Identity Management Facts

This document provides facts related to "Identity Management" for usage in the written part of my diploma thesis.

Content

General

  • Two possibel identity management architectures:

  • Evolution of identity networks:

What is identity?

Article foundFact
Secure Web services [Sh03]
  • set of attributes that describes a profile of an individual, business organization, or software entity (the set of attributes for an individual, for example, could include driver's license, social security number, travel preferences, medical history, financial data, and so on)

Why identity management architecture?

Article foundFact
Secure Web services [Sh03]
  • todays WebSites and Enterprises have its own authentication method, and its own method of maintaining identity information and user profiles (identity crisis)
  • today each site has inconsistent schemes for accessing and editing identity information
  • each site has unclear and/or differing policy and privacy statements (few, if any, silo identity systems truly interoperate)
  • Distinct identities and logins exist for building access, workstation login, application access, and remote access. Different applications require the user to reenter username and password, which don't interoperate. This makes managing Web properties, applications, identities, and policies nonscalable, and effectively prohibits the interaction (or even the association) of identities across applications or Web services.

Centralized Model

Article foundFact
Secure Web services [Sh03]
  • a single operator performs authentication and authorization by owning and controlling all the identity information
  • Advantages:
    • a single operator owns and controls everything, constructing and managing the identity network could be easier than with the federated model
  • Disadvantages:
    • dangerous potential for the single operator becoming a tollgate for all transactions over the Internet (f.e. the operator might charge a fee for every transaction you make)
    • the single operator could represent a single point of security failure or hacker attack
    • a single operator can take away the most important business asset - that is, customer identity and profile information - from an organization

Open federated Model

Article foundFact
Secure Web services [Sh03]
  • authentication and authorization tasks are distributed among federated communities
  • Advantages:
    • organizations can maintain their own customer/employee data while sharing identity data with partners based on their business objectives and customer preferences
  • Disadvantages:
  • Roles in federate identity management architecture:



    Three roles:
    • The Consumer:
      • as a consumer, you can have multiple identity profiles, and you can ask different identity providers to maintain these profiles
      • you can pick and choose which identity provider to maintain your profile based on price, credibility, service, and so on
      • consumers have a final say in terms of who can access what information
    • The Identity Provider:
      • identity providers maintain user profile information and can interoperate among themselves as long as they have permission to do so from the profile's owner, the consumer
      • Identity providers are expected to compete for your business in the future in the same way HMOs, banks, and brokerage houses compete for your business today
    • The Service Provider:
      • the service provider, the merchant who has services to offer consumers
      • can customize their services to each consumer by retrieving relevant identity profiles from the identity providers