Explore a preview version of Digital Identity right now. The rise of network-based, automated services in the past decade has definitely changed the way businesses operate, but not always for the better. Offering services, conducting transactions and moving data on the Web opens new opportunities, but many CTOs and CIOs are more concerned with the risks. Like the rulers of medieval cities, they've adopted a siege mentality, building walls to keep the bad guys out.
|Published (Last):||12 July 2009|
|PDF File Size:||12.92 Mb|
|ePub File Size:||19.15 Mb|
|Price:||Free* [*Free Regsitration Required]|
Would you like to tell us about a lower price? If you are a seller for this product, would you like to suggest updates through seller support?
The rise of network-based, automated services in the past decade has definitely changed the way businesses operate, but not always for the better.
Offering services, conducting transactions and moving data on the Web opens new opportunities, but many CTOs and CIOs are more concerned with the risks.
Like the rulers of medieval cities, they've adopted a siege mentality, building walls to keep the bad guys out. It makes for a secure perimeter, but hampers the flow of commerce. Fortunately, some corporations are beginning to rethink how they provide security, so that interactions with customers, employees, partners, and suppliers will be richer and more flexible.
Digital Identity explains how to go about it. This book details an important concept known as "identity management architecture" IMA : a method to provide ample protection while giving good guys access to vital information and systems. In today's service-oriented economy, digital identity is everything. IMA is a coherent, enterprise-wide set of standards, policies, certifications and management activities that enable companies like yours to manage digital identity effectively--not just as a security check, but as a way to extend services and pinpoint the needs of customers.
Cities define uses and design standards to ensure that buildings and city services are consistent and workable. Within that context, individual buildings--or system architectures--function as part of the overall plan. How does digital identity increase business opportunity? Windley's favorite example is the ATM machine. With ATMs, banks can now offer around-the-clock service, serve more customers simultaneously, and do it in a variety of new locations.
This fascinating book shows CIOs, other IT professionals, product managers, and programmers how security planning can support business goals and opportunities, rather than holding them at bay. Read more Read less. Phillip J. Windley is a nationally recognized expert in using information technology IT to add value to the business. Prior to doing graduate studies, Windley worked for 4 years as a nuclear metallurgist and a member of the technical staff at the Department of Energy's Division of Naval Reactors.
No customer reviews. How does Amazon calculate star ratings? The machine learned model takes into account factors including: the age of a review, helpfulness votes by customers and whether the reviews are from verified purchases. Review this product Share your thoughts with other customers. Write a customer review. Most helpful customer reviews on Amazon. Verified Purchase. Though this book covers some basic issues surrounding identity management, the architecture part is very weak.
What I felt is that the author is confusing delivery management with the technology itself. Major sections of the book under the guise of governance are devoted to people and expectation management and politics rather than technology. Majority of what is discussed is applicable universally to execution of any project in any decent sized organization. Not that this books has nothing to offer on IMA itself - but it is too generic and very little on actual technology.
Many people who review their credit report for the first time are shocked to learn how many identities are linked to them. Even when there is no problem of identity theft, it is not uncommon for people to have 10 or more names linked to their credit reports due to various errors, including permutation of their name.
Just as it is difficult to maintain and manage identities in the real world, it is difficult to maintain and manage digital identities. As the digital economy is becoming more ubiquitous, the need for a single federated identity is becoming more critical. Identity management has become a pressing need in the past few years.
This has come about because networks and systems are no longer geared around a single infrastructure, and businesses have become increasingly virtual and decentralized.
In previous years, there were simply internal users. Today, systems have internal users, along with external users such as consultants, contractors, third-parties, customers, collaborators, and many more. Such requirements necessitate a well-designed and planned IMA. So what is this thing called IMA? Windley defines an IMA as the coherent, enterprise-wide set of standards, policies, certifications, and management activities that enable an organization to effectively manage digital identities.
IMA is also known as federated identity. The book notes that the real challenge in developing a federated identity infrastructure is dealing with the various different hardware and software platforms where user accounts reside, and working with different organizations and departments, including the ever-increasing amount of outsourcing.
