Index

Search in book...
Toggle Font Controls
Create new playlist

Name your new playlist

Playlist description (optional)
Sign In

Email address

Password

Forgot Password?

or

Continue with Facebook

Continue with Google
Sign Up

Full Name

Email address

Confirm Email Address

Password

or

Continue with Facebook

Continue with Google

Index

A note on the digital index

A link in an index entry is displayed as the section title in which that entry appears. Because some sections have multiple index markers, it is not unusual for an entry to have several links to the same section. Clicking on any link will take you directly to the place in the text in which the marker appears.

A

abstract authorization architectures, Abstract Authorization Architectures

abstracted identity, Identity Powershifts

access control

accountability, Accountability Scales Better than Enforcement
authorization patterns, Accountability Scales Better than Enforcement
custodians, Responsibility
DAC (discretionary access control), Mandatory and Discretionary Access Control
digital certificates and, Digital Certificates and Access Control
enforcement and, Accountability Scales Better than Enforcement
least privilege principle, Principle of Least Privilege
MAC (mandatory access control), Mandatory and Discretionary Access Control
owners, Responsibility
policies and, Policy First, Access Control
RBAC (role-based access control), Role-Based Access Control
responsiblity and, Responsibility
user-based permission systems, Mandatory and Discretionary Access Control
users, Principle of Least Privilege

accountability

access control, Accountability Scales Better than Enforcement
privacy and, Privacy Principles

accuracy, privacy and, Prerequisites

ACLs (access control lists), Access-Control Lists

ad hoc federation pattern, Three Federation Patterns

ad hoc level, maturity model, Level 2: Focused

ADA (authorization decision assertion), Identity Scenarios in the Physical World, Digital Certificates and Access Control

advisor, IMA, Supporting Roles

aggregation, Identity Powershifts

directory information, Aggregating Directory Information

algorithms

challenge-response systems, Password reset
DER (Distinguished Encoding Rules), Certificate Authorities
message digests, Digital Signatures
public-key cryptosystems, Public key cryptosystem algorithms
secret key cryptography, Public key cryptography

anonymity, Anonymity and Pseudonymity

Apple iTunes

DRM and, Apple iTunes: A Case Study in DRM
problems, Trusted Computing Platforms

architectures

categories, An Architecture for Digital Identity

data architecture

building, Processes Trump Data, Processes Link Identities
data categorization, Data Categorization
processes, Processes Trump Data

data architectures, Identity Data Architectures

data inventory, The Identity Data Inventory
identity data audit, Data Categorization
identity mapping, Identity Mapping

identity management, Identity Management Architecture

RA (reference architecture), Reference Architectures

benefits, Benefits and Pitfalls
pitfalls, Benefits and Pitfalls

SRAs (system reference architectures), Goal State CIBs

assertions, Authentication and Authorization Assertions

assessing policies, Assessing Identity Policies

ATM, digital ID and, Using Digital Identity

attributes, definition, The Language of Digital Identity

audience, IMA, Primary Roles

auditability, authentication systems, Manageability

authentication, The Language of Digital Identity

biometric devices, Biometric Devices
biometrics, The Language of Digital Identity
CAs and, Certificate Authorities
challenge-response systems, Password reset
cookies, Cookies
credentials, The Language of Digital Identity
digital certificates, Digital Certificates
factors, Authentication Systems
federation support, Manageability
ID and password systems, ID and Password
interoperability, Authentication and Authorization Assertions
passwords, Password management
policies, Privacy
smart cards, Smart Cards
systems, Authentication and Trust
trust and, Authentication and Trust

authentication systems

auditability, Manageability
locational transparency, Locational Transparency
manageability, Manageability
practicality, Authentication System Properties
privacy levels, Locational Transparency
properties, Authentication System Properties
protocol insensitiviy, Locational Transparency
reliability, Locational Transparency
security level, Authentication System Properties

authoritative directories, Enterprise Directory Services

authorization

abstract architectures, Abstract Authorization Architectures
ACLs (access control lists), Access-Control Lists
assertions, Authentication and Authorization Assertions
DAC (discretionary access control), Mandatory and Discretionary Access Control
interoperability, Authentication and Authorization Assertions
MAC (mandatory access control), Mandatory and Discretionary Access Control
patterns, Accountability Scales Better than Enforcement
policies, Representing and Managing Authorization Policies
RBAC (role-based access control), Role-Based Access Control
user-based permission systems, Mandatory and Discretionary Access Control

