- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
The foundation for security and enterprise management
Phil Windley is an associate professor of Computer Science at Brigham Young University. Prior to that, from 2001 to 2002 he served as the CIO for the State of Utah, responsible for effective use of all IT resources in the state. One of the courses he teaches at BYU is on "digital identity" which, coincidentally (or not) is the name of the book he recently authored for O'Reilly and Associates.
You can read chapter 13, "An Architecture for Digital Identity," online at the O'Reilly site but buying the entire book is better. Still, here's a tiny taste of what's in store for you. In talking about how most identity projects happen, Windley says: "The systems are thrown into place with little thought to standards or interoperability. Solving the problem of the day, week, or month becomes standard operating procedure. The end result is a tangled mess of systems that are brittle and unreliable. Heroic efforts are required to make small changes or even keep the systems running day to day." Sound familiar?
Within the book, Windley also suggests corporate policies for handling identity data. He's now posted sample policies online - you'll find policies covering:
* Naming and Certificates
* Encryption and Digital Signatures
* Access Control
* Data Confidentiality Agreements
Windley's writings are always thoughtful, frequently thought-provoking and occasionally simply provoking (see "Identity Rights Agreements") and this book is all of the above. The table of contents (read the expanded version on the O'Reilly Web site) features these
2. Defining Digital Identity
4. Privacy and Identity
5. The Digital Identity Lifecycle
6. Integrity, Non-Repudiation, and Confidentiality
8. Access Control
9. Names and Directories
10. Digital Rights Management
11. Interoperability Standards
12. Federating Identity
13. An Architecture for Digital Identity
14. Governance and Business Modeling
15. Identity Maturity Models and Process Architectures
16. Identity Data Architectures
17. Interoperability Frameworks for Identity
18. Identity Policies
19. Identity Management Reference Architectures
20. Building an Identity Management Architecture
There's a lot I could say in praise of this work, but probably the best thing is that this is a book I wish I had written. Read it.
Read more about security in Network World's Security section.