Identity management system. An identity management system refers to an information system, or to a set of technologies that can be used for enterprise or cross-network identity management. Additional terms are used synonymously with "identity management system" including: Access governance systemIdentity and access management systemEntitlement management systemUser provisioning system Identity management (IdM) describes the management of individual identities, their authentication, authorization, roles, and privileges [1] within or across system and enterprise boundaries[1] with the goal of increasing security and productivity while decreasing cost, downtime, and repetitive tasks.[2] "Identity Management" and "Access and Identity Management" (or AIM) are terms that are used interchangeably under the title of Identity management while Identity management itself falls the umbrella of IT Security.[3] Electronic identity management[edit] Typical identity management functionality includes the following: Solutions[edit]
XACML. XACML stands for eXtensible Access Control Markup Language. The standard defines a declarative access control policy language implemented in XML and a processing model describing how to evaluate access requests according to the rules defined in policies. As a published standard specification, one of the goals of XACML is to promote common terminology and interoperability between access control implementations by multiple vendors.
XACML is primarily an Attribute Based Access Control system (ABAC), where attributes (bits of data) associated with a user or action or resource are inputs into the decision of whether a given user may access a given resource in a particular way. Role-based access control (RBAC) can also be implemented in XACML as a specialization of ABAC. The XACML model supports and encourages the separation of the access decision from the point of use. History[edit] The first committee specification of XACML 3.0 was released August 10, 2010.[1] Terminology[edit] Targets[edit] OpenID. OpenID is an open standard and decentralized authentication protocol. Promoted by the non-profit OpenID Foundation, it allows users to be authenticated by co-operating sites (known as Relying Parties or RP) using a third party service, eliminating the need for webmasters to provide their own ad hoc login systems, and allowing users to login to multiple unrelated websites without having to have a separate identity and password for each.[1] Users create accounts by selecting an OpenID identity provider, and then use those accounts to sign onto any website which accepts OpenID authentication.
The OpenID protocol does not rely on a central authority to authenticate a user's identity. Moreover, neither services nor the OpenID standard may mandate a specific means by which to authenticate users, allowing for approaches ranging from the common (such as passwords) to the novel (such as smart cards or biometrics). Adoption[edit] Technical overview[edit] Logging in[edit] Identifiers[edit] People[edit] DigitalMe – Bandit – Trac. DigitalMe is a set of components that enable users and applications to interact with InfoCard-compatible web sites and services. In a typical use case, a user wants to complete some type of transaction with a relying party site.
This usually requires the exchange of identity information such as the user's given name, surname, street address, and e-mail address. By using an InfoCard-aware web browser (such as Firefox with the DigitalMe extension installed), a user can easily provide the required information by selecting an appropriate InfoCard from the set of cards that they own. This TRAC site is used to manage the project roadmap, defects, enhancements and tasks. Downloads ¶ Pre-built packages for all supported platforms can be found here .
For 1-click install on supported SUSE platforms, you can visit the build service page . Installation ¶ Installation instructions for your platform can be found here . Frequently Asked Questions ¶ Do you support my platform? Architecture ¶ A relying party. Windows CardSpace. Overview[edit] Windows CardSpace is built on top of the Web Services Protocol Stack, an open set of XML-based protocols, including WS-Security, WS-Trust, WS-MetadataExchange and WS-SecurityPolicy. This means that any technology or platform that supports WS-* protocols can integrate with CardSpace. In order to accept Information Cards, a website developer simply needs to declare an HTML <OBJECT> tag that specifies the claims the website is demanding from the user and then implement code to decrypt the returned token and extract the claim values.
If an Identity Provider wants to issue tokens, they must provide a means by which a user can obtain a managed card and provide a Security Token Service (STS) which handles WS-Trust requests and returns an appropriate encrypted & signed token. Because CardSpace and the Identity Metasystem upon which it is based are token-format-agnostic, CardSpace does not compete directly with other Internet identity architectures like OpenID and SAML.
Blogs. Higgins project. Higgins is an open source project dedicated to giving individuals more control over their personal identity, profile and social network data. The project is organized into three main areas: Active Clients - An active client integrates with a browser and runs on a computer or mobile device. Higgins 1.X: the active client supports the OASIS IMI protocol and performs the functions of an Information Card selector.Higgins 2.0: the plan is to move beyond selector functionality to add support for managing passwords, Higgins relationship cards, as well other protocols such as OpenID. It also becomes a client for the Personal Data Store (see below) and thereby provides a kind of dashboard for personal information and a place to manage "permissioning"—deciding who gets access to what slice of the user's data.Personal Data Store (PDS) is a new work area under development for Higgins 2.0.
History[edit] The initial code for the Higgins Project[1] was written by Paul Trevithick in the summer of 2003. Information Card. Information Cards shown in Windows CardSpace Identity Selector Information Cards shown in DigitalMe Identity Selector Information Cards are personal digital identities that people can use online, and the key component of Identity metasystems. Visually, each Information Card has a card-shaped picture and a card name associated with it that enable people to organize their digital identities and to easily select one they want to use for any given interaction. The Information Card metaphor is implemented by Identity Selectors like Windows CardSpace, DigitalMe or Higgins Identity Selector. The Identity Metasystem is an interoperable architecture for digital identity that enables people to have and employ a collection of digital identities based on multiple underlying technologies, implementations, and providers.
Overview[edit] There are three participants in digital identity interactions using Information Cards: Identity Providers issue digital identities for you. Selectors[edit] [edit]