ID Management Definition and Solutions

ID Management topics covering definition, objectives, systems and solutions.

By John K. Waters
Wed, May 02, 2007
. What's this?
Page 2

How do identity management systems work?

A typical ID management system today comprises four basic elements: a directory of the personal data the system uses to define individual users (think of it as an ID repository); a set of tools for adding, modifying and deleting that data (the access lifecycle management stuff); a system that regulates user access (enforcement of security policies and access privileges); and an auditing and reporting system (so you'll have a way to verify what's actually been happening on your system).

Regulating user access can involve a number of authentication methods for verifying the identity of a user, including passwords, digital certificates, tokens and smart cards. Hardware tokens and credit-card-sized smart cards have traditionally served as one component in the two-factor authentication scheme, which combines something you know (your password) with something you have (the token or the card) to verify a user's identity. A smart card carries an embedded integrated circuit chip that can be either a secure microcontroller or equivalent intelligence with internal memory or a memory chip alone. Software tokens, which can exist on any device with storage capability, from a USB drive to a cell phone, emerged in 2005.

What is Federated Identity Management?

Federation lets you share digital IDs with trusted partners. It's an authentication-sharing mechanism designed to allow users to employ the same user name, password or other ID to gain access to more than one network. It's what is known as a "single sign-on." A single sign-on standard lets people who verify their identity on one network or website carry over that authenticated status when moving to another. The model works only among cooperating organizations—known as trusted partners—that essentially vouch for each other's users.

 
MORE ABCs
 
Visit our ABCs section and learn the basics of:
 

The federated model relies on the security assertion markup language specification, better known as SAML (pronounced "SAM-el"). This open specification defines an XML framework for exchanging security assertions among security authorities. SAML was developed by the Liberty Alliance, an organization formed to establish guidelines and best practices for federated ID management. The Sun Microsystems-backed group developed SAML to achieve interoperability across different vendor platforms that provide authentication and authorization services.

Microsoft and IBM have established a rival ID management federation standard: the WS-Federation specification. This spec is also designed to provide a standardized way for companies to share user and machine identities among disparate authentication and authorization systems and across corporate boundaries.

The federation model can simplify administration and enable companies to extend ID and access management to third-party users and third-party services.

What challenges or risks does implementing an identity management solution present?

ID management is inherently challenging. The applications in your system are likely to have their own ID data stores and authentication schemes. The ID data they contain isn't necessarily organized in a standard way. You might have had the foresight to opt for industry standards early on in your company's development, but your latest acquisition may not have been thinking ahead.

A successful implementation requires some forethought. Companies that establish a cohesive ID management strategy—clear objectives, stakeholder buy-in, defined business processes—before they begin the project are likely to be more successful.

One risk worth keeping in mind: Centralized operations present tempting targets to hackers and crackers. By putting a dashboard over all of a company's ID management activities, these systems reduce complexity for more than the administrators. Once compromised, they could allow an intruder to create IDs with extensive privileges and access to many resources.

What terminology should I know?

The buzzwords come and go, but a few key terms in the identity management space are worth knowing:

  • Access management
    You almost never see "identity management" without this term right next to it. In fact, a number of vendors and analysts are combining the two into a single concept: IAM (identity and access management). It refers to the processes and technologies used to control and monitor network access. Access management features, such as authentication, authorization, trust and security auditing, are part and parcel of the top ID management systems.

  • Credential
    An identifier employed by the user to gain access to a network. It's the user's password, public key infrastructure (PKI) certificate or biometric information (fingerprint, retinal scan).

  • De-provisioning
    The process of removing an identity from an ID repository and terminating access privileges.

  • Digital identity
    The ID itself, including the description of the user and his/her/its access privileges. ("Its" because an endpoint, such as a laptop or a cell phone, can have a digital identity.)

  • Entitlement
    The set of attributes that specify the access rights and privileges of an authenticated security principal.

