Summer reading: Corporate policies for handling ID data

* Identity management book recommendation

Phil Windley is an associate professor of Computer Science at Brigham Young University. Prior to that, from 2001 to 2002 he served as the CIO for the State of Utah, responsible for effective use of all IT resources in the state. One of the courses he teaches at BYU is on "digital identity" which, coincidentally (or not) is the name of the book he recently authored for O'Reilly and Associates.

You can read chapter 13, "An Architecture for Digital Identity," online at the O'Reilly site but buying the entire book is better. Still, here's a tiny taste of what's in store for you. In talking about how most identity projects happen, Windley says: "The systems are thrown into place with little thought to standards or interoperability. Solving the problem of the day, week, or month becomes standard operating procedure. The end result is a tangled mess of systems that are brittle and unreliable. Heroic efforts are required to make small changes or even keep the systems running day to day." Sound familiar?

Within the book, Windley also suggests corporate policies for handling identity data. He's now posted sample policies online - you'll find policies covering:

* Naming and Certificates

* Passwords

* Encryption and Digital Signatures

* Directories

* Privacy

* Authentication

* Access Control

* Provisioning

* Federation

* Data Confidentiality Agreements

Windley's writings are always thoughtful, frequently thought-provoking and occasionally simply provoking (see "Identity Rights Agreements") and this book is all of the above. The table of contents (read the expanded version on the O'Reilly Web site) features these chapters:

1. Introduction

2. Defining Digital Identity

3. Trust

4. Privacy and Identity

5. The Digital Identity Lifecycle

6. Integrity, Non-Repudiation, and Confidentiality

7. Authentication

8. Access Control

9. Names and Directories

10. Digital Rights Management

11. Interoperability Standards

12. Federating Identity

13. An Architecture for Digital Identity

14. Governance and Business Modeling

15. Identity Maturity Models and Process Architectures

16. Identity Data Architectures

17. Interoperability Frameworks for Identity

18. Identity Policies

19. Identity Management Reference Architectures

20. Building an Identity Management Architecture

There's a lot I could say in praise of this work, but probably the best thing is that this is a book I wish I had written. Read it.

From CSO: 7 security mistakes people make with their mobile device
Join the discussion
Be the first to comment on this article. Our Commenting Policies