Chapter 12. Privacy and Security Design

• Security Guidelines

• The Purpose of Security

• Security Threats

• Security Tools

• Analyzing Your Security and Privacy Needs

• Designing for Security

• Privacy and Security Design Checklist

• Further Reading

• Looking Ahead

No discussion of directory design would be complete without at least one chapter explaining how to secure the information in your directory and protect the privacy of your users. Without such safeguards, the types of directory applications that can be supported by your directory are severely limited.

If the information in your directory is not secured and you cannot be sure whether it has been tampered with, the applications that use the data are limited to those unconcerned with the accuracy or completeness of the information. If access to the information in your directory is not secured and the information itself cannot be kept private to those authorized to view it, only public information may be stored in the directory. These concerns are paramount to providing an industrial-strength directory service that can be trusted by applications and users.

This chapter describes the purposes of security and outlines the threats posed to it in a typical directory environment. We describe how to analyze your environment to determine your security and privacy needs, and we explain how to design your directory service to meet these needs. A separate section on user privacy explains the importance of keeping data about your users private, and a section on the trade-offs between security and deployability analyzes some common decisions you will have to make.