  • Identity lifecycle management
    Another buzz phrase. Similar to access lifecycle management. It refers to the entire set of processes and technologies for maintaining and updating digital identities. Identity lifecycle management includes identity synchronization, provisioning, de-provisioning, and the ongoing management of user attributes, credentials and entitlements.

  • Identity synchronization
    The process of ensuring that multiple identity stores—say, the result of an acquisition—contain consistent data for a given digital ID.

  • Password reset
    In this context, it's a feature of an ID management system that allows users to re-establish their own passwords, relieving the administrators of the job and cutting support calls. The reset application is usually accessed by the user through a browser. The application asks for a secret word or a set of questions to verify the user's identity.

  • Provisioning
    The process of creating identities, defining their access privileges and adding them to an ID repository.

  • Security principal
    A digital identity with one or more credentials that can be authenticated and authorized to interact with the network.

What is Tech Briefcase?
TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
Bookmark content
Speed up your research efforts with content across the web.
Search and Store
Find the white papers you need. Create folders for any topic.
View Anywhere
Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
Don't have an account yet?
White Papers »
Solve the 6 top problems in your data center Business White Paper
Whether your data center is large or small, it faces a similar set of roadblocks to efficiency, uptime, and ROI. This white paper reveals the six most common and intractable problems facing the data center and explains how to rectify them while improving efficiency and uptime.
How Are You Elevating Procurement's Role in Your Enterprise? The Tools and Technologies to Help You Make the Leap - SAPinsider
Innovations are changing the role procurement plays within the enterprise. SAP's Chris Salis, Global Vice President of Procurement Solutions, and Emily Rakowski, Senior Director and Head of Procurement Solutions Marketing discuss how SAP Procurement Solutions are the strategic differentiators of innovation.
The CIO's View: Delivering Time to Value Through Automation
In August 2011, Benny Kirsh was named VP and CIO at Infoblox, an industry-leading developer of network infrastructure automation and control solutions. With more than 25 years of experience, Kirsh is responsible for driving strategic advancements via the company's IT infrastructure and applications.
The Challenges of Controlling & Managing Privileged Accounts
In this Quest white paper, gain a deeper understanding of all the dangers involved with privileged account ("super user") management. Learn to mitigate risks by enabling granular access control and accountability for admin or super user accounts. Read it today.
Bring Your Own Device eGuide
As more and more CIOs are beginning to see significant benefits from letting employees choose the device they use to get their jobs done, the Bring Your Own Device (BYOD) trend is spreading. According to the Computerworld Consumerization of IT Study, about half of the 604 respondents said their organizations allow employees to do work using their own devices either away from the office or at work. Whether these devices are smart phones, tablets, or laptops that are used in the office or while working remotely, companies that embrace this trend are finding their employees are more productive and experience greater job satisfaction. What's more, enterprises can significantly reduce up front costs and allow for flexible work hours by letting employees use their device of choice anytime, from anywhere.
Enabling Remote Employees with High Quality Video
In this paper, we analyze the delivery of live and on-demand mobile video content. It focuses on specific ways in which organizations can follow best practices to ensure the experience of video communication is maximized for viewers, while keeping corporate networks running smoothly.
Webcasts »
Operational Analytics - Changing the Competitive Dynamics of the Business
Date/Time: June 5, 2012, 11:00 a.m., EDT, 4:00 p.m. BST / 3:00 p.m. UTC

Please join us for this webcast, as Dr. Barry Devlin, Founder and Principal, 9sight Consulting, describes what operational analytics can do for your business and reviews an architectural approach that will enable you to make it a reality.
Introduction to Virtualization
Have you been thinking about what it would take to start using virtualization? Or do you know the basics and want to find out more? No problem. This webcast is designed for anyone with little to no knowledge of virtualization technology. Attend this webcast to learn:

