     Components of a Reference Architecture

     Technical Position Statements

     Consolidated Infrastructure Blueprint

     System Reference Architectures

     Conclusion

20. Building an Identity Management Architecture

     Scoping the Process

     Which Projects Are Enterprise Projects?

     Sequencing the IMA Effort

     A Piece at a Time

     Conclusion: Dispelling IMA Myths

Index