Digital Identity

Larger Cover

Digital Identity

By Phillip J. Windley

Publisher: O'Reilly Media

Released: August 2005

Pages: 256

The rise of network-based, automated services in the past decade has definitely changed the way businesses operate, but not always for the better. Offering services, conducting transactions and moving data on the Web opens new opportunities, but many CTOs and CIOs are more concerned with the risks. Like the rulers of medieval cities, they've adopted a siege mentality, building walls to keep the bad guys out. It makes for a secure perimeter, but hampers the flow of commerce.

Fortunately, some corporations are beginning to rethink how they provide security, so that interactions with customers, employees, partners, and suppliers will be richer and more flexible. Digital Identity explains how to go about it. This book details an important concept known as "identity management architecture" (IMA): a method to provide ample protection while giving good guys access to vital information and systems. In today's service-oriented economy, digital identity is everything. IMA is a coherent, enterprise-wide set of standards, policies, certifications and management activities that enable companies like yours to manage digital identity effectively--not just as a security check, but as a way to extend services and pinpoint the needs of customers.

Author Phil Windley likens IMA to good city planning. Cities define uses and design standards to ensure that buildings and city services are consistent and workable. Within that context, individual buildings--or system architectures--function as part of the overall plan. With Windley's experience as VP of product development for Excite@Home.com and CIO of Governor Michael Leavitt's administration in Utah, he provides a rich, real-world view of the concepts, issues, and technologies behind identity management architecture.

How does digital identity increase business opportunity? Windley's favorite example is the ATM machine. With ATMs, banks can now offer around-the-clock service, serve more customers simultaneously, and do it in a variety of new locations. This fascinating book shows CIOs, other IT professionals, product managers, and programmers how security planning can support business goals and opportunities, rather than holding them at bay.