-A basic overview of the business value of the technology and some key capabilities that make virtualization so valuable to IT and the businesses you serve.
-The basics for creating virtual machines and the key choices that can be made along the route to deployment.
Cloud-based Contact Center: Is it Right for Your Business?
View this on demand webcast to learn if moving business communications to the cloud is right for your business. Featured industry experts DMG Consulting LLC president, Donna Fluss, Frost & Sullivan principal analyst, Michael DeSalles, and Interactive Intelligence senior vice president, Joe Staples discuss this topic and help you answer your pressing questions at the conclusion of this web event.
Must have Tools and Techniques to Optimize the Sales Pipeline and Win more Deals
In this webcast, Vantage Point Performance's Michelle Vazzana will reveal how to coach your reps to better performing pipelines.
Sales Effectiveness in the New Sales Paradigm - A Webcast Featuring the Latest Forrester Research Study
In this webcast produced by the Sales Management Association (SMA), Forrester's Scott Santucci will explore the new sales paradigm and discuss how businesses must transform their selling models into dynamic, communications-intensive systems, empowering individual sellers to define, create and deliver value to customers.
SAP Sales OnDemand Demo: Quick Overview
SAP Sales OnDemand is intuitive, leveraging social collaboration capabilities you already know how to use. It enables fast, effective team collaboration and account management to help you sell more effectively. Watch the video to see how!
Newsletter Sign-Up »

Receive the latest news test, reviews and trends on your favorite technology topics

Choose a newsletter
  11. View all Newsletters | Privacy Policy
White Papers » All White Papers

Solve the 6 top problems in your data center Business White Paper

How Are You Elevating Procurement's Role in Your Enterprise? The Tools and Technologies to Help You Make the Leap - SAPinsider

The CIO's View: Delivering Time to Value Through Automation

The Challenges of Controlling & Managing Privileged Accounts

Bring Your Own Device eGuide

Enabling Remote Employees with High Quality Video

Business Video Empowers Social Media

A "YouTube-like" Experience For Employees

Generation Gmail: How are you dealing with "work-around email" workers?

The CFO Guide to Budgeting Software

Better Cash Flow Management: Recession-Proof Your Business

Centage/IOMA Budgeting Survey: Benchmarks and Issues

Case Study: Audi-Volkswagen Improves Procurement Control

AIIM Market Intelligence: The paper-free office, dream or reality?

Discover Options for Improving Supplier and Customer Integration

How much security do you really need?

How to Justify the Cost of a TMS by Automating Freight Audit & Payment

Message Maps: Blueprints for Pandemic Preparedness

Broker-Dealer Case Study: Reduced Compliance Burden with Perimeter's Message Archive

Comparing Free Trial and Freemium Models
Sponsored Links

High performance. Delivered. Click to see Accenture's client successes

Connect with IT leaders redefining mobility at the Enterprise Mobile Hub

Choose New and manage one device instead of 170

Choose New for 8x the firewall and NAT performance

Check out a smart way of mobilizing your business with enterprise-ready Samsung Mobile.

Redefine your data center with HP servers.

Enhance your business with Windstream IT Solutions. Speak to someone local.

BlackBerry® Mobile Fusion. Different mobile devices. One platform.

CYBERMARYLAND | Learn Why Maryland is the Epicenter for Cybersecurity

Get Ethernet speeds from 1 Mbps to 10 Gbps - Comcast Business Class

Cognizant. Leading in Business, Application & Technology Services

Collaboration: driving better business outcomes

Gain cutting-edge insights at MIT in 2-5 day executive programs.

Click to see how Accenture has delivered high performance to clients

Elevate storage agility and efficiency with HP 3PAR storage.

Choose New and slash the number of devices you manage

Customized information views & Twitter events at New Fulcrum Point

Splunk translates machine data into "aha" moments for IT and the business.

ManageEngine Desktop Central - Automate and Audit Your Desktop Management! Learn More...

Cloud Readiness Starts with Intel® Technology

Visit the Virtually There Learning Page to learn how to use virtualization to your competitive advantage.

Free: Hunter Muller's "The Transformational CIO."

Join us for an upcoming Microsoft 365 live online demo event.

Discover your easiest path to unified communications

Virtualizing Your Infrastructure Just Got Easier

Connect with global CIOs now at Enterprise CIO Forum

Resource Center
buy a link »
Ads by TechWords