The world would be a strange place without identity. It’s woven through much of our lives and enables us to establish trust relationships with others in order to conduct transactions. When conducting those transactions online, identity management is a core foundation of security which in turn is a prerequisite for privacy. The complexity of how to handle identity management well in the face of evolving technology and business requirements has continued to unfold over time, a bit like a Mandelbrot set. We hope this book has provided a useful introduction to identity management for those building applications. We hope you discover you enjoy the challenges presented by this field and are inspired to learn more. Identity management is a broad topic, and there is a lot more to learn beyond what we could cover in this book.

We started out by introducing the types of problems faced by developers related to identity and how trying to solve them might seem like battling a many-headed Hydra. We covered the key events in the life of an online identity, from provisioning to deprovisioning, and everything in between, including authentication, authorization, policy enforcement, step-up and multi-factor authentication, logging out, and account management. We provided more information on each of these topics in subsequent chapters to provide an overview on the identity management capabilities a typical application might need. Our objective was to provide an introductory, practical overview of such topics, specifically for developers building applications delivered via the Web or to mobile devices. We hope we’ve provided sufficient background information to help you get started and more easily understand other resources as you continue learning.

We’ve also shared some lessons learned based on our past experience, such as how to approach troubleshooting and some of the typical things that can go wrong. We’ve added some of the less common use cases we’ve come across so you can evaluate at the beginning of your project if they might apply to your environment. Learning about additional requirements near the end of a project is never conducive to delivering on time!

There have unfortunately been many breaches that have compromised identity information. We collected information on a variety of breaches and researched the root causes to help you learn from the past. The root causes of many breaches are not complex, but they do require diligence if they are to be avoided. Pursuing a compliance certification can help instill the right practices to avoid oversights leading to security incidents. We added the compliance chapter to help you identify privacy- or security-related requirements you may need to comply with, why compliance can be a beneficial exercise, and how to approach it.

We closed with a summary of why we think knowledge of identity management will be even more important in the future. The need for identity management will expand to all manner of devices, bots, agents, cars, and more. That means a lot more people need to be familiar with the requirements for identity management and how to solve them. We hope the information in this book and the sample program helps you understand some of the scope of what identity management entails. Most of all, we hope this encourages you to continue to learn more about the topic, to bring the knowledge gained to bear on your projects, and to find ways to share any new learning or techniques with others. Ongoing collaboration across the tech community to continually improve identity management is essential to protect our data, privacy, reputations, and even our physical safety with the services and devices we use.