Chapter 1 Introduction
1. Business Opportunity
2. Digital Identity Matters
3. Using Digital Identity
4. The Business Context of Identity
5. Foundational Technologies for Digital Identity
6. Identity Management Architectures
Chapter 2 Defining Digital Identity
1. The Language of Digital Identity
2. Identity Scenarios in the Physical World
3. Identity, Security, and Privacy
4. Digital Identity Perspectives
5. Identity Powershifts
6. Conclusion
Chapter 3 Trust
1. What Is Trust?
2. Trust and Evidence
3. Trust and Risk
4. Reputation and Trust Communities
5. Conclusion
Chapter 4 Privacy and Identity
1. Who's Afraid of RFID?
2. Privacy Pragmatism
3. Privacy Drivers
4. Privacy Audits
5. Privacy Policy Capitalism
6. Anonymity and Pseudonymity
7. Privacy Principles
8. Prerequisites
9. Conclusion
Chapter 5 The Digital Identity Lifecycle
1. Provisioning
2. Propagating
3. Using
4. Maintaining
5. Deprovisioning
6. Conclusion
Chapter 6 Integrity, Non-Repudiation, and Confidentiality
1. Integrity
2. Non-Repudiation
3. Confidentiality
4. Conclusion
Chapter 7 Authentication
1. Authentication and Trust
2. Authentication Systems
3. Authentication System Properties
4. Conclusion
Chapter 8 Access Control
1. Policy First
2. Authorization Patterns
3. Abstract Authorization Architectures
4. Digital Certificates and Access Control
5. Conclusion
Chapter 9 Names and Directories
1. Utah.gov: Naming and Directories
2. Naming
3. Directories
4. Aggregating Directory Information
5. Conclusion
Chapter 10 Digital Rights Management
1. Digital Leakage
2. The DRM Battle
3. Apple iTunes: A Case Study in DRM
4. Features of DRM
5. DRM Reference Architecture
6. Trusted Computing Platforms
7. Specifying Rights
8. Conclusion
Chapter 11 Interoperability Standards
1. Standards and the Digital Identity Lifecycle
2. Integrity and Non-Repudiation: XML Signature
3. Confidentiality: XML Encryption
4. Authentication and Authorization Assertions
5. Example SAML Use Cases
6. Identity Provisioning
7. Representing and Managing Authorization Policies
8. Conclusion
Chapter 12 Federating Identity
1. Centralized Versus Federated Identity
2. The Mirage of Centralized Efficiency
3. Network Effects and Digital Identity Management
4. Federation in the Credit Card Industry
5. Benefits of Federated Identity
6. Digital Identity Standards
7. Three Federation Patterns
8. Conclusion
Chapter 13 An Architecture for Digital Identity
1. Identity Management Architecture
2. The Benefits of an Identity Management Architecture
3. Success Factors
4. Roadblocks
5. Identity Management Architecture Components
6. Conclusion
Chapter 14 Governance and Business Modeling
1. IMA Lifecycle
2. IMA Governance Model
3. Initial Steps
4. Creating a Vision
5. IMA Governing Roles
6. Resources
7. What to Outsource
8. Understanding the Business Context
9. Business Function Matrix
10. IMA Principles
11. Conclusion
Chapter 15 Identity Maturity Models and Process Architectures
1. Maturity Levels
2. The Maturity Model
3. The Rights Steps at the Right Time
4. Finding Identity Processes
5. Evaluating Processes
6. A Practical Action Plan
7. Filling the Gaps with Best Practices
8. Conclusion
Chapter 16 Identity Data Architectures
1. Build a Data Architecture
2. Processes Link Identities
3. Data Categorization
4. Identity Data Structure and Metadata
5. Exchanging Identity Data
6. Principles for Identity Data
7. Conclusion
Chapter 17 Interoperability Frameworks for Identity
1. Principles of a Good IF
2. Contents of an Identity IF
3. Example Interoperability Framework
4. A Word of Warning
5. Conclusion
Chapter 18 Identity Policies
1. The Policy Stack
2. Attributes of a Good Identity Policy
3. Determining Policy Needs
4. Writing Identity Policies
5. An Identity Policy Suite
6. Assessing Identity Policies
7. Enforcement
8. Procedures
9. Conclusion
Chapter 19 Identity Management Reference Architectures
1. Reference Architectures
2. Benefits and Pitfalls
3. Reference Architecture Best Practices
4. Using a Reference Architecture
5. Components of a Reference Architecture
6. Technical Position Statements
7. Consolidated Infrastructure Blueprint
8. System Reference Architectures
9. Conclusion
Chapter 20 Building an Identity Management Architecture
1. Scoping the Process
2. Which Projects Are Enterprise Projects?
3. Sequencing the IMA Effort
4. A Piece at a Time
5. Conclusion: Dispelling IMA Myths

Colophon

Title:

Digital Identity

By:

Phillip J. Windley

Publisher:

O'Reilly Media

Formats:

Print
Ebook
Safari Books Online

Print:

August 2005

Ebook:

July 2008

Pages:

256

Print ISBN:

978-0-596-00878-9

| ISBN 10:

0-596-00878-3

Ebook ISBN:

978-0-596-15306-9

| ISBN 10:

0-596-15306-6

Colophon

About the AuthorPhillip J. Windley is an Associate Professor of Computer Science at Brigham Young University. Dr. Windley is a nationally recognized expert in using information technology to add value to business. Windley received his PhD in computer science from the University of California, Davis in 1990. Prior to his graduate studies, Windley worked for four years as a nuclear metallurgist and a member of the technical staff at the Department of Energy's Division of Naval Reactors.ColophonOur look is the result of reader comments, our own experimentation, and feedback from distribution channels. Distinctive covers complement our distinctive approach to technical topics, breathing personality and life into potentially dry subjects.The cover of Digital Identity shows female masqueraders. A masquerade ball is a social gathering of participants who wear elaborate costumes to hide their true identities.Such gatherings originally gained popularity as elaborate allegorical pageants, celebrating marriages and other dynastic events of late medieval court life. In Italy, during the 15th century, masquerade balls were extended into costumed public festivities held for members of the upper classes.Masquerade balls are still held today, although they are less formal. "Costume parties" may very well be a descendant of this popular tradition.Sarah Sherman was the production editor and proofreader for Digital Identity. Linley Dolby was the copyeditor. Adam Witwer and Claire Cloutier provided quality control. Lydia Onofrei provided production assistance. Johnna VanHoose Dinse wrote the index.Ellie Volckhausen designed the cover of this book, based on a series design by Edie Freedman. The cover image is a 19th-century engraving from the Dover Pictorial Archive. Karen Montgomery produced the cover layout with Adobe InDesign CS using Adobe's ITC Garamond font.David Futato designed the interior layout. This book was converted by Joe Wizda to FrameMaker 5.5.6 with a format conversion tool created by Erik Ray, Jason McIntosh, Neil Walls, and Mike Sierra that uses Perl and XML technologies. The text font is Linotype Birka; the heading font is Adobe Myriad Condensed; and the code font is LucasFont's TheSans Mono Condensed. The illustrations that appear in the book were produced by Robert Romano, Jessamyn Read, and Lesley Borash using Macromedia FreeHand MX and Adobe Photoshop CS. This colophon was written by Sarah Sherman.The production editors for Book Title, eMatter Edition were Ellie Cutler and Jeff Liggett. Linda Walsh was the product manager. Kathleen Wilson provided design support. Lenny Muellner, Mike Sierra, Erik Ray, and Benn Salter provided technical support. This eMatter Edition was produced with FrameMaker 5.5.6.

Description

Table of Contents

Product Details

About the Author

Colophon

Recommended for You

Chapter 1 Introduction

Business Opportunity

Digital Identity Matters

Using Digital Identity

The Business Context of Identity

Foundational Technologies for Digital Identity

Identity Management Architectures

Chapter 2 Defining Digital Identity

The Language of Digital Identity

Identity Scenarios in the Physical World

Identity, Security, and Privacy

Digital Identity Perspectives

Identity Powershifts

Conclusion

Chapter 3 Trust

What Is Trust?

Trust and Evidence

Trust and Risk

Reputation and Trust Communities

Conclusion

Chapter 4 Privacy and Identity

Who's Afraid of RFID?

Privacy Pragmatism

Privacy Drivers

Privacy Audits

Privacy Policy Capitalism

Anonymity and Pseudonymity

Privacy Principles

Prerequisites

Conclusion

Chapter 5 The Digital Identity Lifecycle

Provisioning

Propagating

Using

Maintaining

Deprovisioning

Conclusion

Chapter 6 Integrity, Non-Repudiation, and Confidentiality

Integrity

Non-Repudiation

Confidentiality

Conclusion

Chapter 7 Authentication

Authentication and Trust

Authentication Systems

Authentication System Properties

Conclusion

Chapter 8 Access Control

Policy First

Authorization Patterns

Abstract Authorization Architectures

Digital Certificates and Access Control

Conclusion

Chapter 9 Names and Directories

Utah.gov: Naming and Directories

Naming

Directories

Aggregating Directory Information

Conclusion

Chapter 10 Digital Rights Management

Digital Leakage

The DRM Battle

Apple iTunes: A Case Study in DRM

Features of DRM

DRM Reference Architecture

Trusted Computing Platforms

Specifying Rights

Conclusion

Chapter 11 Interoperability Standards

Standards and the Digital Identity Lifecycle

Integrity and Non-Repudiation: XML Signature

Confidentiality: XML Encryption

Authentication and Authorization Assertions

Example SAML Use Cases

Identity Provisioning

Representing and Managing Authorization Policies

Conclusion

Chapter 12 Federating Identity

Centralized Versus Federated Identity

The Mirage of Centralized Efficiency