The rise of network-based, automated services in the past decade has definitely changed the way businesses operate, but not always for the better. Offering services, conducting transactions and moving data on the Web opens new opportunities, but many CTOs and CIOs are more concerned with the risks. Like the rulers of medieval cities, they've adopted a siege mentality, building walls to keep the bad guys out. It makes for a secure perimeter, but hampers the flow of commerce.

Fortunately, some corporations are beginning to rethink how they provide security, so that interactions with customers, employees, partners, and suppliers will be richer and more flexible. Digital Identity explains how to go about it. This book details an important concept known as "identity management architecture" (IMA): a method to provide ample protection while giving good guys access to vital information and systems. In today's service-oriented economy, digital identity is everything. IMA is a coherent, enterprise-wide set of standards, policies, certifications and management activities that enable companies like yours to manage digital identity effectively--not just as a security check, but as a way to extend services and pinpoint the needs of customers.

Author Phil Windley likens IMA to good city planning. Cities define uses and design standards to ensure that buildings and city services are consistent and workable. Within that context, individual buildings--or system architectures--function as part of the overall plan. With Windley's experience as VP of product development for Excite@Home.com and CIO of Governor Michael Leavitt's administration in Utah, he provides a rich, real-world view of the concepts, issues, and technologies behind identity management architecture.

How does digital identity increase business opportunity? Windley's favorite example is the ATM machine. With ATMs, banks can now offer around-the-clock service, serve more customers simultaneously, and do it in a variety of new locations. This fascinating book shows CIOs, other IT professionals, product managers, and programmers how security planning can support business goals and opportunities, rather than holding them at bay.

Amazon.com® Reader Reviews (Ranked by Helpfulness)

Average Amazon.com® Rating:  Based on 12 Ratings

Short but useful intro to identity management - 2007-01-04
Reviewer Rating:
This book is designed to familiarize CIOs, IT managers, and other IT professionals with the language, concepts, and technology of digital identity. Managing digital identity is one of the most fundamental activities in IT and a good identity management strategy is the key to not only protecting the enterprise from attack, but, more important, providing flexible access for partners, customers, and employees to needed information and systems.

This book is not a book with code examples and recipes for building digital identity management systems. Even so, it is a technical book that explains the technology of digital identity in some detail. More importantly, the book puts the technology in context and shows how it can all be put to the task of managing digital identities inside your organization.

The book is divided into three sections. The first section is about the core concepts in digital identity, including privacy and trust. The second section discusses the technology of digital identity. The third section portrays in some detail a process, called an identity management architecture (IMA), that you can use to build a digital identity infrastructure in your organization, regardless of its size or organization. The information in the last section is prescriptive in nature. Because of his experiences, the author has a clear philosophy on how to build an IMA. He therefore presents a rather detailed series of steps that show how to create an IMA and how to use it. I found the book quite accessible, and this isn't even an area of my expertise. I would recommend it for anyone trying to get started in the field, especially if you're a manager. The following is the table of contents:

Chapter 1. Introduction
Section 1.1. Business Opportunity
Section 1.2. Digital Identity Matters
Section 1.3. Using Digital Identity
Section 1.4. The Business Context of Identity
Section 1.5. Foundational Technologies for Digital Identity
Section 1.6. Identity Management Architectures

Chapter 2. Defining Digital Identity
Section 2.1. The Language of Digital Identity
Section 2.2. Identity Scenarios in the Physical World
Section 2.3. Identity, Security, and Privacy
Section 2.4. Digital Identity Perspectives
Section 2.5. Identity Powershifts
Section 2.6. Conclusion

Chapter 3. Trust
Section 3.1. What Is Trust?
Section 3.2. Trust and Evidence
Section 3.3. Trust and Risk
Section 3.4. Reputation and Trust Communities
Section 3.5. Conclusion

Chapter 4. Privacy and Identity
Section 4.1. Who's Afraid of RFID?
Section 4.2. Privacy Pragmatism
Section 4.3. Privacy Drivers
Section 4.4. Privacy Audits
Section 4.5. Privacy Policy Capitalism
Section 4.6. Anonymity and Pseudonymity
Section 4.7. Privacy Principles
Section 4.8. Prerequisites
Section 4.9. Conclusion

Chapter 5. The Digital Identity Lifecycle
Section 5.1. Provisioning
Section 5.2. Propagating
Section 5.3. Using
Section 5.4. Maintaining
Section 5.5. Deprovisioning
Section 5.6. Conclusion

Chapter 6. Integrity, Non-Repudiation, and Confidentiality
Section 6.1. Integrity
Section 6.2. Non-Repudiation
Section 6.3. Confidentiality
Section 6.4. Conclusion

Chapter 7. Authentication
Section 7.1. Authentication and Trust
Section 7.2. Authentication Systems
Section 7.3. Authentication System Properties
Section 7.4. Conclusion

Chapter 8. Access Control
Section 8.1. Policy First
Section 8.2. Authorization Patterns
Section 8.3. Abstract Authorization Architectures
Section 8.4. Digital Certificates and Access Control
Section 8.5. Conclusion

Chapter 9. Names and Directories
Section 9.1. Utah.gov: Naming and Directories
Section 9.2. Naming
Section 9.3. Directories
Section 9.4. Aggregating Directory Information
Section 9.5. Conclusion

Chapter 10. Digital Rights Management
Section 10.1. Digital Leakage
Section 10.2. The DRM Battle
Section 10.3. Apple iTunes: A Case Study in DRM
Section 10.4. Features of DRM
Section 10.5. DRM Reference Architecture
Section 10.6. Trusted Computing Platforms
Section 10.7. Specifying Rights
Section 10.8. Conclusion

