A note on the digital index A link in an index entry is displayed as the section title in which that entry appears. Because some sections have multiple index markers, it is not unusual for an entry to have several links to the same section. Clicking on any link will take you directly to the place in the text in which the marker appears.
A abstract authorization architectures, Abstract Authorization Architectures abstracted identity, Identity Powershifts access control accountability, Accountability Scales Better than Enforcement authorization patterns, Accountability Scales Better than Enforcement custodians, Responsibility DAC (discretionary access control), Mandatory and Discretionary Access Control digital certificates and, Digital Certificates and Access Control enforcement and, Accountability Scales Better than Enforcement least privilege principle, Principle of Least Privilege MAC (mandatory access control), Mandatory and Discretionary Access Control owners, Responsibility policies and, Policy First , Access Control RBAC (role-based access control), Role-Based Access Control responsiblity and, Responsibility user-based permission systems, Mandatory and Discretionary Access Control users, Principle of Least Privilege accountability access control, Accountability Scales Better than Enforcement privacy and, Privacy Principles accuracy, privacy and, Prerequisites ACLs (access control lists), Access-Control Lists ad hoc federation pattern, Three Federation Patterns ad hoc level, maturity model, Level 2: Focused ADA (authorization decision assertion), Identity Scenarios in the Physical World , Digital Certificates and Access Control advisor, IMA, Supporting Roles aggregation, Identity Powershifts directory information, Aggregating Directory Information algorithms challenge-response systems, Password reset DER (Distinguished Encoding Rules), Certificate Authorities message digests, Digital Signatures public-key cryptosystems, Public key cryptosystem algorithms secret key cryptography, Public key cryptography anonymity, Anonymity and Pseudonymity Apple iTunes DRM and, Apple iTunes: A Case Study in DRM problems, Trusted Computing Platforms architectures categories, An Architecture for Digital Identity data architecture building, Processes Trump Data , Processes Link Identities data categorization, Data Categorization processes, Processes Trump Data data architectures, Identity Data Architectures data inventory, The Identity Data Inventory identity data audit, Data Categorization identity mapping, Identity Mapping identity management, Identity Management Architecture RA (reference architecture), Reference Architectures benefits, Benefits and Pitfalls pitfalls, Benefits and Pitfalls SRAs (system reference architectures), Goal State CIBs assertions, Authentication and Authorization Assertions assessing policies, Assessing Identity Policies ATM, digital ID and, Using Digital Identity attributes, definition, The Language of Digital Identity audience, IMA, Primary Roles auditability, authentication systems, Manageability authentication, The Language of Digital Identity biometric devices, Biometric Devices biometrics, The Language of Digital Identity CAs and, Certificate Authorities challenge-response systems, Password reset cookies, Cookies credentials, The Language of Digital Identity digital certificates, Digital Certificates factors, Authentication Systems federation support, Manageability ID and password systems, ID and Password interoperability, Authentication and Authorization Assertions passwords, Password management policies, Privacy smart cards, Smart Cards systems, Authentication and Trust trust and, Authentication and Trust authentication systems auditability, Manageability locational transparency, Locational Transparency manageability, Manageability practicality, Authentication System Properties privacy levels, Locational Transparency properties, Authentication System Properties protocol insensitiviy, Locational Transparency reliability, Locational Transparency security level, Authentication System Properties authoritative directories, Enterprise Directory Services authorization abstract architectures, Abstract Authorization Architectures ACLs (access control lists), Access-Control Lists assertions, Authentication and Authorization Assertions DAC (discretionary access control), Mandatory and Discretionary Access Control interoperability, Authentication and Authorization Assertions MAC (mandatory access control), Mandatory and Discretionary Access Control patterns, Accountability Scales Better than Enforcement policies, Representing and Managing Authorization Policies RBAC (role-based access control), Role-Based Access Control user-based permission systems, Mandatory and Discretionary Access Control B BankAmericard, Federation in the Credit Card Industry benefits of digital ID, Digital Identity Matters best practices, Filling the Gaps with Best Practices RA (reference architecture), Using a Reference Architecture BFM (business function matrix), creating, Business Function Matrix biometrics, authentication and, The Language of Digital Identity , Biometric Devices business context, digital ID and, The Business Context of Identity business opportunities, Business Opportunity C CAs (certificate authorities), Certificate Authorities authentication and, Certificate Authorities certification