-
![[Buch Cover]](../covers/digidentity.s.gif)
- Weitere Informationen zu diesem Buch:
Inhaltsverzeichnis | Index | Probekapitel | Kolophon | Rezensionen |
- Weitere Informationen zu diesem Buch:
First Edition August 2005
ISBN 978-0-596-00878-9
Weitere Informationen zu diesem Buch
Inhaltsverzeichnis |
Index |
Probekapitel |
Kolophon |
Rezensionen |
Index
[ A ], [ B ], [ C ], [ D ], [ E ], [ F ], [ G ], [ H ], [ I ], [ K ], [ L ], [ M ], [ N ], [ O ], [ P ], [ R ], [ S ], [ T ], [ U ], [ V ], [ W ], [ X ],
A[ Top ]
abstract authorization architectures, 71
abstracted identity, 13
access control
accountability, 66
authorization patterns, 66
custodians, 64
DAC (discretionary access control), 67
digital certificates and, 72
enforcement and, 66
least privilege principle, 65
MAC (mandatory access control), 67
owners, 64
policies and, 63, 206
RBAC (role-based access control), 70
responsiblity and, 64
user-based permission systems, 67
users, 65
accountability
access control, 66
privacy and, 27
accuracy, privacy and, 28
ACLs (access control lists), 69
ad hoc federation pattern, 125
ad hoc level, maturity model, 163
ADA (authorization decision assertion), 10, 72
advisor, IMA, 151
aggregation, 13
directory information, 84
algorithms
challenge-response systems, 54
DER (Distinguished Encoding Rules), 44
message digests, 40
public-key cryptosystems, 38
secret key cryptography, 35
anonymity, 26
Apple iTunes
DRM and, 91
problems, 94
architectures
categories, 133
data architecture
building, 173, 174
data categorization, 177-181
processes, 174-177
data architectures, 172
data inventory, 176
identity data audit, 177
identity mapping, 179
identity management, 134
RA (reference architecture), 211
benefits, 212
pitfalls, 212
SRAs (system reference architectures), 218
assertions, 102
assessing policies, 208
ATM, digital ID and, 4
attributes, definition, 9
audience, IMA, 149
auditability, authentication systems, 61
authentication, 9
biometric devices, 57
biometrics, 9
CAs and, 44
challenge-response systems, 54
authentication (continued)
cookies, 51
credentials, 9
digital certificates, 56
factors, 51
federation support, 61
ID and password systems, 53
interoperability, 102
passwords, 53
policies, 205
smart cards, 58
systems, 51-59
trust and, 50
authentication systems
auditability, 61
locational transparency, 60
manageability, 61
practicality, 59
privacy levels, 60
properties, 59-61
protocol insensitiviy, 60
reliability, 60
security level, 59
authoritative directories, 81
authorization
abstract architectures, 71
ACLs (access control lists), 69
assertions, 102
DAC (discretionary access control), 67
interoperability, 102
MAC (mandatory access control), 67
patterns, 66
policies, 111
RBAC (role-based access control), 70
user-based permission systems, 67
B[ Top ]
BankAmericard, 121
benefits of digital ID, 3
best practices, 170
RA (reference architecture), 213
BFM (business function matrix), creating, 155-157
biometrics, authentication and, 9, 57
business context, digital ID and, 5
business opportunities, 2
C[ Top ]
CAs (certificate authorities), 44
authentication and, 44
certification path, 48
CPS (certification practice statement), 45
CRL (certificate revocation lists), 45
services provided, 44
centralized identity, 118
efficiency, 119
federated comparison, 118
certificate subjects, 42
certificates
authentication and, 56
policies, 202
certification path, 48
challenge-response systems, 54
digital certificates, 56
smart cards, 58
champion, IMA, 149
CIB (consolidated infrastructure blueprint), 217
goal states, 218
communicator, IMA, 151
confidentiality
cryptography, 34
encryption, 34
interoperability and, 101
introduction, 34
steganography, 34
consent, privacy and, 27
conventional cryptography, 34
cookies, 51
privacy and, 25
CPS (certification practice statement), 45
credentials, 9, 50
authentication, 9
cookies, 51
