Identity Management

John Linn, RSA Laboratories

Introduction

Identity Management: Motivation, Goals, and Issues

Broadening and Distributing Digital Identity

User Experience and Convenience

Security, Privacy, and Control

Identity Management Elements

Centralized and Distributed Systems

Identity Providers

Attribute Services

Data Consumers

Networking and Application Integration Issues

Single Sign-On Approaches

Browser Capabilities

Identifying and Delimiting Sessions

Identity Management and Web Services

Security and Privacy Issues

Benefits of Identity Management

Risks of Identity Management

Dependencies and Assumptions

Architecture Examples

Security Assertion Markup Language (SAML)

Liberty Alliance's Identity Federation Framework (ID-FF)

Shibboleth

Liberty Alliance Identity Web Services Framework (ID-WSF)

WS-Federation

Conclusions

Glossary

Cross References

References

INTRODUCTION

Today's network users are accessing ever-growing numbers of sites. Their accesses involve a widening set of attributes, such as shipping addresses, personal preferences, and authorization rights. Users and their administrators want the ability to control this information conveniently and consistently, according to security and privacy policies. Target sites want standard facilities that enable them (given suitable authorization) to obtain users' identity information without burdening the users involved. In response to these motivations, as of 2004, several initiatives are defining specifications concerned with ...

Get Handbook of Information Security: Threats, Vulnerabilities, Prevention, Detection, and Management, Volume 3 now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.