Skip Links

Summer reading: Corporate policies for handling ID data

Identity management book recommendation

Security Identity Management Alert By Dave Kearns, Network World
August 17, 2005 12:02 AM ET
Sign up for this newsletter now!

The foundation for security and enterprise management

Phil Windley is an associate professor of Computer Science at Brigham Young University. Prior to that, from 2001 to 2002 he served as the CIO for the State of Utah, responsible for effective use of all IT resources in the state. One of the courses he teaches at BYU is on "digital identity" which, coincidentally (or not) is the name of the book he recently authored for O'Reilly and Associates.

You can read chapter 13, "An Architecture for Digital Identity," online at the O'Reilly site but buying the entire book is better. Still, here's a tiny taste of what's in store for you. In talking about how most identity projects happen, Windley says: "The systems are thrown into place with little thought to standards or interoperability. Solving the problem of the day, week, or month becomes standard operating procedure. The end result is a tangled mess of systems that are brittle and unreliable. Heroic efforts are required to make small changes or even keep the systems running day to day." Sound familiar?

Within the book, Windley also suggests corporate policies for handling identity data. He's now posted sample policies online - you'll find policies covering:

* Naming and Certificates
* Passwords
* Encryption and Digital Signatures
* Directories
* Privacy
* Authentication
* Access Control
* Provisioning
* Federation
* Data Confidentiality Agreements

Windley's writings are always thoughtful, frequently thought-provoking and occasionally simply provoking (see "Identity Rights Agreements") and this book is all of the above. The table of contents (read the expanded version on the O'Reilly Web site) features these chapters:
1. Introduction
2. Defining Digital Identity
3. Trust
4. Privacy and Identity
5. The Digital Identity Lifecycle
6. Integrity, Non-Repudiation, and Confidentiality
7. Authentication
8. Access Control
9. Names and Directories
10. Digital Rights Management
11. Interoperability Standards
12. Federating Identity
13. An Architecture for Digital Identity
14. Governance and Business Modeling
15. Identity Maturity Models and Process Architectures
16. Identity Data Architectures
17. Interoperability Frameworks for Identity
18. Identity Policies
19. Identity Management Reference Architectures
20. Building an Identity Management Architecture

There's a lot I could say in praise of this work, but probably the best thing is that this is a book I wish I had written. Read it.

Read more about security in Network World's Security section.

Dave Kearns is a consultant and editor of IdM, the Journal of Identity Management.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News