MICROSOFT IDENTITY MANAGEMENT

Microsoft Identity Management

Abstract

Identity management refers to the process of employing emerging technologies to manage information about the identity of users and control access to company resources. The goal of identity management is to improve productivity and security while lowering costs associated with managing users and their identities, attributes, and credentials. The purpose of this document is to offer a broad overview of current identity management technologies and provide a framework for determining when an identity management system would benefit your company. This document first defines the underlying business problems and resulting business risks inherent in managing user identity information across a heterogeneous technology infrastructure. Next, this document highlights the unique challenges of implementing an identity management solution. This document introduces the functionality of an identity management solution and describes this functionality within the context of the identity management infrastructure. Next, this document highlights products from leading vendors.

Table of Contents

Introduction4

Purpose4

Literature Review6

Account setup7

Account teardown9

Identity Management9

User-Centric Privacy Management12

Microsoft acting as an Attribute Provider14

Privacy Labels15

Managing Privacy Preferences16

Elements, Operations and Semantics in PREP20

Universal Identity Management24

Identity Metasystem26

Delegation Model Based on Anonymous Credential27

Personal Identity Metasystem in Working Place30

Universal Identity Management Model31

Case Study Analysis33

Healthcare Case33

Analysis35

Discussion and Analysis36

The Business Risks36

The Challenges of an Identity Management Solution38

The Functions of an Identity Management System39

Generalized application interfaces component43

Scope and Limitations44

Conclusion47

References49

Microsoft Identity Management

Introduction

Anytime, anywhere mobile computing is becoming easier, more attractive and even cost-effective: the mobile devices carried by the roaming users offer more and more computing power and functionalities including sensing and providing location-awareness. A lot of computing devices are also deployed in the environments where the users evolve; for example, intelligent home appliances or RFID-enabled fabrics. In this ambient intelligent world, the choice of the identity mechanisms will have a large impact on social, cultural, business and political aspects. Moreover, Internet of things will generate more complicated privacy problems. Therefore, the whole of society would suffer from the demise of privacy which is a real human need. As people have a hectic life and cannot spend their time administering their digital identities, we need consistent identity management platforms and technologies enabling usability and scalability among others.

Purpose

The underlying problem is the absence of federated directories. Microsoft defines federation as “the technology and business arrangements necessary for the interconnecting of users, applications, and systems. This includes authentication, distributed processing and storage, data sharing, and more.” Federated directories interact and trust each other, thus allowing secure information sharing between applications. Companies are currently running isolated, independent directories that neither interact with nor trust each other. This is a result of applications having their own proprietary identity stores. Each proprietary directory requires its own method of user administration, user provisioning, and user access control. This scenario, sometimes referred to as identity chaos, sparks growing problems in a company's technology infrastructure.

The problem with proprietary identity stores is that users require a logon for every application, which in turn burdens users with having to remember numerous username and password combinations. The problem with proprietary administration is that every application will have ...