path, Public-Key Infrastructures CPS (certification practice statement), Certificate Revocations Lists CRL (certificate revocation lists), Certificate Revocations Lists services provided, Certificate Authorities centralized identity, Centralized Versus Federated Identity efficiency, The Mirage of Centralized Efficiency federated comparison, Centralized Versus Federated Identity certificate subjects, Digital Certificates certificates authentication and, Digital Certificates policies, An Identity Policy Suite certification path, Public-Key Infrastructures challenge-response systems, Password reset digital certificates, Digital Certificates smart cards, Smart Cards champion, IMA, Primary Roles CIB (consolidated infrastructure blueprint), Consolidated Infrastructure Blueprint goal states, Goal State CIBs communicator, IMA, Supporting Roles confidentiality cryptography, Confidentiality encryption, Confidentiality interoperability and, Confidentiality: XML Encryption introduction, Cryptography steganography, Confidentiality consent, privacy and, Privacy Principles conventional cryptography, Secret keys cookies, Cookies privacy and, Privacy Policy Capitalism CPS (certification practice statement), Certificate Revocations Lists credentials, The Language of Digital Identity , Authentication authentication, The Language of Digital Identity cookies, Cookies credit cards, federated identity and, Federation in the Credit Card Industry CRL (certificate revocation lists), Certificate Revocations Lists cryptography, Confidentiality confidentiality and, Cryptography conventional, Secret keys hybrid key systems, Hybrid key systems key systems, Cryptography private keys and, Public key cryptography public key, Public key cryptography public-key systems, Public key cryptosystem algorithms secret key, Secret keys symmetric cryptography, Secret keys custodians, access control and, Responsibility D DAC (discretionary access control), Mandatory and Discretionary Access Control data architecture building, Processes Trump Data data categorization, Data Categorization data inventory, The Identity Data Inventory identity data audit, Data Categorization identity mapping, Identity Mapping process-to-identity matrix, Process-to-Identity Matrix data architectures, Identity Data Architectures processes, Processes Trump Data data audit, Data Categorization data categorization, Data Categorization data exchange, Exchanging Identity Data data structure, Identity Data Structure and Metadata databases, directory comparison, Directories Are Not Databases deprovisioning, lifecycle, Deprovisioning digital certificates, Digital Certificates access control and, Digital Certificates and Access Control authentication and, Digital Certificates challege-response systems, Digital Certificates public-key infrastructure and, Digital Certificates digital leakage, Digital Leakage digital signatures, Hybrid key systems , Digital Signatures policies, Passwords directories, Names and Directories , Directories aggregation, Aggregating Directory Information authoritative directories, Enterprise Directory Services database comparison, Directories Are Not Databases example, An Example Directory metadirectories, Aggregating Directory Information policies, Directories schema, Directories Utah, Utah.gov: Naming and Directories virtual directories, Virtual Directories directory services, Cool URIs Don’t Change enterprise DNS, Domain Name System RMIRegistry, RMIRegistry LDAP, LDAP X.500, X.500: heavyweight directory services Distinguished Encoding Rules (DER), Digital Certificates DNS (Domain Name System), Enterprise Directory Services TLD (top-level domain), Enterprise Directory Services domains, Namespaces DRM (digital rights management), Digital Leakage Apple iTunes and, Apple iTunes: A Case Study in DRM conflicts, The DRM Battle features, Features of DRM music downloads and, Apple iTunes: A Case Study in DRM platforms, Trusted Computing Platforms reference architecture, Features of DRM rights specification, Specifying Rights XrML and, XrML E eBay, Reputation and Trust Communities employee provisioning, Employee Provisioning encryption confidentiality and, Cryptography digital signatures, Hybrid key systems policies, Passwords secret key, Secret keys XML, Confidentiality: XML Encryption end user licenses, XrML, XrML enforcement, access control, Accountability Scales Better than Enforcement enforcing policies, Enforcement enterprise directory services DNS, Domain Name System LDAP, LDAP RMIRegistry, RMIRegistry X.500, X.500: heavyweight directory services enterprise executive, IMA, Resources enterprise projects, IMA scoping, Which Projects Are Enterprise Projects? entities, Defining Digital Identity entitlements, The Language of Digital Identity evidence, trust, Trust and Evidence exchanging identity data, Identity Data Structure and Metadata external requirements, policies, Security Considerations F factors in authentication, Authentication Systems federated identity, Federating Identity benefits, Benefits of Federated Identity centralized comparison, Centralized Versus Federated Identity credit card industry, Federation in the Credit Card Industry federation patterns, Three Federation Patterns networks, future of, The Future of Federated Identity Networks patterns ad hoc federation, Three Federation Patterns hub-and-spoke federation, Pattern 