What is identity rights management?

The foundation for security and enterprise management

I've just finished reading a white paper published by Epok titled, "Identity Rights Management: Foundation for Federated Data Interchange." I've mentioned Epok before, but this paper gets much deeper into the whole area of identity management, which Epok thinks will become the next enabling technology.

Epok believes that up until now, identity management has been merely the prologue to identity rights management. Epok reasons that the sharing of sensitive information is a regular, integral part of business partnerships. But as relationships evolve, and as roles of both internal and external parties change, you need to be able to guard your business-critical information while at the same time continuing to be an effective partner.

Identity rights management is the name gives to the emerging discipline for managing and organizing dynamic business relationships. We've talked about dynamic groups and dynamic policies before and identity rights management extends that - and builds upon it - to enable secure data access, use, distribution, and management across administrative domains as well as within Web services environments. It is, in effect, a way to protect sensitive information while simultaneously allowing fluid collaboration.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

I've just finished reading a white paper published by Epok titled, "Identity Rights Management: Foundation for Federated Data Interchange." I've mentioned Epok before, but this paper gets much deeper into the whole area of identity management, which Epok thinks will become the next enabling technology.

Epok believes that up until now, identity management has been merely the prologue to identity rights management. Epok reasons that the sharing of sensitive information is a regular, integral part of business partnerships. But as relationships evolve, and as roles of both internal and external parties change, you need to be able to guard your business-critical information while at the same time continuing to be an effective partner.

Identity rights management is the name gives to the emerging discipline for managing and organizing dynamic business relationships. We've talked about dynamic groups and dynamic policies before and identity rights management extends that - and builds upon it - to enable secure data access, use, distribution, and management across administrative domains as well as within Web services environments. It is, in effect, a way to protect sensitive information while simultaneously allowing fluid collaboration.

In the Epok scenario, identity rights management environments leverage identities, roles, permissions, and other policy attributes administered under existing identity management implementations. Such environments integrate with and extend the federated identity management infrastructures that support such traditional (if we can use that word about such a new discipline) applications as single sign-on (SSO) and role-based access control (RBAC). More broadly, identity rights management is the basis for federated data interchange, which encompasses not only those applications but also the ones traditionally categorized as Web access management (WAM), enterprise information integration (EII), digital rights management (DRM), supply chain management (SCM), and other management applications.

All of this is explored in the white paper, cogently and thoroughly. The paper also describes the architecture of the identity rights management infrastructure in considerable detail, discussing new rights management-oriented Web services standards like Extensible Resource Identifiers (XRI). It explains how identity rights management infrastructures integrate with federated identity management environments built on Web services standards such as WS-Security, Security Assertion Markup Language (SAML), and the Liberty Alliance Identity Federation Framework (ID-FF).

All of that and yet it's very readable. I didn't write this paper, but I wish I had. I'm very glad I read it, and I think you will be, too.

Read more about security in Network World's Security section.

Dave Kearns is a consultant and editor of IdM, the Journal of Identity Management.