Home Page Icon
Home Page
Table of Contents for
Cover
Close
Cover
by Phillip J. Windley
Digital Identity
Dedication
Foreword
Preface
Who Should Read This Book
Conventions Used in This Book
Comments and Questions
Safari Enabled
Acknowledgments
1. Introduction
1.1. Business Opportunity
1.2. Digital Identity Matters
1.3. Using Digital Identity
1.4. The Business Context of Identity
1.5. Foundational Technologies for Digital Identity
1.6. Identity Management Architectures
2. Defining Digital Identity
2.1. The Language of Digital Identity
2.2. Identity Scenarios in the Physical World
2.3. Identity, Security, and Privacy
2.4. Digital Identity Perspectives
2.5. Identity Powershifts
2.6. Conclusion
3. Trust
3.1. What Is Trust?
3.2. Trust and Evidence
3.3. Trust and Risk
3.4. Reputation and Trust Communities
3.5. Conclusion
4. Privacy and Identity
4.1. Who’s Afraid of RFID?
4.2. Privacy Pragmatism
4.3. Privacy Drivers
4.4. Privacy Audits
4.5. Privacy Policy Capitalism
4.6. Anonymity and Pseudonymity
4.7. Privacy Principles
4.8. Prerequisites
4.9. Conclusion
5. The Digital Identity Lifecycle
5.1. Provisioning
5.2. Propagating
5.3. Using
5.4. Maintaining
5.5. Deprovisioning
5.6. Conclusion
6. Integrity, Non-Repudiation, and Confidentiality
6.1. Integrity
6.2. Non-Repudiation
6.3. Confidentiality
6.3.1. Cryptography
6.3.1.1. Secret keys
6.3.1.2. Public key cryptography
6.3.1.3. Hybrid key systems
6.3.1.4. Public key cryptosystem algorithms
6.3.2. Message Digests and Hashes
6.3.3. Digital Signatures
6.3.4. Digital Certificates
6.3.5. Certificate Authorities
6.3.6. Certificate Revocations Lists
6.3.7. Public-Key Infrastructures
6.3.8. Going Further
6.4. Conclusion
7. Authentication
7.1. Authentication and Trust
7.2. Authentication Systems
7.2.1. Cookies
7.2.2. ID and Password
7.2.2.1. Password management
7.2.2.2. Password reset
7.2.3. Challenge-Response Systems
7.2.4. Digital Certificates
7.2.5. Biometric Devices
7.2.6. Smart Cards
7.3. Authentication System Properties
7.3.1. Practicality
7.3.2. Appropriate Level of Security
7.3.3. Locational Transparency
7.3.4. Protocol Insensitivity
7.3.5. Appropriate Level of Privacy
7.3.6. Reliability
7.3.7. Auditability
7.3.8. Manageability
7.3.9. Federation Support
7.4. Conclusion
8. Access Control
8.1. Policy First
8.1.1. Responsibility
8.1.2. Principle of Least Privilege
8.1.3. Accountability Scales Better than Enforcement
8.2. Authorization Patterns
8.2.1. Mandatory and Discretionary Access Control
8.2.2. User-Based Permission Systems
8.2.3. Access-Control Lists
8.2.4. Role-Based Access Control
8.3. Abstract Authorization Architectures
8.4. Digital Certificates and Access Control
8.5. Conclusion
9. Names and Directories
9.1. Utah.gov: Naming and Directories
9.2. Naming
9.2.1. Namespaces
9.2.2. Uniform Resource Indicators: A Universal Namespace
9.2.3. Cool URIs Don’t Change
9.3. Directories
9.3.1. Directories Are Not Databases
9.3.2. An Example Directory
9.3.3. Enterprise Directory Services
9.3.3.1. Domain Name System
9.3.3.2. RMIRegistry
9.3.3.3. X.500: heavyweight directory services
9.3.3.4. LDAP
9.4. Aggregating Directory Information
9.4.1. Metadirectories
9.4.2. Virtual Directories
9.5. Conclusion
10. Digital Rights Management
10.1. Digital Leakage
10.2. The DRM Battle
10.3. Apple iTunes: A Case Study in DRM
10.4. Features of DRM
10.5. DRM Reference Architecture
10.6. Trusted Computing Platforms
10.7. Specifying Rights
10.7.1. XrML
10.8. Conclusion
11. Interoperability Standards
11.1. Standards and the Digital Identity Lifecycle
11.2. Integrity and Non-Repudiation: XML Signature
11.3. Confidentiality: XML Encryption
11.4. Authentication and Authorization Assertions
11.5. Example SAML Use Cases
11.6. Identity Provisioning
11.6.1. SPML Requests and Responses
11.7. Representing and Managing Authorization Policies
11.8. Conclusion
12. Federating Identity
12.1. Centralized Versus Federated Identity
12.2. The Mirage of Centralized Efficiency