credit cards, federated identity and, 121
CRL (certificate revocation lists), 45
cryptography, 34
confidentiality and, 34
conventional, 34
hybrid key systems, 37
key systems, 34
private keys and, 36
public key, 36
public-key systems, 38
secret key, 34, 35
symmetric cryptography, 34
custodians, access control and, 64
D[ Top ]
DAC (discretionary access control), 67
data architecture
building, 173-174
data categorization, 177
data inventory, 176
identity data audit, 177
identity mapping, 179
process-to-identity matrix, 180
data architectures, 172
processes, 174-177
data audit, 177
data categorization, 177
data exchange, 183
data structure, 181
databases, directory comparison, 79
deprovisioning, lifecycle, 32
digital certificates, 41
access control and, 72
authentication and, 56
challege-response systems, 56
public-key infrastructure and, 42
digital identity lifecycle (see lifecycle)
digital leakage, 89
digital signatures, 37, 40
policies, 203
directories, 73, 78
aggregation, 84
authoritative directories, 81
database comparison, 79
example, 80
metadirectories, 85
policies, 204
schema, 78
Utah, 73
virtual directories, 87
directory services, 78
enterprise
DNS, 81
RMIRegistry, 82
LDAP, 83
X.500, 83
Distinguished Encoding Rules (DER), 44
DNS (Domain Name System), 81
TLD (top-level domain), 81
domains, 75
DRM (digital rights management), 89
Apple iTunes and, 91
conflicts, 90
features, 92
music downloads and, 91
platforms, 94
reference architecture, 92
rights specification, 95
XrML and, 96
E[ Top ]
eBay, 19
employee provisioning, 175
encryption
confidentiality and, 34
digital signatures, 37
policies, 203
secret key, 34
XML, 101
end user licenses, XrML, 96
enforcement, access control, 66
enforcing policies, 209
enterprise directory services
DNS, 81
LDAP, 83
RMIRegistry, 82
X.500, 83
enterprise executive, IMA, 152
enterprise projects, IMA scoping, 222
entities, 8
entitlements, 9
evidence, trust, 17
exchanging identity data, 183
external requirements, policies, 198
F[ Top ]
factors in authentication, 51
federated identity, 118
benefits, 121
centralized comparison, 118
credit card industry, 121
federation patterns, 125-132
networks, future of, 131
patterns
ad hoc federation, 125
hub-and-spoke federation, 126
identity network, 128
security and, 130
standards, 122-125
future of, 124
IBM and, 122
Internet2 and, 124
Microsoft and, 122
OASIS and, 123
Shibboleth and, 124
WS-* and, 122
standardsLiberty Alliance, 124
TIAA-CREF and, 121
trust and, 129
federation policies, 207
federation support, authentication systems, 61
feedback for policies, 199
filenames, namespaces, 75
flat namespaces, 75
focused level, maturity model, 163
G[ Top ]
goal states, CIB, 218
governance
BFM (business function matrix), 155, 157
business context, 154
IMA lifecycle, 143
IMA model, 145
initial steps, 147
primary roles, 149
roles, 148
supporting roles, 151
vision, 147
GSM phones, 58
H[ Top ]
hashes (see message digests)
hierarchical namespaces, 75
hub-and-spoke federation pattern, 125, 126
hybrid cryptosystems, 37
SSL, 38
TLS, 38
I[ Top ]
IBM, federated identity standards and, 122
ID and password systems, 53
identifying purposes, privacy and, 27
identity
abstracted, 13
ATM and, 4
benefits, 3
business context, 5
centralized, 118
efficiency, 119
federated, 118
inconsistency across sources, 181
overview, 8-14
replication, 185
scenarios, 10-11
security and, 11
shared, 12
technologies, 6
tiers, 12
identity aggregation, 13
identity data audit, 177
identity data exchange, 183
identity data principles, 185
identity federation network, 125
identity mapping, 179
identity maturity model, 161
identity policies
authentication, 205
characteristics, 195
digital signatures, 203
directories, 204
encryption, 203
external requirements, 198
feedback, 199
naming and certificates, 202
needs, 197
outline, 200
passwords, 203
privacy, 204
security, 198
writing, 199
identity policy suite, 201
