- Identity management
information systems, identity management is the management of the identity life cycleof entities (subjects or objects). An identity management system:
# Establishes the identity
## Links a name (or number) with the subject or object;
## Re-establishes the identity (i.e. links a new or additional name, or number, with the subject or object);
# Describes the identity:
## Optionally assigns one or more attributes applicable to the particular subject or object to the identity;
## Re-describes the identity (i.e. changes one or more attributes applicable to the particular subject or object);
# Destroys the identity
Identity management in the public and private domains
Identities may manage themselves or other parties may manage them. These other parties may include private parties (e.g. employers or businesses) or public parties (e.g. personal record offices and immigration services).
Identity management in the public domain has become known as "National Identity Management"Fact|date=January 2008.
Electronic identity management
Several interpretations of identity management (IdM) have been developed in the IT industry. Computer scientists now associate the phrase, quite restrictively, with the
managementof user credentialsand the means by which users might log on to an online system. The focus on identity management goes back to the development of directories, such as X.500, where a namespaceserves to hold named objects that represent real-life "identified" entities, such as countries, organizations, applications, subscribers or devices. The X.509 ITU-Tstandard defined certificates carried identity attributes as two directory names: the certificate subject and the certificate issuer. X.509 certificates and PKIsystems operate to prove the online "identity" of a subject. Therefore, in IT terms, one can consider identity management as the management of information (as held in a directory) that represents items identified in real life (e.g. users, devices, services, etc). The design of such systems requires explicit information and identity engineering tasks.
The evolution of identity management follows the progression of
Internettechnology closely. In the environment of static web pages and static portals of the early 1990s, corporations investigated the provision of informative web content such as the "white pages" of employees. Subsequently, as the information changed (due to employee turnover, provisioning and de-provisioning), the ability to perform self-service and help-desk updates more efficiently morphed into what became known as Identity Management today.
Typical identity management functionality includes the following:
* User information self-service
* Password resetting
* Management of lost passwords
* Provisioning and de-provisioning of identities from resources
Identity management also addresses the age-old 'N+1' problem — where every new application may entail the setting up of new data stores of users. The ability to centrally manage the provisioning and de-provisioning of identities, and consolidate the proliferation of identity stores, all form part of the identity management process.
The term "identity engineering" refers to putting engineering effort into managing large numbers of interrelated items that have identifiers or names.
Three perspectives on IdM
In the real-world context of engineering online systems, identity management can involve three perspectives:
# The pure identity paradigm: Creation, management and deletion of identities without regard to access or entitlements;
# The user access (log-on) paradigm: For example: a
smart cardand its associated data used by a customer to log on to a service or services (a traditional view);
# The service paradigm: A system that delivers personalized, role-based, online, on-demand, multimedia (content), presence-based services to users and their devices.
The pure identity paradigm
The user access paradigm
Identity management in the user "log-on" perspective may involve an integrated system of
business processes, policies and technologies that enable organizations to facilitate and control access by their users to critical online applications and resources — while protecting confidential personal and business information from unauthorized access. It represents a category of interrelated solutions which system administrators employ towards managing user authentication, Access rights and restrictions, account profiles, passwords, and other attributes supportive of the roles/profiles of user in relation to applications and/or systems.
The service paradigm
In the service paradigm perspective, where organizations evolve their systems to the world of converged services, the scope of identity management becomes much larger, and its application more critical. The scope of identity management includes all the resources of the company deployed to deliver online services. These may include devices, network equipment, servers, portals, content, applications and/or products as well as a user credentials, address books, preferences, entitlements and telephone numbers. See
Service Delivery Platformand Directory service.
Today, many organizations face a major clean-up in their systems if they are to bring identity coherence into their influence. Such coherence has become a prerequisite for delivering unified services to very large numbers of users on demand — cheaply, with security and single-customer viewing facilities.
Emerging fundamental points
* IdM provides significantly greater opportunities to online businesses beyond the process of authenticating and authorizing users via cards, tokens and
webaccess control systems.Fact|date=January 2008
* User-based IdM has started to evolve away from
username/ passwordand web-access control systemsFact|date=January 2008 toward those that embrace preferences, parental controls, entitlements, policy-based routing, presence and loyalty schemes.
* IdM provides the focus to deal with system-wide data quality and integrity issuesFact|date=January 2008 often encountered by fragmented databases and
* IdM embraces what the user actually gets in terms of products and services and how and when they acquire them. Therefore, IdM applies to the products and services of an organization, such as health, media, insurance, travel and government services. It is also applicable to means by which these products and services are provisioned and assigned to (or removed from) "entitled" users.
* IdM can deliver single-customer views that includes the presence and location of the customer, single products and services as well as single IT infrastructure and network views to the respective parties. Accordingly, IdM relates intrinsically to
information engineering, security and privacy.
* IdM covers the machinery (system infrastructure components) that delivers such services because a system may assign the service of a user to: a particular network technology, content title, usage right, media server, mail server, soft switch, voice mailbox, product catalog set, security domain, billing system, CRM, help desk etc.
* Critical factors in IdM projects include consideration of the online services of an organization (what the users log on to) and how they are managed from an internal and customer self-care perspective.
Within the Seventh Research Framework Programme of the European Union from 2007 to 2013, several new projects related to Identity Management started. [http://www.picos-project.eu/ PICOS] will investigate and develop a state-of-the-art platform for providing trust, privacy and identity management in mobile communities. On the backdrop of an increased risk to privacy of the citizen in the Information Society, [http://www.primelife.eu/ PrimeLife] will develop concepts and technologies to help individuals to protect their autonomy and retain control over personal information, irrespective of their activities. [http://www.ist-swift.org/ SWIFT] focuses on extending identity functions and federation to the network while addressing usability and privacy concerns, and leverages identity technology as a key to integrate service and transport infrastructures for the benefit of users and the providers.
