Identity management refers to the process of employing emerging technologies to manage information about the identity of users and control access to company resources. The goal of identity management is to improve productivity and security while lowering costs associated with managing users and their identities, attributes, and credentials. The purpose of this document is to offer a broad overview of current identity management technologies and provide a framework for determining when an identity management system would benefit your company. This document first defines the underlying business problems and resulting business risks inherent in managing user identity information across a heterogeneous technology infrastructure. Next, this document highlights the unique challenges of implementing an identity management solution. This document introduces the functionality of an identity management solution and describes this functionality within the context of the identity management infrastructure. Next, this document highlights products from leading vendors.
Table of Contents
Introduction4
Purpose4
Literature Review6
Account setup7
Account teardown9
Identity Management9
User-Centric Privacy Management12
Microsoft acting as an Attribute Provider14
Privacy Labels15
Managing Privacy Preferences16
Elements, Operations and Semantics in PREP20
Universal Identity Management24
Identity Metasystem26
Delegation Model Based on Anonymous Credential27
Personal Identity Metasystem in Working Place30
Universal Identity Management Model31
Case Study Analysis33
Healthcare Case33
Analysis35
Discussion and Analysis36
The Business Risks36
The Challenges of an Identity Management Solution38
The Functions of an Identity Management System39
Generalized application interfaces component43
Scope and Limitations44
Conclusion47
References49
Microsoft Identity Management
Introduction
Anytime, anywhere mobile computing is becoming easier, more attractive and even cost-effective: the mobile devices carried by the roaming users offer more and more computing power and functionalities including sensing and providing location-awareness. A lot of computing devices are also deployed in the environments where the users evolve; for example, intelligent home appliances or RFID-enabled fabrics. In this ambient intelligent world, the choice of the identity mechanisms will have a large impact on social, cultural, business and political aspects. Moreover, Internet of things will generate more complicated privacy problems. Therefore, the whole of society would suffer from the demise of privacy which is a real human need. As people have a hectic life and cannot spend their time administering their digital identities, we need consistent identity management platforms and technologies enabling usability and scalability among others.
Purpose
The underlying problem is the absence of federated directories. Microsoft defines federation as “the technology and business arrangements necessary for the interconnecting of users, applications, and systems. This includes authentication, distributed processing and storage, data sharing, and more.” Federated directories interact and trust each other, thus allowing secure information sharing between applications. Companies are currently running isolated, independent directories that neither interact with nor trust each other. This is a result of applications having their own proprietary identity stores. Each proprietary directory requires its own method of user administration, user provisioning, and user access control. This scenario, sometimes referred to as identity chaos, sparks growing problems in a company's technology infrastructure.
The problem with proprietary identity stores is that users require a logon for every application, which in turn burdens users with having to remember numerous username and password combinations. The problem with proprietary administration is that every application will have ...