B

BankAmericard, Federation in the Credit Card Industry

benefits of digital ID, Digital Identity Matters

best practices, Filling the Gaps with Best Practices

RA (reference architecture), Using a Reference Architecture

BFM (business function matrix), creating, Business Function Matrix

biometrics, authentication and, The Language of Digital Identity, Biometric Devices

business context, digital ID and, The Business Context of Identity

business opportunities, Business Opportunity

C

CAs (certificate authorities), Certificate Authorities

authentication and, Certificate Authorities
certification path, Public-Key Infrastructures
CPS (certification practice statement), Certificate Revocations Lists
CRL (certificate revocation lists), Certificate Revocations Lists
services provided, Certificate Authorities

centralized identity, Centralized Versus Federated Identity

efficiency, The Mirage of Centralized Efficiency
federated comparison, Centralized Versus Federated Identity

certificate subjects, Digital Certificates

certificates

authentication and, Digital Certificates
policies, An Identity Policy Suite

certification path, Public-Key Infrastructures

challenge-response systems, Password reset

digital certificates, Digital Certificates
smart cards, Smart Cards

champion, IMA, Primary Roles

CIB (consolidated infrastructure blueprint), Consolidated Infrastructure Blueprint

goal states, Goal State CIBs

communicator, IMA, Supporting Roles

confidentiality

cryptography, Confidentiality
encryption, Confidentiality
interoperability and, Confidentiality: XML Encryption
introduction, Cryptography
steganography, Confidentiality

consent, privacy and, Privacy Principles

conventional cryptography, Secret keys

cookies, Cookies

privacy and, Privacy Policy Capitalism

CPS (certification practice statement), Certificate Revocations Lists

credentials, The Language of Digital Identity, Authentication

authentication, The Language of Digital Identity
cookies, Cookies

credit cards, federated identity and, Federation in the Credit Card Industry

CRL (certificate revocation lists), Certificate Revocations Lists

cryptography, Confidentiality

confidentiality and, Cryptography
conventional, Secret keys
hybrid key systems, Hybrid key systems
key systems, Cryptography
private keys and, Public key cryptography
public key, Public key cryptography
public-key systems, Public key cryptosystem algorithms
secret key, Secret keys
symmetric cryptography, Secret keys

custodians, access control and, Responsibility

D

DAC (discretionary access control), Mandatory and Discretionary Access Control

data architecture

building, Processes Trump Data
data categorization, Data Categorization
data inventory, The Identity Data Inventory
identity data audit, Data Categorization
identity mapping, Identity Mapping
process-to-identity matrix, Process-to-Identity Matrix

data architectures, Identity Data Architectures

processes, Processes Trump Data

data audit, Data Categorization

data categorization, Data Categorization

data exchange, Exchanging Identity Data

data structure, Identity Data Structure and Metadata

databases, directory comparison, Directories Are Not Databases

deprovisioning, lifecycle, Deprovisioning

digital certificates, Digital Certificates

access control and, Digital Certificates and Access Control
authentication and, Digital Certificates
challege-response systems, Digital Certificates
public-key infrastructure and, Digital Certificates

digital leakage, Digital Leakage

digital signatures, Hybrid key systems, Digital Signatures

policies, Passwords

directories, Names and Directories, Directories

aggregation, Aggregating Directory Information
authoritative directories, Enterprise Directory Services
database comparison, Directories Are Not Databases
example, An Example Directory
metadirectories, Aggregating Directory Information
policies, Directories
schema, Directories
Utah, Utah.gov: Naming and Directories
virtual directories, Virtual Directories

directory services, Cool URIs Don’t Change

enterprise

DNS, Domain Name System
RMIRegistry, RMIRegistry

LDAP, LDAP

X.500, X.500: heavyweight directory services

Distinguished Encoding Rules (DER), Digital Certificates

DNS (Domain Name System), Enterprise Directory Services

TLD (top-level domain), Enterprise Directory Services

domains, Namespaces

DRM (digital rights management), Digital Leakage

Apple iTunes and, Apple iTunes: A Case Study in DRM
conflicts, The DRM Battle
features, Features of DRM
music downloads and, Apple iTunes: A Case Study in DRM
platforms, Trusted Computing Platforms
reference architecture, Features of DRM
rights specification, Specifying Rights
XrML and, XrML

E

eBay, Reputation and Trust Communities

employee provisioning, Employee Provisioning

encryption

confidentiality and, Cryptography
digital signatures, Hybrid key systems
policies, Passwords
secret key, Secret keys
XML, Confidentiality: XML Encryption

end user licenses, XrML, XrML

enforcement, access control, Accountability Scales Better than Enforcement

enforcing policies, Enforcement

enterprise directory services

DNS, Domain Name System
LDAP, LDAP
RMIRegistry, RMIRegistry
X.500, X.500: heavyweight directory services

enterprise executive, IMA, Resources

enterprise projects, IMA scoping, Which Projects Are Enterprise Projects?

