Identity Design Considerations

This chapter covers the following topics:

• Basic Foundation Identity Concepts
• Types of Identity
• Factors in Identity
• Role of Identity in Secure Networking
• Identity Technology Guidelines
• Identity Deployment Recommendations

A good name is better than precious ointment.

Ecclesiastes, 7:1

"Must a name mean something?" Alice asked doubtfully.

"Of course it must," Humpty Dumpty said with a short laugh: "my name means the shape I amand a good handsome shape it is, too. With a name like yours, you might be any shape, almost."

Lewis Carroll, Through the Looking-Glass, 1872

Identity is a foundation technology in secure networking. It, more than any other technology, interfaces directly with the network's users. But as you'll learn in this chapter, identity isn't always just about users; sometimes network or device identity is needed. As you learned in Chapter 4, "Network Security Technologies," there are many identity "technologies" such as username/password, digital certificates, RADIUS/ TACACS+, and so on. This chapter discusses some additional forms of identity and some common deployments and design considerations around identity in the network.

Identity touches almost all aspects of secure networking in some form or another. In keeping with this, other chapters in the book also discuss identity components when appropriate. Specifically, Chapter 10, "IPsec VPN Design Considerations," and Chapter 11, "Supporting-Technology Design Considerations," have identity discussions particular to virtual private networks (VPNs) and wireless LANs (WLANs).

This chapter focuses on some of the foundation identity concepts and technologies that span most of the identity space.