book

Digital Identity

Name: Digital Identity
Author: Phillip J. Windley
ISBN: 9780596553944

by Phillip J. Windley

August 2005

Beginner

256 pages

8h 26m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Digital Identity
SPECIAL OFFER: Upgrade this ebook with O’Reilly
Foreword
Preface
Who Should Read This Book
Conventions Used in This Book
Comments and Questions
Safari Enabled
Acknowledgments
1. Introduction
1.1. Business Opportunity
1.2. Digital Identity Matters

1.3. Using Digital Identity
1.4. The Business Context of Identity
1.5. Foundational Technologies for Digital Identity
1.6. Identity Management Architectures
2. Defining Digital Identity
2.1. The Language of Digital Identity
2.2. Identity Scenarios in the Physical World
2.3. Identity, Security, and Privacy
2.4. Digital Identity Perspectives
2.5. Identity Powershifts
2.6. Conclusion
3. Trust
3.1. What Is Trust?
3.2. Trust and Evidence
3.3. Trust and Risk
3.4. Reputation and Trust Communities
3.5. Conclusion
4. Privacy and Identity
4.1. Who's Afraid of RFID?
4.2. Privacy Pragmatism
4.3. Privacy Drivers
4.4. Privacy Audits
4.5. Privacy Policy Capitalism
4.6. Anonymity and Pseudonymity
4.7. Privacy Principles
4.8. Prerequisites
4.9. Conclusion
5. The Digital Identity Lifecycle
5.1. Provisioning
5.2. Propagating
5.3. Using
5.4. Maintaining
5.5. Deprovisioning
5.6. Conclusion
6. Integrity, Non-Repudiation, and Confidentiality
6.1. Integrity
6.2. Non-Repudiation
6.3. Confidentiality
6.3.1. Cryptography6.3.1.1. Secret keys6.3.1.2. Public key cryptography6.3.1.3. Hybrid key systems6.3.1.4. Public key cryptosystem algorithms6.3.2. Message Digests and Hashes6.3.3. Digital Signatures6.3.4. Digital Certificates6.3.5. Certificate Authorities6.3.6. Certificate Revocations Lists6.3.7. Public-Key Infrastructures6.3.8. Going Further
6.4. Conclusion
7. Authentication
7.1. Authentication and Trust
7.2. Authentication Systems
7.2.1. Cookies7.2.2. ID and Password7.2.2.1. Password management7.2.2.2. Password reset7.2.3. Challenge-Response Systems7.2.4. Digital Certificates7.2.5. Biometric Devices7.2.6. Smart Cards
7.3. Authentication System Properties
7.3.1. Practicality7.3.2. Appropriate Level of Security7.3.3. Locational Transparency7.3.4. Protocol Insensitivity7.3.5. Appropriate Level of Privacy7.3.6. Reliability7.3.7. Auditability7.3.8. Manageability7.3.9. Federation Support
7.4. Conclusion
8. Access Control
8.1. Policy First8.1.1. Responsibility8.1.2. Principle of Least Privilege8.1.3. Accountability Scales Better than Enforcement
8.2. Authorization Patterns
8.2.1. Mandatory and Discretionary Access Control8.2.2. User-Based Permission Systems8.2.3. Access-Control Lists8.2.4. Role-Based Access Control
8.3. Abstract Authorization Architectures
8.4. Digital Certificates and Access Control
8.5. Conclusion
9. Names and Directories
9.1. Utah.gov: Naming and Directories
9.2. Naming
9.2.1. Namespaces9.2.2. Uniform Resource Indicators: A Universal Namespace9.2.3. Cool URIs Don't Change
9.3. Directories
9.3.1. Directories Are Not Databases9.3.2. An Example Directory9.3.3. Enterprise Directory Services9.3.3.1. Domain Name System9.3.3.2. RMIRegistry9.3.3.3. X.500: heavyweight directory services9.3.3.4. LDAP
9.4. Aggregating Directory Information
9.4.1. Metadirectories9.4.2. Virtual Directories
9.5. Conclusion
10. Digital Rights Management
10.1. Digital Leakage
10.2. The DRM Battle
10.3. Apple iTunes: A Case Study in DRM
10.4. Features of DRM
10.5. DRM Reference Architecture
10.6. Trusted Computing Platforms
10.7. Specifying Rights
10.7.1. XrML
10.8. Conclusion
11. Interoperability Standards
11.1. Standards and the Digital Identity Lifecycle
11.2. Integrity and Non-Repudiation: XML Signature
11.3. Confidentiality: XML Encryption
11.4. Authentication and Authorization Assertions
11.5. Example SAML Use Cases
11.6. Identity Provisioning
11.6.1. SPML Requests and Responses
11.7. Representing and Managing Authorization Policies
11.8. Conclusion
12. Federating Identity
12.1. Centralized Versus Federated Identity
12.2. The Mirage of Centralized Efficiency
12.3. Network Effects and Digital Identity Management
12.4. Federation in the Credit Card Industry
12.5. Benefits of Federated Identity
12.6. Digital Identity Standards
12.6.1. Microsoft, IBM, and the WS-* Roadmap12.6.2. OASIS12.6.3. Liberty Alliance12.6.4. Internet2 and Shibboleth12.6.5. The Future of Federation Standards
12.7. Three Federation Patterns
12.7.1. Pattern 1: Ad Hoc Federation12.7.2. Pattern 2: Hub-and-Spoke Federation12.7.2.1. Bank of America: a cautionary tale12.7.3. Scenario 3: Identity Network12.7.4. Addressing the Problem of Trust12.7.5. A Secure, Protected Environment12.7.6. The Future of Federated Identity Networks
12.8. Conclusion
13. An Architecture for Digital Identity
13.1. Identity Management Architecture
13.2. The Benefits of an Identity Management Architecture
13.3. Success Factors
13.4. Roadblocks
13.5. Identity Management Architecture Components
13.6. Conclusion
14. Governance and Business Modeling
14.1. IMA Lifecycle
14.2. IMA Governance Model
14.3. Initial Steps
14.4. Creating a Vision
14.5. IMA Governing Roles
14.5.1. Primary Roles14.5.2. Supporting Roles
14.6. Resources
14.7. What to Outsource
14.8. Understanding the Business Context
14.9. Business Function Matrix
14.9.1. Creating the Business Function Matrix
14.10. IMA Principles
14.11. Conclusion
15. Identity Maturity Models and Process Architectures
15.1. Maturity Levels
15.2. The Maturity Model
15.2.1. Level 1: Ad Hoc15.2.2. Level 2: Focused15.2.3. Level 3: Standardized15.2.4. Level 4: Integrated
15.3. The Rights Steps at the Right Time
15.4. Finding Identity Processes
15.5. Evaluating Processes
15.6. A Practical Action Plan
15.7. Filling the Gaps with Best Practices
15.8. Conclusion
16. Identity Data Architectures
16.1. Build a Data Architecture16.1.1. Processes Trump Data
16.2. Processes Link Identities
16.2.1. Employee Provisioning16.2.2. The Identity Data Inventory
16.3. Data Categorization
16.3.1. Identity Data Audit16.3.2. Identity Mapping16.3.3. Process-to-Identity Matrix
16.4. Identity Data Structure and Metadata
16.5. Exchanging Identity Data
16.6. Principles for Identity Data
16.7. Conclusion
17. Interoperability Frameworks for Identity
17.1. Principles of a Good IF
17.2. Contents of an Identity IF
17.2.1. Standard Status17.2.2. Listing Standards
17.3. Example Interoperability Framework
17.4. A Word of Warning
17.5. Conclusion
18. Identity Policies
18.1. The Policy Stack
18.2. Attributes of a Good Identity Policy
18.3. Determining Policy Needs
18.3.1. Business Inspired Projects and Processes18.3.2. Security Considerations18.3.3. Meeting External Requirements18.3.4. Feedback on Existing Policies
18.4. Writing Identity Policies
18.4.1. Policy Outline
18.5. An Identity Policy Suite
18.5.1. Naming and Certificates18.5.2. Passwords18.5.3. Encryption and Digital Signatures18.5.4. Directories18.5.5. Privacy18.5.6. Authentication18.5.7. Access Control18.5.8. Provisioning18.5.9. Federation18.5.10. The Policy Review Framework
18.6. Assessing Identity Policies
18.7. Enforcement
18.8. Procedures
18.9. Conclusion
19. Identity Management Reference Architectures
19.1. Reference Architectures
19.2. Benefits and Pitfalls
19.3. Reference Architecture Best Practices
19.4. Using a Reference Architecture
19.5. Components of a Reference Architecture
19.6. Technical Position Statements
19.6.1. Making Decisions About Technical Positions
19.7. Consolidated Infrastructure Blueprint
19.7.1. Goal State CIBs
19.8. System Reference Architectures
19.9. Conclusion
20. Building an Identity Management Architecture
20.1. Scoping the Process
20.2. Which Projects Are Enterprise Projects?
20.3. Sequencing the IMA Effort
20.4. A Piece at a Time
20.5. Conclusion: Dispelling IMA Myths
Index
About the Author
Colophon
SPECIAL OFFER: Upgrade this ebook with O’Reilly