identity process evaluation, 167
identity process inventory, 167
planning, 169
IF (interoperability frameworks), 187
cautions, 192
characteristics, 187
example framework, 191
standards, 188
listing, 190
status, 189
IMA (identity management architecture), 134
benefits, 135
components, 140
data and, 172
data architecture, 141
enterprise projects, 222
governance model, 145
initial steps, 147
primary roles, 149
roles, 148
supporting roles, 151
vision, 147
lifecycle, governance and, 143
myths, 225
outsourcing, 153
policies, 141
policy review framework, 207
principles, 157-159
process architecture, 140
roadblocks, 138
scope, 221
sequencing, 223
success, 137
technical reference architecture, 141
timeline for building, 224
IMA team, 150
inconsistency of identities, 181
individual access, privacy and, 28
integrated level, maturity model, 165
integrity
interoperability and, 99
introduction, 33
validation and, 185
Internet2, federated identity standards, 124
interoperability
authentication, 102
authorization, 102
authorization policies, 111
confidentiality and, 101
integrity, 99
lifecycle and, 98
non-repudiation, 99
policy stack and, 195
provisioning, 107-111
XML encyrption and, 101
XML signature, 99
inventory, 176
K[ Top ]
key pairs, 36
key systems, cryptography, 34
irreversible/reversible, 37
L[ Top ]
laws concerning privacy, 23
LDAP (lightweight directory access protocol), 83
least privilege principle, access control and, 65
Liberty Alliance, federated identity standards, 124
licenses, XrML, 96
lifecycle
deprovisioning, 32
IMA, governance and, 143
interoperability standards and, 98
maintenance, 31
propagating, 30
provisioning, 30
using, 31
limiting collection, privacy and, 27
limiting use, disclosure, and retention, privacy and, 27
locational transparency, authentication systems, 60
M[ Top ]
MAC (mandatory access control), 67
maintenance, lifecycle, 31
manageability of authentication systems, 61
manager, IMA, 150
mapping, 179
MasterCharge, 121
maturity levels, 162
maturity model, 162
ad hoc level, 163
best practices, 170
focused level, 163
integrated level, 165
standardized level, 164
message digests, 38
algorithms, 40
characteristics, 39
public-key cryptography and, 40
metadata, 181
metadirectories, 85
Metcalfe's Law (networks), 120
Microsoft, federated identity standards and, 122
music downloads, DRM and, 91
N[ Top ]
names, 73
overview, 75
Utah, 73
namespace connector, 86
namespaces, 75
filenames, 75
flat, 75
hierarchical, 75
URIs (uniform resource indicators), 77
naming policies, 202
networks, 120
federated identity, future of, 131
Metcalfe's law, 120
non-repudiation
interoperability and, 99
introduction, 33
NRO (Non-Repudiation of Origin), 33
NRR (Non-Repudiation of Receipt), 33
O[ Top ]
OASIS (Organization for the Advancement of Structured Information Standards), federated identity and, 123
openness, privacy and, 28
outline for identity policies, 200
overseer, IMA, 149
owners, access control and, 64
P[ Top ]
passwords
authentication, 53
management, 53
reset, 54
patterns in authorization, 66
PDP (policy decision point), 9, 71
PEP (policy enforcement point), 9, 71
permissions, 9
Unix filesystem, 68
user-based permission systems, 67
PKIs (public-key infrastructure), 47
policies
access control, 206
access control and, 63
assessments, 208
authentication, 205
authorization, 111
business projects and processes, 197
characteristics, 195
digital signatures, 203
directories, 204
encryption, 203
enforcement, 209
external requirements, 198
federation, 207
feedback, 199
identity policy suite, 201
naming and certificates, 202
needs, 197
outline, 200
passwords, 203
policy stack, 194
privacy, 204
procedures and, 210
provisioning, 206
security and, 198
writing, 199
policy decision point (PDP), 9
policy enforcement point (PEP), 9
policy review framework, 207
position statements, 214
practicality of authentication system, 59