Other identity related projects from older European Union funded framework programs include
FIDIS( [http://www.fidis.net/home/ Future of Identity in the Information Society] ), [http://istrg.som.surrey.ac.uk/projects/guide/ GUIDE] , or [https://www.prime-project.eu/ PRIME] .
Solutions which fall under the category of identity management may include:
Management of identities
Provisioning/De-provisioning of accounts
Self-service password reset
Policy-based access control
* Web single sign-on (SeoS)
* Identity repository (directory services for the administration of user account attributes)
* Directory virtualization (
e-Businessscale directory systems
* Next-generation systems -
Composite Adaptive Directory Services(CADS) and CADS SDP
Role-based access control(RBAC)
* Federation of user access rights on web applications across otherwise untrusted networks
Directory-enabled networkingand 802.1X EAP
Security Assertion Markup Language(SAML)
Liberty Alliance— A consortium promoting federated identity management
Shibboleth (Internet2)— Identity standards targeted towards educational environments
Abriva— Free mobile identity management framwork
Companies with Identity Management Solutions
Hitachi ID Systems, Inc.
* Getting all stakeholders to have a common view of data
* Expectation to make the IdM a data synchronization engine for application data
* Envisaging an appropriate
business processleading to post-production challenges
* Lack of
leadershipand support from sponsors
change management— expecting everybody to go through the self-learning process
* Lack of definition of the post-production phase in a
project plan— for a smooth transition of the system to the end-user community, it becomes critical that an organization gears up for proper support through a transition phase or stabilization phase. This may take from three to six months.
* Lack of focus on
* Lack of consistent architectural vision
* Expectations for "over-automation"
Athens access and identity management
Future of Identity in the Information Society(FIDIS Network of Excellence)
Identity driven networking
Lightweight Directory Access Protocol(LDAP)
Metadirectoryand Virtual directory
Network Information Service(NIS)
[http://www.iso.org/iso/search.htm?qt=18876&searchSubmit=Search&sort=rel&type=simple&published=on Identity management and information sharing in ISO 18876 Industrial automation systems and integration]
* [http://www.prime-project.eu/tutorials/gpto/ General Public Tutorial about Privacy and Identity Management]
* [http://www.computerweekly.com/Articles/2007/07/23/225715/identity-management-the-expert-view.htm Identity Management Overview] ("Computer Weekly")
* [http://www.ist-swift.org/ Secure Widespread Identities for Federated Telecommunications (SWIFT)]
* [http://www.FiXs.org/ Federation for Identity and Cross-Credentialing Systems (FiXs)]
* [http://www.fidis.net/interactive/ims-db/ FIDIS Database on IMS] The
FIDISIMS Database gives a non comprehensive overview and a brief description of identity management systems and tools.
Wikimedia Foundation. 2010.
Look at other dictionaries:
Identity-Management — Als Identitätsmanagement (IdM) wird der zielgerichtete und bewusste Umgang mit Identität, Anonymität und Pseudoanonymität bezeichnet. Der Personalausweis ist ein Beispiel für eine staatlich vorgegebene Form der Identifizierung. Inhaltsverzeichnis … Deutsch Wikipedia
Identity Management — Als Identitätsmanagement (IdM) wird der zielgerichtete und bewusste Umgang mit Identität, Anonymität und Pseudoanonymität bezeichnet. Der Personalausweis ist ein Beispiel für eine staatlich vorgegebene Form der Identifizierung. Inhaltsverzeichnis … Deutsch Wikipedia
Identity Management — Se denomina Administración de Identidades a un sistema integrado de políticas y procesos organizacionales que pretende facilitar y controlar el acceso a los sistemas de información y a las instalaciones. El concepto generalmente se relaciona con… … Wikipedia Español
Oracle Identity Management — (OIM) is a software suite from Oracle providing identity and access management (IAM) technologies. The name of the software suite is very similar to the name of one of its components, Oracle Identity Manager (OIM). Contents 1 Components 2 Other… … Wikipedia
Online identity management — (OIM) also known as online image management or online personal branding or personal reputation management (PRM) is a set of methods for generating a distinguished Web presence of a person on the Internet. That presence could be reflected in any… … Wikipedia
Mobile identity management — The mobile phone in addition to a wallet and house keys has become one of the essentials to take with you when leaving the house. By storing all the technical necessary applications on a SIM card, the mobile phone has turned into a device for… … Wikipedia
Athens access and identity management — Athens is an Access and Identity Management service that is supplied by Eduserv to provide single sign on to protected resources combined with full user management capability. Organisations adopting the Athens service can choose between the… … Wikipedia
Identity and Access Management — (IAM) is a concept that combines business processes, policies and technologies that enable companies to: * provide secure access to any resource. * efficiently control this access. * respond faster to changing relationships. * protect… … Wikipedia
Identity 2.0 — Identity 2.0, also called digital identity, is the anticipated revolution of identity verification on the internet using emerging user centric technologies such as Information Cards or OpenID. Identity 2.0 stems from the Web 2.0 theory of the… … Wikipedia
Identity — may refer to:Philosophy* Identity (philosophy), the sameness of two things * Identity theory of mind, in the philosophy of mind, holds that the mind is identical to the brain * Personal identity (philosophy) * Identity (social science) * Identity … Wikipedia