The boundaries between the real and the virtual are becoming increasingly blurred. In a corporate setting, it is more important than ever to identify and control the way the organization deals with customers, suppliers, employees, and other users who may interact with information systems.
Identity Management, or IDM, refers to how humans are identified and authorized across computer networks. It encompasses issues such as the way users are given an identity, the protection of that identity, and the technologies supporting that protection, such as network protocols, digital certificates, passwords, and so on. Proper identity management is, of course, an essential component of any security strategy.
Identity Management: A Primer provides a complete and comprehensive overview of the elements required for a properly planned identity environment. In it, the authors cover the entire gamut of IDM-related matters, including directories; authentication; provisioning; role-based access control; single sign-on; governance, risk, and compliance; implementation and roadmap; public key infrastructure; electronic identity smartcards; and a wealth of other important topics. As the title indicates, this book is a primer in which the key issues of identity management are identified and appropriate strategies and preventative measures are covered in an easy-to-understand format with extensive use of real-world case study examples. Students and IT professionals alike will appreciate this resource as they seek to understand and master the complexity of identity in a virtual world.
With Identity Management, you will:
Understand the concept of identity management in planning an environment that will manage identities in order to improve compliance to governance requirements.
Discover the best way to scope the IDM task to construct a roadmap that moves toward the desired goal.
Learn to plan an environment that interfaces systemically rather than grow disparate and isolated components.
Find a case study and discussion questions in each chapter for real-world grounding of the topics.
Graham Williamson — Graham Williamson has more than 20 years of experience in the information technology industry, with expertise in identity management, electronic directories, public key infrastructure, smartcard technology, and enterprise architecture. Graham has completed identity management projects for the state government in Queensland, Australia, the worldwide operations of Orica, and the University of Western Sydney. His areas of expertise are electronic directories, identify management, public key infrastructure and smartcard technology. CEO of Internet Commerce Australia, he is a seasonal lecturer at Bond University, Australia, lecturing in ICT Project Management and Information
Graham holds an engineering degree from the University of Toronto and a
Master of Business Administration degree from Bond University. He holds the
Professional Engineering designation (PEng) with the Professional Engineers
of Ontario, Canada, and he is a Certified Management Consultant (CMC) with
the Australian Institute of Management Consultants.
David Yip — David S. Y. Yip has more than 25 years of experience working in the information technology industry. His work experience includes identity management engagements with Standard and Chartered Bank, Hong Kong Jockey Club, Hong Kong Police, and a number of universities, including the University of Western Sydney. His work experience covers all the major suppliers of identity management suites, including Sun, Oracle, IBM, and CA. Dave's focus of expertise is in identity management security, secure remote access, single sign-on, authentication and authorization, directory service technologies, PKI, smart card technology, as well as security audit and assessment.
Dave is General Manager of SkyworthTTG (Hong Kong and South East Asia),
Prior SkyworthTTG. Previously, Dave was founder and president of
Gamatech, Ltd., a security solution IT firm and a subsidiary of Karin Technology. Before Gamatech, Dave was employed in various enterprises, including Standard Chartered Bank, PCCW, Wang Computer, and Olivetti. Dave holds an Honors Bachelor of Mathematics degree from the University of Waterloo, Canada.
Ilan Sharoni — Ilan Sharoni is Director of pre sales for the security role management unit with Computer Associates in Israel. Before the acquisition by CA, Ilan held the position of sales director with Eurekify, a leading supplier of role management software. Ilan's area of expertise is IT/security access rights, and he is an expert in the field of role management, compliance, and privileges auditing.
Before Eurekify, Ilan worked with BMC Software, a leading provider of enterprise management solutions, where he managed Latin America as Marketing
and Sales Director. Ilan served as the Product Manager for New Dimension
Software, Ltd.'s Enterprise Scheduling Management Solution, prior to the company's acquisition by BMC Software. Ilan holds an M.Sc. in Business and Information Systems and a B.Sc. in Physics and Computer Science from Tel-Aviv
Kent Spaulding — Kent Spaulding has more than 20 years in software development and engineering, with leading-edge expertise in identity management, distributed computing, and object-oriented technologies on a variety of computing platforms, including PDAs, PCs, and workstations.
Kent's area of expertise is in identity management. He is the CTO of Skyworth
TTG Holdings, Inc. and is the current Chair of the OASIS Provisioning Services Technical Committee. Prior to joining Skyworth TTG, Kent was the technical lead for the SPML 2.0 implementation in Sun's Identity Manager Product and the community leader of OpenSPML.org. He was also the technical lead for the Sun Java™ Systems Identity Synchronization for Windows product and designed and developed core components of the Sun ONE Registry Server
Kent holds a Master of Science degree in Electrical Engineering, focusing on Software Engineering, from the University of Texas at Austin and has a Bachelor of Arts in Computer Science Applications and Russian from the University of Colorado at Boulder.
Chapter 1: Identity
What Are the Components of a Person's Identity?
So Where Does Privacy Fit In?
Where Do Roles Fit Into the Concept of an Identity?
Can I Have Multiple Identities in an Identity Management Environment?
Chapter 2: Managing Identities and Identity Stores
Identities and User Accounts
What Is an Identity Store?
Why Multiple Stores Are a Fact of Life
Strategies for Multiple-Store Environments
Delegated Administration and Self-Service
Chapter 3: Directories
Schemas and Namespace Planning
The Power of a DIT
Issues to Be Aware Of
Directory and Database Design
The “M” Word
Selecting a Configuration
Chapter 4: Authentication and Access Control
Methods of Authentication
Levels of Authentication
Authentication Assurance Levels
Registration Assurance Levels
Chapter 5: Provisioning
The Mark of a Robust Process
Business System Issues
The Role of Roles
The Benefits of Roles
Automating a Provisioning System
Sequential and Parallel Authorization
Chapter 6: Role-Based Access Control
So What Is RBAC?
Why Is RBAC Important
How Should RBAC Be Implemented?
A Word of Caution
Chapter 7: Single Sign-on and Federated Authentication
Single Sign-on for the Enterprise
Chapter 8: Governance, Risk, and Compliance
HR Pattern-based Auditing
Business Policies (IT Controls and SoD Rules)
Best Practices for System Cleansing and Auditing
Federated Authentication Auditing
Chapter 9: Implementation and Roadmap
Typical Project Structure
Navigating the Political Landscape
Chapter 10: Public Key Infrastructure
Why Do We Need PKI?
How Does PKI Work?
How Is PKI Used?
A Final Comment
Chapter 11: Electronic Identity Smartcards
An Ideal Platform
Appendix A: Case Scenario
The “As-Is” Situation
The “To-Be” Requirement
Program of Work