preferences, 9
prerequisites, privacy, 28
principles for identity data, 185
privacy, 11
accountability and, 27
accuracy and, 28
audits, 24
challenging compliance and, 28
consent and, 27
cookies, 25
disclosure limits, 27
grocery store scan cards, 22
identifying purposes and, 27
individual access and, 28
laws and regulations, 23
levels, authentication system, 60
limiting collection, 27
opennes, 28
policies, 25
prerequisites, 28
retention limits, 27
RFID and, 22
safeguards and, 28
Sarbanes-Oxley, 24
use limits, 27
privacy policies, 204
private keys, cryptography, 36
procedures, 210
process, 9
process evaluation, 167
process inventory, 167
planning, 169
processes
data and, 173
data architecture, 174-177
employee provisioning, 175
process-to-identity matrix, 180
procurement manager, IMA, 152
product and project teams, IMA, 152
propagation, lifecycle and, 30
protocol insensitivity, authentication systems, 60
provisioning
definition, 30
interoperability and, 107-111
overview, 30
policies, 206
SPML, 108
pseudonymity, 26
PSP (Provisioning Service Provider)
SPML and, 108
PST (Provisioning Service Target)
SPML and, 108
public-key cryptography, 36, 38
key pairs, 36
message digests and, 40
public-key infrastructure
digital certificates and, 42
public-key infrastructures, 20
pull profile, SAML, 104
push profile, SAML, 105
R[ Top ]
RA (reference architecture), 211
benefits of, 212
best practices, 213
components, 214
pitfalls, 212
uses, 214
RA (Requesting Authority), SPML and, 108
RBAC (role-based access control), 70
reliability, authentication systems, 60
replication, 185
reputation, 19
reset password, 54
resources, definition, 8
reviewer, IMA, 151
revocation of certificate, 45
revoked, 45
RFID (radio frequency identification device), 21
privacy and, 22
RMIRegistry, 82
S[ Top ]
safeguards, privacy and, 28
SAML (Security Assertion Markup Language), 102
example use cases, 104-107
pull profile, 104
push profile, 105
scope, IMA building and, 221
secret key cryptography algorithms, 35
secret key encryption, 34
security
authentication systems, appropriate level, 59
federated identity, 130
identity and, 11
policies, 198
security authority, 9
security policy, 9
sequencing IMA, 223
shared identity, 12
Shibboleth, federated identity standards, 124
signature verification, 37
SIM (Subscriber Information Module), GSM phones, 58
smart cards, 58
challenge-response systems, 58
SOAP, web services profile, 107
SOAs (service-oriented architectures), 5
special interest groups, IMA, 152
SPML (Service Provisioning Markup Language), 108
requests, 110
responses, 110
SRAs (system reference architectures), 218
SSL (Secure Sockets Layer), 38
SSO (single sign-on), 84
standardized level, maturity model, 164
steganography, confidentiality and, 34
subject, 8
subject matter expert, IMA, 152
symmetric cryptography, 34
T[ Top ]
technical operations staff, IMA, 152
technical position statements, 214
technical positions, 216
technologies, 6
TIAA-CREF, federated identity and, 121
tiers of identity, 12
TLS (transport layer security), 38
traits, 9
transparency, 185
trust
authentication and, 50
evidence, 17
examples of, 15
federated identity and, 129
introduction, 15
trust communities, 19
U[ Top ]
Unix filesystem permissions, 68
URIs (uniform resource indicators), 77
changes, 78
URLs and, 77
URLs (Uniform Resource Locators), URIs and, 77
user-based permission systems, 67
users, access control and, 65
using, lifecycle, 31
Utah, naming and directories, 73
V[ Top ]
validation, integrity and, 185
virtual directories, 87
W[ Top ]
web services profile, SOAP, 107
writing policies, 199
WS-*, federated identity standards, 122
X[ Top ]
X.500, 83
XACML (eXtensible Access Control Markup Language), 112
XML
encryption, 101
identity data exchange, 183
XML signatures, interoperability and, 99
XrML (XML-based rights management langauge), 96
Zurück zu Digital Identity
