Chapter 7. Identity Management Standards and Technologies

Topics in This Chapter

• Identity ManagementCore Issues

• Understanding Network Identity and Federated Identity

• Introduction to SAML

• SAML Architecture

• SAML Usage Scenarios

• The Role of SAML in J2EE-Based Applications and Web Services

• Introduction to Liberty Alliance and Their Objectives

• Liberty Alliance Architecture

• Liberty Usage Scenarios

• The Nirvana of Access Control and Policy Management

• Introduction to XACML

• XACML Data Flow and Architecture

• XACML Usage Scenarios

Identity management is one of the growing security concerns in enterprise IT services. According to Information Security Breaches Survey 2004 [SecurityBreach2004], security breaches due to identity management flaws are increasing. Confidentiality breaches can cause disruption to business services and may result in large financial losses, with 15 percent of cases costing £100,000 (Great British Pound, which is about US $250,000) in legal fees, investigation costs, and fines. They usually take at least 10 to 20 man-days to resolve. From the survey findings, 80 percent of the security attacks are from external sources. Identity is the key to unlocking access to business services, applications, and resources. It is extremely important to secure the identity by authenticating the user prior to that user accessing any resources within the enterprise. In addition, identity is a major piece of information security management that is addressed by compliance and regulatory requirements (such as Sarbanes-Oxley in the United States). It is a strategic area in the management of security risks that threaten mission-critical business applications.

This chapter will discuss the identity management technologies for single sign-on and policy management using standards such as SAML, Liberty, and XACML. It will also discuss their logical architecture.