The Definitive Guide to Identity Management

by Archie Reed


The Definitive Guide to Identity Management is the most concise and practical guide available to explain the concept of Identity Management. This eBook, written by noted author and speaker Archie Reed, looks at specific implementations and solutions to enable the practical implementation of Identity Management solutions, including the relationships between identity and single sign-on, Web-based single sign-on, PKI, USB smart tokens, keys, smart cards, biometrics, Internet and intranet security, and VPNs and gateways.


Chapter 1: The Who, What, Where, and When of Identity Management

Welcome to The Definitive Guide to Identity Management, the most concise and practical guide available today to explain the concepts of Identity Management. This chapter will introduce, at a high level, many of the concepts and terms used in the field as well as discuss basic and advanced scenarios in which Identity Management is a fundamental requirement. Although this chapter deals with a lot of abstract ideas, it is important for the reader to obtain a good grasp of the key concepts and terms, as they will be used throughout the rest of the book.

Chapter 2: Identity Management and Security

Chapter 1 discussed the basics of Identity Management. As observed, Identity Management is not a simple off-the-shelf solution—comprised of both technology components and business strategies and policies, it is essential to research and understand the many aspects of Identity Management to provide a true Identity Management solution. That is the goal of the following chapters: to delve deeper into the components required and available to support an Identity Management initiative.

Identity Management helps meet the key security management requirements that most organizations have today. The security requirements of an enterprise that provides access to employees is different than those of an Internet-based consumer site. In the case of the enterprise, regardless of its size, it is important that there exist some record of each employee— the employee’s role and access levels across systems. In the case of the consumer Internet sites, the same information exists, but it is obtained with less concern for accuracy, and the information has different attributes and contexts and may be more readily shared across other sites. In this case, there may be more reliance on validating information through credit card companies, which is something an employer generally will not utilize. Despite these differences, there is a great deal of commonality across definitions of Identity Management frameworks. In this chapter, we will evaluate how an Identity Management solution is defined within the security infrastructure of these scenarios, exploring each of the components that have a vital role in protecting a system.

Chapter 3: Identity Management Applications

Time has been spent in the previous chapters gaining a common vocabulary and baseline understanding of the Identity Management components and concepts. Given the argument that in the Identity Management space no one size solution fits all, the goal now is to provide a run down of the Identity Management players and the key differentiators in their products. One of the common ways to progress Identity Management projects is to focus on key initiatives that can immediately provide return on investment (ROI). There is a danger in the planning phase, however, of considering only a single part of the Identity Management equation. For example, consider the impact of implementing a password management solution and later implementing a provisioning solution that provides its own password management. This situation could result in significant integration costs or the need to re-implement the same functionality based on technology from a different vendor.

This chapter deals with the vendors who provide solutions in the Identity Management market. As we go through the various options for your specific requirements, consider the long-term issues and goals of your organization. Maintaining this perspective as we move toward Chapter 4 will smoothly shift our focus to the business and technical side of your Identity Management implementation.

Chapter 4: Implementing Identity Management

Identity Management solutions have taken many guises as it has become a popular term, with many vendors claiming their solutions meet the criteria to be called such. Identity Management is a new and rapidly evolving market that has not achieved the level of maturity whereby we can say definitively what an Identity Management solution “must” contain in terms of functionality and services. Rather, as we have discussed in the previous chapters, the breakdown of Identity Management terms and components allows for flexibility, which in turn, makes implementations of Identity Management solutions unique to each organization.

Identity Management implementations have historically been undertaken as part of an organization’s security initiative or as a set of components built primarily on existing security infrastructure. However, although the implementation of Identity Management in an organization is strongly tied to security requirements, the strategic drivers should be, and are, at a higher level, tied to business requirements. The reality is that the security component is only a small part of Identity Management, and that much more process and technology lies beneath the surface. This chapter is about how you can go about implementing Identity Management in your organization.

Chapter 5: Identity Management Standards

Chapter 1 provided an introduction to Identity Management standards—this chapter delves into the fundamental Identity Management standards that you should evaluate as you define your requirements for and plan an Identity Management implementation. As with many areas of focus, a significant amount of effort by many individuals and organizations has been devoted to defining and implementing standards around Identity Management. Standards defined by recognized groups and authorities provide key levels of interoperability and might be formally published and mandated or adopted through common use.

Although there has been an undue amount of duplication as well as contention between the standards bodies that are creating potentially proprietary solutions, this behavior appears to be diminishing. There is increased participation from organizations that actually use the resulting solutions as opposed to vendors who need to solve a specific interoperability problem. The goal throughout this chapter is to determine which standards solve the challenges of your environment and are well supported. Let’s begin by exploring the relevant standards bodies.

Chapter 6: Identity Management Technologies and Trends

Welcome to the final chapter of The Definitive Guide to Identity Management. Before we dive into this chapter, let’s review what we’ve covered so far:

  • In Chapter 1, we defined the who, what, where, and when of Identity Management and briefly explored Identity Management standards.
  • Chapter 2 began to delve deeper into the components required and available to support an Identity Management initiative, focusing on how Identity Management can help meet most organization’s key security requirements.
  • By Chapter 3, we had established a common vocabulary and baseline understanding of Identity Management components and concepts, so we moved on to explore Identity Management applications.
  • This discussion led smoothly into Chapter 4, which covered Identity Management implementation. As a result of the new and rapidly evolving Identity Management market, there is much flexibility in the terms that vendors use to market their solutions. In this chapter, I discussed how this scope affects the requirements of Identity Management implementations, which will be unique to each organization.
  • And in Chapter 5, we built on the foundation of Identity Management standards information that we laid in Chapter 1, focusing on which standards will solve the challenges of your organizations’ environment.

This final chapter is intended to provide an overview of the some of the current Identity Management vendors and the technologies they have to offer and are developing. In addition, this chapter provides a concise list of organizations that specialize in the Identity Management space—in particular those organizations that are independent and can help you define and realize the right Identity Management solutions and implementation timelines for your organization. In this chapter, I’ll also explore the trends of the Identity Management market, including likely trajectories and intersections with other technologies. Hopefully, this information will give you insights into the future of the Identity Management market that will help in planning your Identity Management solution. We’ll start by exploring the benefits of Identity Management consultants.