2: Hub-and-Spoke Federation identity network, Scenario 3: Identity Network security and, A Secure, Protected Environment standards, Benefits of Federated Identity future of, Liberty Alliance IBM and, Microsoft, IBM, and the WS-* Roadmap Internet2 and, Internet2 and Shibboleth Microsoft and, Digital Identity Standards OASIS and, OASIS Shibboleth and, Liberty Alliance WS-* and, Digital Identity Standards standardsLiberty Alliance, Liberty Alliance TIAA-CREF and, Federation in the Credit Card Industry trust and, Addressing the Problem of Trust federation policies, Federation federation support, authentication systems, Manageability feedback for policies, Feedback on Existing Policies filenames, namespaces, Naming flat namespaces, Naming focused level, maturity model, Level 2: Focused G goal states, CIB, Goal State CIBs governance BFM (business function matrix), Business Function Matrix , IMA Principles business context, Understanding the Business Context IMA lifecycle, IMA Lifecycle IMA model, IMA Governance Model initial steps, Creating a Vision primary roles, IMA Governing Roles roles, Creating a Vision supporting roles, Primary Roles vision, Initial Steps GSM phones, Smart Cards I IBM, federated identity standards and, Digital Identity Standards ID and password systems, ID and Password identifying purposes, privacy and, Privacy Principles identity abstracted, Identity Powershifts ATM and, Using Digital Identity benefits, Digital Identity Matters business context, The Business Context of Identity centralized, Centralized Versus Federated Identity efficiency, The Mirage of Centralized Efficiency federated, Federating Identity inconsistency across sources, Identity Data Structure and Metadata overview, The Language of Digital Identity scenarios, Identity Scenarios in the Physical World security and, Identity, Security, and Privacy shared, Digital Identity Perspectives technologies, Foundational Technologies for Digital Identity tiers, Digital Identity Perspectives identity aggregation, Identity Powershifts identity data audit, Data Categorization identity data exchange, Exchanging Identity Data identity data principles, Principles for Identity Data identity federation network, Three Federation Patterns identity mapping, Identity Mapping identity maturity model, Identity Maturity Models and Process Architectures identity policies authentication, Authentication characteristics, Attributes of a Good Identity Policy digital signatures, Encryption and Digital Signatures directories, Directories encryption, Encryption and Digital Signatures external requirements, Security Considerations feedback, Feedback on Existing Policies naming and certificates, Naming and Certificates needs, Business Inspired Projects and Processes outline, Policy Outline passwords, Passwords privacy, Privacy security, Security Considerations writing, Feedback on Existing Policies identity policy suite, An Identity Policy Suite identity process evaluation, Finding Identity Processes identity process inventory, Finding Identity Processes planning, A Practical Action Plan IF (interoperability frameworks), Principles of a Good IF cautions, A Word of Warning characteristics, Principles of a Good IF example framework, Example Interoperability Framework standards, Principles of a Good IF listing, Listing Standards status, Standard Status IMA (identity management architecture), Identity Management Architecture benefits, The Benefits of an Identity Management Architecture components, Identity Management Architecture Components data and, Build a Data Architecture data architecture, Identity Management Architecture Components enterprise projects, Which Projects Are Enterprise Projects? governance model, IMA Governance Model initial steps, Creating a Vision primary roles, IMA Governing Roles roles, Creating a Vision supporting roles, Primary Roles vision, Initial Steps lifecycle, governance and, IMA Lifecycle myths, Conclusion: Dispelling IMA Myths outsourcing, What to Outsource policies, Identity Management Architecture Components policy review framework, The Policy Review Framework principles, IMA Principles process architecture, Identity Management Architecture Components roadblocks, Roadblocks scope, Scoping the Process sequencing, Sequencing the IMA Effort success, Success Factors technical reference architecture, Identity Management Architecture Components timeline for building, A Piece at a Time IMA team, Primary Roles inconsistency of identities, Identity Data Structure and Metadata individual access, privacy and, Prerequisites integrated level, maturity model, Level 4: Integrated integrity interoperability and, Integrity and Non-Repudiation: XML Signature introduction, Integrity validation and, Principles for Identity Data Internet2, federated identity standards, Liberty Alliance interoperability authentication, Authentication and Authorization Assertions authorization, Authentication and Authorization Assertions authorization policies, Representing and Managing Authorization Policies confidentiality and, Confidentiality: XML Encryption integrity, Integrity and Non-Repudiation: XML Signature lifecycle and, Standards and the Digital Identity Lifecycle non-repudiation, Integrity and Non-Repudiation: XML Signature policy stack and, Attributes of a Good Identity Policy provisioning, Identity Provisioning XML encyrption