12.3. Network Effects and Digital Identity Management
12.4. Federation in the Credit Card Industry
12.5. Benefits of Federated Identity
12.6. Digital Identity Standards
12.6.1. Microsoft, IBM, and the WS-* Roadmap
12.6.2. OASIS
12.6.3. Liberty Alliance
12.6.4. Internet2 and Shibboleth
12.6.5. The Future of Federation Standards
12.7. Three Federation Patterns
12.7.1. Pattern 1: Ad Hoc Federation
12.7.2. Pattern 2: Hub-and-Spoke Federation
12.7.2.1. Bank of America: a cautionary tale
12.7.3. Scenario 3: Identity Network
12.7.4. Addressing the Problem of Trust
12.7.5. A Secure, Protected Environment
12.7.6. The Future of Federated Identity Networks
12.8. Conclusion
13. An Architecture for Digital Identity
13.1. Identity Management Architecture
13.2. The Benefits of an Identity Management Architecture
13.3. Success Factors
13.4. Roadblocks
13.5. Identity Management Architecture Components
13.6. Conclusion
14. Governance and Business Modeling
14.1. IMA Lifecycle
14.2. IMA Governance Model
14.3. Initial Steps
14.4. Creating a Vision
14.5. IMA Governing Roles
14.5.1. Primary Roles
14.5.2. Supporting Roles
14.6. Resources
14.7. What to Outsource
14.8. Understanding the Business Context
14.9. Business Function Matrix
14.9.1. Creating the Business Function Matrix
14.10. IMA Principles
14.11. Conclusion
15. Identity Maturity Models and Process Architectures
15.1. Maturity Levels
15.2. The Maturity Model
15.2.1. Level 1: Ad Hoc
15.2.2. Level 2: Focused
15.2.3. Level 3: Standardized
15.2.4. Level 4: Integrated
15.3. The Rights Steps at the Right Time
15.4. Finding Identity Processes
15.5. Evaluating Processes
15.6. A Practical Action Plan
15.7. Filling the Gaps with Best Practices
15.8. Conclusion
16. Identity Data Architectures
16.1. Build a Data Architecture
16.1.1. Processes Trump Data
16.2. Processes Link Identities
16.2.1. Employee Provisioning
16.2.2. The Identity Data Inventory
16.3. Data Categorization
16.3.1. Identity Data Audit
16.3.2. Identity Mapping
16.3.3. Process-to-Identity Matrix
16.4. Identity Data Structure and Metadata
16.5. Exchanging Identity Data
16.6. Principles for Identity Data
16.7. Conclusion
17. Interoperability Frameworks for Identity
17.1. Principles of a Good IF
17.2. Contents of an Identity IF
17.2.1. Standard Status
17.2.2. Listing Standards
17.3. Example Interoperability Framework
17.4. A Word of Warning
17.5. Conclusion
18. Identity Policies
18.1. The Policy Stack
18.2. Attributes of a Good Identity Policy
18.3. Determining Policy Needs
18.3.1. Business Inspired Projects and Processes
18.3.2. Security Considerations
18.3.3. Meeting External Requirements
18.3.4. Feedback on Existing Policies
18.4. Writing Identity Policies
18.4.1. Policy Outline
18.5. An Identity Policy Suite
18.5.1. Naming and Certificates
18.5.2. Passwords
18.5.3. Encryption and Digital Signatures
18.5.4. Directories
18.5.5. Privacy
18.5.6. Authentication
18.5.7. Access Control
18.5.8. Provisioning
18.5.9. Federation
18.5.10. The Policy Review Framework
18.6. Assessing Identity Policies
18.7. Enforcement
18.8. Procedures
18.9. Conclusion
19. Identity Management Reference Architectures
19.1. Reference Architectures
19.2. Benefits and Pitfalls
19.3. Reference Architecture Best Practices
19.4. Using a Reference Architecture
19.5. Components of a Reference Architecture
19.6. Technical Position Statements
19.6.1. Making Decisions About Technical Positions
19.7. Consolidated Infrastructure Blueprint
19.7.1. Goal State CIBs
19.8. System Reference Architectures
19.9. Conclusion
20. Building an Identity Management Architecture
20.1. Scoping the Process
20.2. Which Projects Are Enterprise Projects?
20.3. Sequencing the IMA Effort
20.4. A Piece at a Time
20.5. Conclusion: Dispelling IMA Myths
Index
About the Author
Colophon
Copyright
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Next
Next Chapter
Digital Identity
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset