Planning and Creating an Identity Management Architecture
ISBN: 0596008783
Pages: 234
Publisher: O’Reilly
Topic: Strategy
The rise of network-based, automated services in the past decade has definitely changed the way businesses operate, and not always for the better. Offering services, conducting transactions, and moving data on the Web opens new opportunities, but many CTOs and CIOs are more concerned with the risks. Like the rulers of medieval cities, they’ve adopted a siege mentality,
building walls to keep the bad guys out. It makes for a secure perimeter, but
hampers the flow of commerce.
Fortunately, some corporations are beginning to rethink how they
provide security, so that interactions with customers, employees, partners,
and suppliers will be richer and more flexible. “Digital Identity” (O’Reilly) by
Phillip J. Windley explains how to go about it. Drawing on his experience as CTO of iMall, Inc., VP of product development for Excite@Home, and CIO in Governor Michael Leavitt’s administration in Utah, Windley provides a rich, real-world view of the concepts, issues, and technologies behind a key concept known as “identity management architecture” (IMA).
According to Windley, IMA is a method to provide ample protection against malicious attacks while giving good guys access to vital information and systems. In today’s service-oriented economy, digital identity is critical:
it provides a set of standards, policies, certifications, and management
activities that enable companies to manage digital identity effectively–not
just as a security check, but as a way to extend services and pinpoint the needs
of customers.
The ATM machine is one of Windley’s favorite examples of the way
digital identity increases business. “Before ATMs were invented, a bank’s customers took care of their banking needs by presenting pieces of
paper to a human teller,” recalls Windley. The papers included instructions to the bank, cash, checks, and other financial instruments. Unless the teller personally knew the customer, the customer also presented some kind
of identity credential, such as a driver’s license, that allowed the teller to
verify the customer’s identity and proceed with the transaction. “The ATM was possible only because banks created a means of identifying their customers digitally,” explains Windley. “With the advent of a digital identity infrastructure, banks no longer needed a human in the loop to verify the
customer’s identity, allowing them to provide around-the-clock access to banking in a broad range of convenient locations.
In the foreword to the book, Jamie Lewis, CEO and research chair for the Burton
Group, reflects on the importance of digital identity in the virtual
world: “The societal mores, legal structures, and commonly accepted
business practices that govern everyday life in the physical world have
evolved over thousands of years, and that evolution continues every day. But
now we’re in the process of translating those structures to the Internet, creating a new place where people can interact. That ‘place’ is radically different from the physical world, one where networked
applications combine with ubiquitous connectivity to free transactions,
communications, and other activities from physical constraints, thus, creating
an entirely new set of activities.”
Lewis adds, “When it comes to enabling a truly virtual world that can accommodate the breadth and depth of human endeavor, nothing is
more important than identity.”
Windley likens IMA to good city planning: cities define uses and
design standards to ensure that buildings and city services are consistent
and workable. In “Digital Identity,” CIOs, other IT professionals, product managers, and programmers will learn how security planning can support their business goals and opportunities, rather than holding them at bay.
1. Introduction
Business Opportunity
Digital Identity Matters
Using Digital Identity
The Business Context of Identity
Foundational Technologies for Digital Identity
Identity Management Architectures
2. Defining Digital Identity
The Language of Digital Identity
Identity Scenarios in the Physical World
Identity, Security, and Privacy
Digital Identity Perspectives
Identity Powershifts
Conclusion
3. Trust
What Is Trust?
Trust and Evidence
Trust and Risk
Reputation and Trust Communities
Conclusion
4. Privacy and Identity
Who’s Afraid of RFID?
Privacy Pragmatism
Privacy Drivers
Privacy Audits
Privacy Policy Capitalism
Anonymity and Pseudonymity
Privacy Principles
Prerequisites
Conclusion
5. The Digital Identity Lifecycle
Provisioning
Propagating
Using
Maintaining
Deprovisioning
Conclusion
6. Integrity, Non-Repudiation, and Confidentiality
Integrity
Non-Repudiation
Confidentiality
Conclusion
7. Authentication
Authentication and Trust
Authentication Systems
Authentication System Properties
Conclusion
8. Access Control
Policy First
Authorization Patterns
Abstract Authorization Architectures
Digital Certificates and Access Control
Conclusion
9. Names and Directories
Utah.gov: Naming and Directories
Naming
Directories
Aggregating Directory Information
Conclusion
10. Digital Rights Management
Digital Leakage
The DRM Battle
Apple iTunes: A Case Study in DRM
Features of DRM
DRM Reference Architecture
Trusted Computing Platforms
Specifying Rights
Conclusion
11. Interoperability Standards
Standards and the Digital Identity Lifecycle
Integrity and Non-Repudiation: XML Signature
Confidentiality: XML Encryption
Authentication and Authorization Assertions
Example SAML Use Cases
Identity Provisioning
Representing and Managing Authorization Policies
Conclusion
12. Federating Identity
Centralized Versus Federated Identity
The Mirage of Centralized Efficiency
Network Effects and Digital Identity Management
Federation in the Credit Card Industry
Benefits of Federated Identity
Digital Identity Standards
Three Federation Patterns
Conclusion
13. An Architecture for Digital Identity
Identity Management Architecture
The Benefits of an Identity Management Architecture
Success Factors
Roadblocks
Identity Management Architecture Components
Conclusion
14. Governance and Business Modeling
IMA Lifecycle
IMA Governance Model
Initial Steps
Creating a Vision
IMA Governing Roles
Resources
What to Outsource
Understanding the Business Context
Business Function Matrix
IMA Principles
Conclusion
15. Identity Maturity Models and Process Architectures
Maturity Levels
The Maturity Model
The Rights Steps at the Right Time
Finding Identity Processes
Evaluating Processes
A Practical Action Plan
Filling the Gaps with Best Practices
Conclusion
16. Identity Data Architectures
Build a Data Architecture
Processes Link Identities
Data Categorization
Identity Data Structure and Metadata
Exchanging Identity Data
Principles for Identity Data
Conclusion
17. Interoperability Frameworks for Identity
Principles of a Good IF
Contents of an Identity IF
Example Interoperability Framework
A Word of Warning
Conclusion
18. Identity Policies
The Policy Stack
Attributes of a Good Identity Policy
Determining Policy Needs
Writing Identity Policies
An Identity Policy Suite
Assessing Identity Policies
Enforcement
Procedures
Conclusion
19. Identity Management Reference Architectures
Reference Architectures
Benefits and Pitfalls
Reference Architecture Best Practices
Using a Reference Architecture
Components of a Reference Architecture
Technical Position Statements
Consolidated Infrastructure Blueprint
System Reference Architectures
Conclusion
20. Building an Identity Management Architecture
Scoping the Process
Which Projects Are Enterprise Projects?
Sequencing the IMA Effort
A Piece at a Time
Conclusion: Dispelling IMA Myths