When all of that is put together, a single federated identity is not easy to come by if there is not an IMA in place. The beauty of an IMA is that it allows an organization to securely link and exchange identity information across partner, supplier, and customer organizations, while having a single architecture. This makes identity management seamless. The first 11 chapters of Digital Identity do a good job of introducing the underlying concepts of an IMA, including security, trust, authentication, access control, and names and directories.
Without an effective security infrastructure in place, any IMA deployed will not be fully effective. One oddity, though, is that in Chapter 6, the author defines cryptography as the science of making the cost of discovery of hidden information greater than the value of the information itself.
This is the author's own characterization of cryptography and while interesting, is not how it is used in mainstream security. Chapter 12 starts to get into the internals of federated identities. This and the rest of the chapters do not deal with the deep technical details of an IMA, rather it shows how to design and deploy the IMA in a context of a corporate environment under a single set of policies and procedures.
Windley emphasizes that an IMA is not so much a technical issue, but rather a business issue that must be deployed in a business context. This idea of a business context is manifest in Chapter 18, which deals with identity policies. The stack includes all of the elements necessary for the IMA, and comprises an identity management architecture, framework, and set of standards.
The framework includes policy issues such as naming, passwords, encryption, provisioning, and more. Finally, the architecture details the specific high-level controls procurement, contracts, licensing, etc. The book itself is worth it solely for the information in this chapter. Anyone attempting to deploy an IMA without first getting a handle on the issues details in Chapter 18 will find that their IMA will likely be seriously deficient.
The only negatives to the book are a few too many editing mistakes that should have been caught during the editing process. Also, the author frequently discusses his own trials and tribulations of using an IMA during his short stint as CIO of the State of Utah and with previous employers. Depending on the readers' specific tastes, some my find the heavy use of the first-person anecdotes to be a negative. Overall, Digital Identity provides the reader with a good introduction to the various areas necessary to develop a productive identity management infrastructure.
Anyone planning to deploy an IMA or any sort of federated identity solution in a corporate environment will find Digital Identity a valuable reference.
This book is designed to familiarize CIOs, IT managers, and other IT professionals with the language, concepts, and technology of digital identity. Managing digital identity is one of the most fundamental activities in IT and a good identity management strategy is the key to not only protecting the enterprise from attack, but, more important, providing flexible access for partners, customers, and employees to needed information and systems.
This book is not a book with code examples and recipes for building digital identity management systems. Even so, it is a technical book that explains the technology of digital identity in some detail. More importantly, the book puts the technology in context and shows how it can all be put to the task of managing digital identities inside your organization.
The book is divided into three sections. The first section is about the core concepts in digital identity, including privacy and trust. The second section discusses the technology of digital identity. The third section portrays in some detail a process, called an identity management architecture IMA , that you can use to build a digital identity infrastructure in your organization, regardless of its size or organization. The information in the last section is prescriptive in nature.
Because of his experiences, the author has a clear philosophy on how to build an IMA. He therefore presents a rather detailed series of steps that show how to create an IMA and how to use it.
I found the book quite accessible, and this isn't even an area of my expertise. I would recommend it for anyone trying to get started in the field, especially if you're a manager. The following is the table of contents: Chapter 1. Introduction Section 1.
Business Opportunity Section 1. Digital Identity Matters Section 1. Using Digital Identity Section 1. The Business Context of Identity Section 1. Foundational Technologies for Digital Identity Section 1. Identity Management Architectures Chapter 2. Defining Digital Identity Section 2. The Language of Digital Identity Section 2.
Identity Scenarios in the Physical World Section 2. Identity, Security, and Privacy Section 2. Digital Identity Perspectives Section 2. Identity Powershifts Section 2. Conclusion Chapter 3. Trust Section 3. What Is Trust? Section 3.
Would you like to tell us about a lower price? If you are a seller for this product, would you like to suggest updates through seller support? The rise of network-based, automated services in the past decade has definitely changed the way businesses operate, but not always for the better. Offering services, conducting transactions and moving data on the Web opens new opportunities, but many CTOs and CIOs are more concerned with the risks. Like the rulers of medieval cities, they've adopted a siege mentality, building walls to keep the bad guys out. It makes for a secure perimeter, but hampers the flow of commerce. Fortunately, some corporations are beginning to rethink how they provide security, so that interactions with customers, employees, partners, and suppliers will be richer and more flexible.
Digital Identity: Unmasking Identity Management Architecture (IMA)