and, Confidentiality: XML Encryption XML signature, Integrity and Non-Repudiation: XML Signature inventory, The Identity Data Inventory L laws concerning privacy, Privacy Drivers LDAP (lightweight directory access protocol), X.500: heavyweight directory services least privilege principle, access control and, Principle of Least Privilege Liberty Alliance, federated identity standards, Liberty Alliance licenses, XrML, XrML lifecycle deprovisioning, Deprovisioning IMA, governance and, IMA Lifecycle interoperability standards and, Standards and the Digital Identity Lifecycle maintenance, Using propagating, Provisioning provisioning, Provisioning using, Using limiting collection, privacy and, Privacy Principles limiting use, disclosure, and retention, privacy and, Privacy Principles locational transparency, authentication systems, Locational Transparency M MAC (mandatory access control), Mandatory and Discretionary Access Control maintenance, lifecycle, Using manageability of authentication systems, Manageability manager, IMA, Primary Roles mapping, Identity Mapping MasterCharge, Federation in the Credit Card Industry maturity levels, Maturity Levels maturity model, Maturity Levels ad hoc level, Level 2: Focused best practices, Filling the Gaps with Best Practices focused level, Level 2: Focused integrated level, Level 4: Integrated standardized level, Level 3: Standardized message digests, Public key cryptosystem algorithms algorithms, Message Digests and Hashes characteristics, Message Digests and Hashes public-key cryptography and, Digital Signatures metadata, Identity Data Structure and Metadata metadirectories, Aggregating Directory Information Metcalfe’s Law (networks), Network Effects and Digital Identity Management Microsoft, federated identity standards and, Digital Identity Standards music downloads, DRM and, Apple iTunes: A Case Study in DRM N names, Names and Directories overview, Naming Utah, Utah.gov: Naming and Directories namespace connector, Metadirectories namespaces, Namespaces filenames, Naming flat, Namespaces hierarchical, Namespaces URIs (uniform resource indicators), Uniform Resource Indicators: A Universal Namespace naming policies, Naming and Certificates networks, Network Effects and Digital Identity Management federated identity, future of, The Future of Federated Identity Networks Metcalfe’s law, Network Effects and Digital Identity Management non-repudiation interoperability and, Integrity and Non-Repudiation: XML Signature introduction, Integrity NRO (Non-Repudiation of Origin), Integrity NRR (Non-Repudiation of Receipt), Integrity P passwords authentication, ID and Password management, Password management reset, Password reset patterns in authorization, Accountability Scales Better than Enforcement PDP (policy decision point), The Language of Digital Identity , Abstract Authorization Architectures PEP (policy enforcement point), The Language of Digital Identity , Abstract Authorization Architectures permissions, The Language of Digital Identity Unix filesystem, User-Based Permission Systems user-based permission systems, Mandatory and Discretionary Access Control PKIs (public-key infrastructure), Public-Key Infrastructures policies access control, Access Control access control and, Policy First assessments, Assessing Identity Policies authentication, Authentication authorization, Representing and Managing Authorization Policies business projects and processes, Business Inspired Projects and Processes characteristics, Attributes of a Good Identity Policy digital signatures, Encryption and Digital Signatures directories, Directories encryption, Encryption and Digital Signatures enforcement, Assessing Identity Policies external requirements, Security Considerations federation, Federation feedback, Feedback on Existing Policies identity policy suite, An Identity Policy Suite naming and certificates, Naming and Certificates needs, Business Inspired Projects and Processes outline, Policy Outline passwords, Passwords policy stack, The Policy Stack privacy, Privacy procedures and, Procedures provisioning, Provisioning security and, Security Considerations writing, Feedback on Existing Policies policy decision point (PDP), The Language of Digital Identity policy enforcement point (PEP), The Language of Digital Identity policy review framework, The Policy Review Framework position statements, Technical Position Statements practicality of authentication system, Authentication System Properties preferences, The Language of Digital Identity prerequisites, privacy, Prerequisites principles for identity data, Principles for Identity Data privacy, Identity, Security, and Privacy accountability and, Privacy Principles accuracy and, Privacy Principles audits, Privacy Audits challenging compliance and, Prerequisites consent and, Privacy Principles cookies, Privacy Policy Capitalism disclosure limits, Privacy Principles grocery store scan cards, Privacy Pragmatism identifying purposes and, Privacy Principles individual access and, Prerequisites laws and regulations, Privacy Drivers levels, authentication system, Locational Transparency limiting collection, Privacy Principles opennes, Prerequisites policies, Privacy Policy Capitalism prerequisites, Prerequisites retention limits, Privacy Principles RFID and, Who’s Afraid of RFID? safeguards and, Prerequisites Sarbanes-Oxley, Privacy