entities, Defining Digital Identity

entitlements, The Language of Digital Identity

evidence, trust, Trust and Evidence

exchanging identity data, Identity Data Structure and Metadata

external requirements, policies, Security Considerations

F

factors in authentication, Authentication Systems

federated identity, Federating Identity

benefits, Benefits of Federated Identity

centralized comparison, Centralized Versus Federated Identity

credit card industry, Federation in the Credit Card Industry

federation patterns, Three Federation Patterns

networks, future of, The Future of Federated Identity Networks

patterns

ad hoc federation, Three Federation Patterns
hub-and-spoke federation, Pattern 2: Hub-and-Spoke Federation
identity network, Scenario 3: Identity Network

security and, A Secure, Protected Environment

standards, Benefits of Federated Identity

future of, Liberty Alliance
IBM and, Microsoft, IBM, and the WS-* Roadmap
Internet2 and, Internet2 and Shibboleth
Microsoft and, Digital Identity Standards
OASIS and, OASIS
Shibboleth and, Liberty Alliance
WS-* and, Digital Identity Standards

standardsLiberty Alliance, Liberty Alliance

TIAA-CREF and, Federation in the Credit Card Industry

trust and, Addressing the Problem of Trust

federation policies, Federation

federation support, authentication systems, Manageability

feedback for policies, Feedback on Existing Policies

filenames, namespaces, Naming

flat namespaces, Naming

focused level, maturity model, Level 2: Focused

G

goal states, CIB, Goal State CIBs

governance

BFM (business function matrix), Business Function Matrix, IMA Principles

business context, Understanding the Business Context

IMA lifecycle, IMA Lifecycle

IMA model, IMA Governance Model

initial steps, Creating a Vision
primary roles, IMA Governing Roles
roles, Creating a Vision
supporting roles, Primary Roles
vision, Initial Steps

GSM phones, Smart Cards

H

hierarchical namespaces, Namespaces

hub-and-spoke federation pattern, Three Federation Patterns, Pattern 2: Hub-and-Spoke Federation

hybrid cryptosystems, Hybrid key systems

SSL, Hybrid key systems
TLS, Hybrid key systems

I

IBM, federated identity standards and, Digital Identity Standards

ID and password systems, ID and Password

identifying purposes, privacy and, Privacy Principles

identity

abstracted, Identity Powershifts

ATM and, Using Digital Identity

benefits, Digital Identity Matters

business context, The Business Context of Identity

centralized, Centralized Versus Federated Identity

efficiency, The Mirage of Centralized Efficiency

federated, Federating Identity

inconsistency across sources, Identity Data Structure and Metadata

overview, The Language of Digital Identity

scenarios, Identity Scenarios in the Physical World

security and, Identity, Security, and Privacy

shared, Digital Identity Perspectives

technologies, Foundational Technologies for Digital Identity

tiers, Digital Identity Perspectives

identity aggregation, Identity Powershifts

identity data audit, Data Categorization

identity data exchange, Exchanging Identity Data

identity data principles, Principles for Identity Data

identity federation network, Three Federation Patterns

identity mapping, Identity Mapping

identity maturity model, Identity Maturity Models and Process Architectures

identity policies

authentication, Authentication
characteristics, Attributes of a Good Identity Policy
digital signatures, Encryption and Digital Signatures
directories, Directories
encryption, Encryption and Digital Signatures
external requirements, Security Considerations
feedback, Feedback on Existing Policies
naming and certificates, Naming and Certificates
needs, Business Inspired Projects and Processes
outline, Policy Outline
passwords, Passwords
privacy, Privacy
security, Security Considerations
writing, Feedback on Existing Policies

identity policy suite, An Identity Policy Suite

identity process evaluation, Finding Identity Processes

identity process inventory, Finding Identity Processes

planning, A Practical Action Plan

IF (interoperability frameworks), Principles of a Good IF

cautions, A Word of Warning

characteristics, Principles of a Good IF

example framework, Example Interoperability Framework

standards, Principles of a Good IF

listing, Listing Standards
status, Standard Status

IMA (identity management architecture), Identity Management Architecture

benefits, The Benefits of an Identity Management Architecture

components, Identity Management Architecture Components

data and, Build a Data Architecture

data architecture, Identity Management Architecture Components

enterprise projects, Which Projects Are Enterprise Projects?

