Title:
Identity management : concepts, technologies, and systems
Personal Author:
Series:
Information security and privacy series
Artech House information security and privacy series.
Publication Information:
Boston : Artech House, [2011], ©2011.
Physical Description:
196 pages : illustrations ; 24 cm.
ISBN:
9781608070398
Subject Term:
Added Author:
Available:*
Library | Item Barcode | Call Number | Material Type | Item Category 1 | Status |
|---|---|---|---|---|---|
Searching... | 30000010312161 | TK5105.55 B473 2011 | Open Access Book | Book | Searching... |
On Order
Summary
Summary
Digital identity can be defined as the digital representation of the information known about a specific individual or organization. Digital identity management technology is an essential function in customizing and enhancing the network user experience, protecting privacy, underpinning accountability in transactions and interactions, and complying with regulatory controls. This practical resource offers an in-depth understanding of how to design, deploy and assess identity management solutions.
Author Notes
Elisa Bertino is a professor and research director at Purdue University in West Lafayette, Indiana. She holds a Ph.D. in computer science and is a Fellow of the IEEE Computer Society and the Association for Computing Machinery.
Kenji Takahashi is the president and CEO of NTT Multimedia Communications Laboratories, Inc., in San Mateo, California. He received a Ph.D. in computer science from the Tokyo Institute of Technology.
Table of Contents
| 1 Introduction | p. 11 |
| 1.1 Stakeholders and Business Opportunities | p. 12 |
| 1.2 Identity Ecosystem and Key Trends | p. 14 |
| 1.3 Challenges in Identity Management | p. 18 |
| 1.4 Overview of This Book | p. 18 |
| References | p. 19 |
| 2 What Is Identity Management? | p. 21 |
| 2.1 Stakeholders and Their Requirements | p. 25 |
| 2.1.1 Subjects | p. 25 |
| 2.1.2 Identity Providers | p. 27 |
| 2.1.3 Relying Parties | p. 27 |
| 2.1.4 Control Parties | p. 28 |
| 2.1.5 Relationships Between Stakeholders | p. 28 |
| 2.2 Identity Life Cycle | p. 29 |
| 2.2.1 Creation | p. 30 |
| 2.2.2 Usage | p. 32 |
| 2.2.3 Update | p. 34 |
| 2.2.4 Revocation | p. 35 |
| 2.2.5 Governance | p. 36 |
| 2.3 Identity Assurance | p. 37 |
| References | p. 41 |
| 3 Fundamental Technologies and Processes | p. 45 |
| 3.1 Credentials | p. 46 |
| 3.1.1 Basic Concepts | p. 46 |
| 3.1.2 Public-Key Certificates and Public-Key Infrastructures | p. 48 |
| 3.1.3 Attribute and Authorization Certificates | p. 51 |
| 3.1.4 Credential Delegation | p. 52 |
| 3.1.5 Proxy Certificates | p. 54 |
| 3.2 Single Sign-On | p. 55 |
| 3.2.1 Kerberos Protocols | p. 57 |
| 3.2.2 Reverse Proxy-Based SSO | p. 60 |
| 3.3 Attribute Federation | p. 61 |
| 3.3.1 Distributed Mediation | p. 63 |
| 3.3.2 Single Party-Based Mediation | p. 63 |
| 3.4 Privacy | p. 65 |
| 3.4.1 Pseudonym Systems | p. 66 |
| 3.4.2 Anonymous Credentials | p. 68 |
| 3.5 Assurance and Compliance | p. 70 |
| References | p. 71 |
| 4 Standards and Systems | p. 75 |
| 4.1 Overview | p. 76 |
| 4.2 OASIS Security Assertion Markup Language (SAML) | p. 77 |
| 4.2.1 Overview | p. 77 |
| 4.2.2 Specification Structure | p. 79 |
| 4.2.3 Web SSO | p. 86 |
| 4.2.4 Use Cases | p. 92 |
| 4.3 Liberty Identity Web Services Framework | p. 93 |
| 4.3.1 Opt-In Discovery Registration | p. 96 |
| 4.3.2 Dynamic Acquisition of Consent from Subjects | p. 96 |
| 4.3.3 Federated Identity-Based Access Control | p. 97 |
| 4.3.4 Pseudonym Mapping | p. 97 |
| 4.3.5 Use Cases | p. 97 |
| 4.4 OpenID | p. 98 |
| 4.4.1 Overview | p. 98 |
| 4.4.2 Authentication | p. 98 |
| 4.4.3 Attribute Exchange (AX) | p. 101 |
| 4.4.4 Provider Authentication Policy Extension (PAPE) | p. 101 |
| 4.4.5 Simple Registration (SREG) | p. 102 |
| 4.4.6 Use Cases | p. 102 |
| 4.5 Information Card-Based Identity Management (IC-IDM) | p. 104 |
| 4.5.1 Overview | p. 104 |
| 4.5.2 WS-MetadataExchange | p. 108 |
| 4.5.3 WS-Trust | p. 108 |
| 4.5.4 Use Cases | p. 108 |
| 4.6 Towards Interoperability | p. 110 |
| 4.6.1 Use Cases | p. 111 |
| 4.6.2 Comparative Analysis of SAML, OpenID, and Information Cards | p. 119 |
| 4.7 Security Analysis | p. 121 |
| 4.7.1 Confidentiality | p. 122 |
| 4.7.2 Integrity | p. 126 |
| 4.7.3 Availability | p. 127 |
| 4.7.4 Repudiation | p. 128 |
| 4.7.5 Authentication | p. 129 |
| 4.7.6 Authorization | p. 129 |
| 4.8 Privacy Analysis | p. 130 |
| 4.9 Research Prototypes | p. 131 |
| 4.9.1 SASSO | p. 132 |
| 4.9.2 VeryIDX | p. 133 |
| 4.9.3 SWIFT | p. 134 |
| 4.9.4 Emerging Areas: Social Networks, Mobile, and Cloud Computing | p. 134 |
| References | p. 139 |
| 5 Challenges | p. 147 |
| 5.1 Usability | p. 148 |
| 5.1.1 Usability Principles and Requirements | p. 148 |
| 5.1.2 Evaluating the Usability of Identity Management Solutions | p. 151 |
| 5.1.3 Antiphishing Measures | p. 152 |
| 5.2 Access Control | p. 153 |
| 5.3 Privacy Protection | p. 155 |
| 5.3.1 Privacy Policies | p. 156 |
| 5.3.2 Anonymization of Personally Identifiable Information and Privacy-Preserving Data Mining | p. 162 |
| 5.3.3 Privacy Protection in Emerging Services | p. 166 |
| 5.4 Trust Management | p. 167 |
| 5.4.1 Reputation of the Party | p. 167 |
| 5.4.2 Objective Verification of Certain Party Characteristics | p. 168 |
| 5.4.3 Possession of Credentials Attesting Certain Party Identity Information | p. 168 |
| 5.4.4 Trust in the Context of Identity Management | p. 169 |
| 5.5 Interoperability Challenge | p. 169 |
| 5.5.1 Universal User Experiences | p. 170 |
| 5.5.2 Naming Heterogeneity Management | p. 170 |
| 5.6 Biometrics | p. 171 |
| References | p. 175 |
| 6 Conclusions | p. 181 |
| References | p. 185 |
| About the Authors | p. 187 |
| Index | p. 189 |