Content preview from Digital Identity

Chapter 6. Integrity, Non-Repudiation, and Confidentiality

Among the foundational concepts in digital identity are message integrity, non-repudiation, and confidentiality. Integrity ensures a message or transaction has not been tampered with. Non-repudiation provides evidence for the existence of a message or transaction and ensures its contents cannot be disputed once sent. Confidentiality ensures that only the people or processes authorized to view and use the contents of a message or transaction have access to those contents. In some situations, these properties are unneeded luxuries, but in others, the lack of one of these properties can lead to disaster. Understanding them, and when to use them, is crucial to a digital identity management strategy.

Integrity

Integrity is a fundamental requirement of a trustworthy identity infrastructure. Identity systems exchange credentials as well as messages and transactions regarding attributes, provisioning information, and other data. Trusting that the contents have not been tampered with is important. As an example, consider a document representing identity credentials. To trust those credentials, we must be able to verify they are authentic and have not been changed.

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 0596008783Errata Page

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Digital Identity

by Phillip J. Windley

Chapter 6. Integrity, Non-Repudiation, and Confidentiality

Integrity

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

More than 5,000 organizations count on O’Reilly

Julian F.

Addison B.

Amir M.

Mark W.

You might also like

Learning Digital Identity

Self-Sovereign Identity

The Digital Transformation Roadmap

Digital Forensics and Incident Response - Second Edition

Publisher Resources