governance model, IMA Governance Model

initial steps, Creating a Vision
primary roles, IMA Governing Roles
roles, Creating a Vision
supporting roles, Primary Roles
vision, Initial Steps

lifecycle, governance and, IMA Lifecycle

myths, Conclusion: Dispelling IMA Myths

outsourcing, What to Outsource

policies, Identity Management Architecture Components

policy review framework, The Policy Review Framework

principles, IMA Principles

process architecture, Identity Management Architecture Components

roadblocks, Roadblocks

scope, Scoping the Process

sequencing, Sequencing the IMA Effort

success, Success Factors

technical reference architecture, Identity Management Architecture Components

timeline for building, A Piece at a Time

IMA team, Primary Roles

inconsistency of identities, Identity Data Structure and Metadata

individual access, privacy and, Prerequisites

integrated level, maturity model, Level 4: Integrated

integrity

interoperability and, Integrity and Non-Repudiation: XML Signature
introduction, Integrity
validation and, Principles for Identity Data

Internet2, federated identity standards, Liberty Alliance

interoperability

authentication, Authentication and Authorization Assertions
authorization, Authentication and Authorization Assertions
authorization policies, Representing and Managing Authorization Policies
confidentiality and, Confidentiality: XML Encryption
integrity, Integrity and Non-Repudiation: XML Signature
lifecycle and, Standards and the Digital Identity Lifecycle
non-repudiation, Integrity and Non-Repudiation: XML Signature
policy stack and, Attributes of a Good Identity Policy
provisioning, Identity Provisioning
XML encyrption and, Confidentiality: XML Encryption
XML signature, Integrity and Non-Repudiation: XML Signature

inventory, The Identity Data Inventory

K

key pairs, Public key cryptography

key systems, cryptography, Cryptography

irreversible/reversible, Hybrid key systems

L

laws concerning privacy, Privacy Drivers

LDAP (lightweight directory access protocol), X.500: heavyweight directory services

least privilege principle, access control and, Principle of Least Privilege

Liberty Alliance, federated identity standards, Liberty Alliance

licenses, XrML, XrML

lifecycle

deprovisioning, Deprovisioning
IMA, governance and, IMA Lifecycle
interoperability standards and, Standards and the Digital Identity Lifecycle
maintenance, Using
propagating, Provisioning
provisioning, Provisioning
using, Using

limiting collection, privacy and, Privacy Principles

limiting use, disclosure, and retention, privacy and, Privacy Principles

locational transparency, authentication systems, Locational Transparency

M

MAC (mandatory access control), Mandatory and Discretionary Access Control

maintenance, lifecycle, Using

manageability of authentication systems, Manageability

manager, IMA, Primary Roles

mapping, Identity Mapping

MasterCharge, Federation in the Credit Card Industry

maturity levels, Maturity Levels

maturity model, Maturity Levels

ad hoc level, Level 2: Focused
best practices, Filling the Gaps with Best Practices
focused level, Level 2: Focused
integrated level, Level 4: Integrated
standardized level, Level 3: Standardized

message digests, Public key cryptosystem algorithms

algorithms, Message Digests and Hashes
characteristics, Message Digests and Hashes
public-key cryptography and, Digital Signatures

metadata, Identity Data Structure and Metadata

metadirectories, Aggregating Directory Information

Metcalfe’s Law (networks), Network Effects and Digital Identity Management

Microsoft, federated identity standards and, Digital Identity Standards

music downloads, DRM and, Apple iTunes: A Case Study in DRM

N

names, Names and Directories

overview, Naming
Utah, Utah.gov: Naming and Directories

namespace connector, Metadirectories

namespaces, Namespaces

filenames, Naming
flat, Namespaces
hierarchical, Namespaces
URIs (uniform resource indicators), Uniform Resource Indicators: A Universal Namespace

naming policies, Naming and Certificates

networks, Network Effects and Digital Identity Management

federated identity, future of, The Future of Federated Identity Networks
Metcalfe’s law, Network Effects and Digital Identity Management

non-repudiation

interoperability and, Integrity and Non-Repudiation: XML Signature
introduction, Integrity

NRO (Non-Repudiation of Origin), Integrity

NRR (Non-Repudiation of Receipt), Integrity

O

OASIS (Organization for the Advancement of Structured Information Standards), federated identity and, OASIS
openness, privacy and, Prerequisites
outline for identity policies, Policy Outline
overseer, IMA, Primary Roles
owners, access control and, Responsibility