Identity management

Identity management in public and private domain

Identities may be managed by either the entities themselves or by other parties, which may be private parties (like for example employers or shops) or public parties (like personal records offices and immigration services).

Identity management in the public domain is known by the name of National Identity Management. Following the 911 attacks, attempts are made worldwide, to improve the quality of National Identity Management, in particular through the application of biometrics to Identity Documents. However, it is to be doubted whether biometrics will stop terrorists. See: http://secure.gvib.nl/afy_info_ID_1322.htm TIAS Business School Eindhoven - Thesis on Biometrics in National Identity Management

Identity management and ICT (IdM)or Electronic Identity Management

Identity Management (IdM) has developed several interpretations in the IT industry and is now associated as the management of a user's credentials and how they might log onto an online system. However, this view is quite narrow. The focus on identity management goes back to the development of directories such as X.500 where a namespace is used to hold named objects that represent real life "identified" entities such as countries, organizations, applications, subscribers and devices. X.509 defined certificates that carried identity attributes as two directory names, the certificate subject and the certificate issuer. X.509 certificates and PKI systems were used to prove one's online "identity".

Therefore we should consider identity management as the management of information (as held in a directory) which represents real life identified items (users, devices, services, etc). Engineering such systems means that explicit information and identity engineering tasks become necessary.

The term Identity engineering is used where one puts engineering effort into managing large numbers of interrelated items (which have identifiers or names).

IDM - two perspectives

In the real world context of engineering online systems, Identity Management can be given two perspectives:

* The user access (log-on) paradigm - A smart card and its associated data that a customer uses to log on to a service or services (a traditional view);

* The service paradigm - A system that delivers personalised, role-based, online, on-demand, multimedia (content), presence-based services to users and their devices.

The user access paradigm

Identity Management in the user "log on" perspective would be an integrated system of business processes, policies and technologies that enable organizations to facilitate and control their users' access to critical online applications and resources — while protecting confidential personal and business information from unauthorized users. It represents a category of interrelated solutions that are employed to administer user authentication, access rights, access restrictions, account profiles, passwords, and other attributes supportive of users' roles/profiles on one or more applications or systems.

The service paradigm

In the service paradigm perspective, where organisations are evolving their systems to the converged services world, the scope of identity management becomes much larger and its application more critical. The scope of identity management includes all the resources of the company that are used to deliver online services. This includes devices, network equipment, servers, portals, content, applications and products as well as a user's credentials, address books, preferences, entitlements and telephone numbers. See Service Delivery Platform and Directory service.

Today many organisations are facing a major clean up in their systems to bring identity coherence to their world. This coherence is required in order to deliver unified services to very large numbers of users on demand - cheaply and with security and single customer view facilities.

Copyright 2008 - France BtoB from Wikipédia