Chapter 11. Interoperability Standards
Section 11.1. Standards and the Digital Identity Lifecycle
Section 11.2. Integrity and Non-Repudiation: XML Signature
Section 11.3. Confidentiality: XML Encryption
Section 11.4. Authentication and Authorization Assertions
Section 11.5. Example SAML Use Cases
Section 11.6. Identity Provisioning
Section 11.7. Representing and Managing Authorization Policies
Section 11.8. Conclusion

Chapter 12. Federating Identity
Section 12.1. Centralized Versus Federated Identity
Section 12.2. The Mirage of Centralized Efficiency
Section 12.3. Network Effects and Digital Identity Management
Section 12.4. Federation in the Credit Card Industry
Section 12.5. Benefits of Federated Identity
Section 12.6. Digital Identity Standards
Section 12.7. Three Federation Patterns
Section 12.8. Conclusion

Chapter 13. An Architecture for Digital Identity
Section 13.1. Identity Management Architecture
Section 13.2. The Benefits of an Identity Management Architecture
Section 13.3. Success Factors
Section 13.4. Roadblocks
Section 13.5. Identity Management Architecture Components
Section 13.6. Conclusion

Chapter 14. Governance and Business Modeling
Section 14.1. IMA Lifecycle
Section 14.2. IMA Governance Model
Section 14.3. Initial Steps
Section 14.4. Creating a Vision
Section 14.5. IMA Governing Roles
Section 14.6. Resources
Section 14.7. What to Outsource
Section 14.8. Understanding the Business Context
Section 14.9. Business Function Matrix
Section 14.10. IMA Principles
Section 14.11. Conclusion

Chapter 15. Identity Maturity Models and Process Architectures
Section 15.1. Maturity Levels
Section 15.2. The Maturity Model
Section 15.3. The Rights Steps at the Right Time
Section 15.4. Finding Identity Processes
Section 15.5. Evaluating Processes
Section 15.6. A Practical Action Plan
Section 15.7. Filling the Gaps with Best Practices
Section 15.8. Conclusion

Chapter 16. Identity Data Architectures
Section 16.1. Build a Data Architecture
Section 16.2. Processes Link Identities
Section 16.3. Data Categorization
Section 16.4. Identity Data Structure and Metadata
Section 16.5. Exchanging Identity Data
Section 16.6. Principles for Identity Data
Section 16.7. Conclusion

Chapter 17. Interoperability Frameworks for Identity
Section 17.1. Principles of a Good IF
Section 17.2. Contents of an Identity IF
Section 17.3. Example Interoperability Framework
Section 17.4. A Word of Warning
Section 17.5. Conclusion

Chapter 18. Identity Policies
Section 18.1. The Policy Stack
Section 18.2. Attributes of a Good Identity Policy
Section 18.3. Determining Policy Needs
Section 18.4. Writing Identity Policies
Section 18.5. An Identity Policy Suite
Section 18.6. Assessing Identity Policies
Section 18.7. Enforcement
Section 18.8. Procedures
Section 18.9. Conclusion

Chapter 19. Identity Management Reference Architectures
Section 19.1. Reference Architectures
Section 19.2. Benefits and Pitfalls
Section 19.3. Reference Architecture Best Practices
Section 19.4. Using a Reference Architecture
Section 19.5. Components of a Reference Architecture
Section 19.6. Technical Position Statements
Section 19.7. Consolidated Infrastructure Blueprint
Section 19.8. System Reference Architectures
Section 19.9. Conclusion

Chapter 20. Building an Identity Management Architecture
Section 20.1. Scoping the Process
Section 20.2. Which Projects Are Enterprise Projects?
Section 20.3. Sequencing the IMA Effort
Section 20.4. A Piece at a Time
Section 20.5. Conclusion: Dispelling IMA Myths

Poorly written high-level content. - 2008-02-17
Reviewer Rating:
In my opinion, this book is really feeding the buzzwords frenzy of Identity management domain . It certainly "talks the talk", but can it "walk the talk"? - Full of google-able content and no meat. I can think of numerous glaring examples where the book falls short. To name a few: SAML (huh? where is SAML 2.0), XACML, Liberty, WS-Federation
I think the book does a below average job of providing practical information. Even the content does not flow very smoothly and coherently.
I wasted mu money, now this book going to be on my shelf collecting dust.

high-level concepts but no practical guidance - 2007-03-21
Reviewer Rating:
This book gives a hello world introduction about digital identity concepts and nothing beyond. The book absolutely fails and falls short on explaning the identity management standards and technologies related to single sign-on, federation, provisioning and assurance. From a real-world IDMS deployment perspective the book is truly misleading !

Excellent book on Identity Management - 2007-07-26
Reviewer Rating:
Identity Management is my day to day job as our company heavily focuses on various IAM initiatives.I was always looking for a book that can give enough material on how to go about design, deploy IAM solutions. This book is the one for it. This book really deserves 5 stars.
Thanks,
Ramnath Krishnamurthi,
C.E.0
Like Minds Consulting Inc,
New York, U.S.A

Practical and Informative - 2007-06-25
Reviewer Rating:
A great book, cover to cover - and exceptionally well organized. The subject matter is covered in a methodical, clear manner, and is applicable to both the expert and the neophyte to IdM. I was very impressed by the practical nature of the book; the recommendations are actionable and easy to follow. This book may well be the definitive text on digital identity management. I highly recommended it!

Browse Similar Topics

Top Level Categories:
Business
Computer Science
Enterprise Computing
Internet/Online
Security

Sub-Categories:
Business > Management Strategy
Computer Science > Information Theory
Enterprise Computing > Security
Internet/Online > Personal Privacy
Internet/Online > Business Strategy
Security > Enterprise Computing