Drivers use limits, Privacy Principles privacy policies, Privacy private keys, cryptography, Public key cryptography procedures, Enforcement process, The Language of Digital Identity process evaluation, Finding Identity Processes process inventory, Finding Identity Processes planning, A Practical Action Plan process-to-identity matrix, Process-to-Identity Matrix processes data and, Processes Trump Data data architecture, Processes Trump Data employee provisioning, Employee Provisioning procurement manager, IMA, Resources product and project teams, IMA, Resources propagation, lifecycle and, Provisioning protocol insensitivity, authentication systems, Locational Transparency provisioning definition, Provisioning interoperability and, Identity Provisioning overview, Provisioning policies, Authentication SPML, Identity Provisioning pseudonymity, Anonymity and Pseudonymity PSP (Provisioning Service Provider) SPML and, Identity Provisioning PST (Provisioning Service Target) SPML and, Identity Provisioning public-key cryptography, Public key cryptography , Public key cryptosystem algorithms key pairs, Public key cryptography message digests and, Digital Signatures public-key infrastructure digital certificates and, Digital Certificates public-key infrastructures, Conclusion pull profile, SAML, Example SAML Use Cases push profile, SAML, Example SAML Use Cases R RA (reference architecture), Reference Architectures benefits of, Benefits and Pitfalls best practices, Reference Architecture Best Practices components, Components of a Reference Architecture pitfalls, Benefits and Pitfalls uses, Components of a Reference Architecture RA (Requesting Authority), SPML and, Identity Provisioning RBAC (role-based access control), Role-Based Access Control reliability, authentication systems, Locational Transparency reputation, Reputation and Trust Communities reset password, Password reset resources, definition, The Language of Digital Identity reviewer, IMA, Supporting Roles revocation of certificate, Certificate Revocations Lists revoked, Certificate Revocations Lists RFID (radio frequency identification device), Who’s Afraid of RFID? privacy and, Privacy Pragmatism RMIRegistry, RMIRegistry S safeguards, privacy and, Prerequisites SAML (Security Assertion Markup Language), Authentication and Authorization Assertions example use cases, Example SAML Use Cases pull profile, Example SAML Use Cases push profile, Example SAML Use Cases scope, IMA building and, Scoping the Process secret key cryptography algorithms, Public key cryptography secret key encryption, Cryptography security authentication systems, appropriate level, Authentication System Properties federated identity, Addressing the Problem of Trust identity and, Identity, Security, and Privacy policies, Security Considerations security authority, The Language of Digital Identity security policy, The Language of Digital Identity sequencing IMA, Sequencing the IMA Effort shared identity, Digital Identity Perspectives Shibboleth, federated identity standards, Liberty Alliance signature verification, Public key cryptography SIM (Subscriber Information Module), GSM phones, Smart Cards smart cards, Smart Cards challenge-response systems, Smart Cards SOAP, web services profile, Identity Provisioning SOAs (service-oriented architectures), The Business Context of Identity special interest groups, IMA, Resources SPML (Service Provisioning Markup Language), Identity Provisioning requests, SPML Requests and Responses responses, SPML Requests and Responses SRAs (system reference architectures), Goal State CIBs SSL (Secure Sockets Layer), Public key cryptosystem algorithms SSO (single sign-on), Aggregating Directory Information standardized level, maturity model, Level 3: Standardized steganography, confidentiality and, Cryptography subject, Defining Digital Identity subject matter expert, IMA, Resources symmetric cryptography, Secret keys T technical operations staff, IMA, Resources technical position statements, Components of a Reference Architecture technical positions, Making Decisions About Technical Positions technologies, Foundational Technologies for Digital Identity TIAA-CREF, federated identity and, Federation in the Credit Card Industry tiers of identity, Digital Identity Perspectives TLS (transport layer security), Public key cryptosystem algorithms traits, The Language of Digital Identity transparency, Principles for Identity Data trust authentication and, Authentication and Trust evidence, Trust and Evidence examples of, Trust federated identity and, Addressing the Problem of Trust introduction, Conclusion trust communities, Reputation and Trust Communities U Unix filesystem permissions, User-Based Permission Systems URIs (uniform resource indicators), Uniform Resource Indicators: A Universal Namespace changes, Cool URIs Don’t Change URLs and, Uniform Resource Indicators: A Universal Namespace URLs (Uniform Resource Locators), URIs and, Uniform Resource Indicators: A Universal Namespace user-based permission systems, Mandatory and Discretionary Access Control users, access control and, Principle of Least Privilege using, lifecycle, Using Utah, naming and directories, Utah.gov: Naming and Directories
..................Content has been hidden....................
You can't read the all page of ebook, please click
here login for view all page.