Skip to Content
Home > Digital Identity

Digital Identity

Digital identity can be discussed in the context of a set of concepts that provide a framework for addressing the important issues involved in developing an organizational identity management strategy.

The following sections provide reference to information about each area in the framework. At first, these are mostly reference to standards documents and articles about standards in each area. I hope to add other references about the general problem areas as well in the future.

Phil Windley

Related tags:

Authentication and authorization :: Authorization policy representation and management :: Confidentiality :: Directories and Identity Management :: Identity provisioning :: Integrity and non-repudiation :: Managing Trust :: OpenID

Links


Federated Identity Management

http://www.networkcomputing.com/showArticle.jhtml?articleID=196901490

Identity Will Travel. Federation is making it easier to maintain authority across multiple domains. But essential security standards are maturing at an uneven rate. We weigh the risks and rewards of federated ID management. By Gerry Gebel
- Digital Identity -
Added 1036 days ago

Review It Bookmark It


Changing Attitudes Towards Privacy

http://radar.oreilly.com/archives/2007/03/changing_attitu.html

Tim O'Reilly: Andy Kessler just did a good profile on Mark Zuckerberg and Facebook in the Wall Street Journal. (The WSJ has it behind a paywall, but Andy put a copy on his site.) There's a lot of good stuff in the article, but the bit I wanted to call out was about the turnabout in acceptance of Facebook's Newsfeed feature.
- Digital Identity -
Added 1053 days ago

Review It Bookmark It


e-signatures for finserv - management and mechanisms

http://improving-nao.blogspot.com/2006/08/electronic-signatures-for-financial_03.html

In an online world it is tough to ensure the security and integrity of electronic signatures. For different scenarios something stronger than username and password is required, since the agreements and transaction consents may high value and high risk to both institution and customer.
- Digital Identity - Integrity and non-repudiation - Authentication and authorization - 		10 out of 10 stars
Added 1285 days ago

Review It Bookmark It


XACML policy integration algorithms: not to be confused with XACML policy combination algorithms!

http://portal.acm.org/citation.cfm?id=1133058.1133089

Presented at ACM Symposium on Access Control Models and Technologies 2006, Lake Tahoe, California, USA, June 07 - 09, 2006. "XACML is the OASIS standard language for the specification of authorization and entitlement policies. However, while XACML well addresses security requirements of a single enterprise (even if large and composed by multiple departments), it does not address the requirements of virtual enterprises built through collaboration of several autonomous subjects sharing their resources. In this paper we highlight such limitations and we propose an XACML extension, the policy integration algorithm, to address them. In the paper we also discuss in which respect the process of comparing two XACML policies differs from the process used to compare other business rules."
- Digital Identity - Authentication and authorization - Authorization policy representation and management - 		8 out of 10 stars
Added 1296 days ago

Review It Bookmark It


Java XML Digital Signatures

http://java.sun.com/developer/technicalArticles/xml/dig_signatures/index.html

Extensible Markup Language (XML) technology is now an integral part of web-based business applications. These applications require a fundamentally sound and secure infrastructure to meet the security requirements of confidentiality, endpoint authentication, message integrity, and nonrepudiation. XML signature, XML encryption, XML Key Management Specification (XKMS), Security Assertion Markup Language (SAML), and XML Access Control Markup Language (XACML) are the XML security standards that define XML vocabularies and processing rules to meet these security requirements.
- Java - Digital Identity - Authentication and authorization - 		8 out of 10 stars
Added 1301 days ago

Review It Bookmark It


Intro to Identity Management Risk Metrics

http://1raindrop.typepad.com/1_raindrop/2006/07/intro_to_identi.html

In this issue of the IEEE Security & Privacy Journal, I have an article on Introduction to Identity Management Risk Metrics it is in the "Build Security In" column that I co-edit with John Steven. The article looks at ways to use metrics to measure and monitor identity's distribution, quality, affiliation, and governance in the enterprise. There are specific tips for identity and security architects on how to locate and use metrics in their identity management processes and systems.
- Digital Identity - 		8 out of 10 stars
Added 1302 days ago

Review It Bookmark It


Mobilizing Information to Prevent Terrorism: Accelerating Development of a Trusted Information Sharing Environment

http://edodds.blogs.com/conmergence/2006/07/mobilizing_info.html

"We have consistently said that public trust in a network that uses personally-identifiable information can only be achieved if government-wide guidelines for information sharing and privacy protection are established after open public debate," said Zoe Baird, co-chair of the Task Force and President of the Markle Foundation.
- Netpolitics - Digital Identity - E-Democracy - 		8 out of 10 stars
Added 1306 days ago

Review It Bookmark It


A Comprehensive Identity Management Ecosystem and Reference Architecture

http://www.s-ox.com/news/detail.cfm?articleID=1909

To address customer demand for access management capabilities that extend beyond traditional Web-based applications, Oracle has announced the Oracle Extended Identity Management Ecosystem and Reference Architecture. Furthering its support for customers with heterogeneous IT environments, Oracle has teamed with global Independent Software Vendors (ISVs) to deliver a comprehensive blueprint for enterprise security capabilities that span strong authentication, network, legacy and physical access applications. Oracle Identity Management’s support of industry standards such as WS*, XACML, SAML and SPML enable customers and partners to more easily integrate applications with the framework.
- Digital Identity - SAML - 		8 out of 10 stars
Added 1307 days ago

Review It Bookmark It


Document-level security using DB2 9 pureXML and LBAC

http://www-128.ibm.com/developerworks/edu/dm-dw-dm-0607williams-i.html?ca=drs-

DB2 9 pureXML provides native XML storage and retrieval. In addition, DB2 9 provides a new security protection mechanism called Label Based Access Control (LBAC). Combining these two features can produce a Native XML data store that can protect XML documents at the document level by labeling each document row with an LBAC security label, and assigning users their appropriate access level.
- XML - Digital Identity - Identity provisioning - 		8 out of 10 stars
Added 1307 days ago

Review It Bookmark It


Combining ethnographic and clickstream data to identify user Web browsing strategies

http://informationr.net/ir/11-2/paper249.html

This paper describes a novel approach that combines data from direct observation, user surveys and server logs to analyse users' browsing behaviour. It is based on a longitudinal study of university students' use of a Website related to one of their courses. The data was analysed using footstep graphs to categorise browsing behaviour into pre-defined strategies and comparing these with data from questionnaires and direct observation of the students' actual use of the site.
- Website Administration - Usability - Digital Identity - 		6 out of 10 stars
Added 1483 days ago

Review It Bookmark It


Torsten and Amir

http://slashdemocracy.org/identity/

Student blog on master thesis about Identity Management.
- Digital Identity - Johns students - 		10 out of 10 stars
Added 1530 days ago

Review It Bookmark It


Identity 2.0

http://www.identity20.com/media/OSCON2005/

As the online world moves towards Web 2.0, the concept of digital identity is evolving, and existing identity systems are falling behind. New systems are emerging that place identity in the hands of users instead of directories. Simple, secure and open, these systems will provide the scalable, user-centric mechanism for authenticating and managing real-world identities online, enabling truly distinct and portable Internet identities. OSCON Presentation by Dick Hardt, Sxip.
- Digital Identity - Web 2.0 - 		6 out of 10 stars
Added 1587 days ago

Review It Bookmark It


Identity Management, Access Specs are Rolling Along

http://csdl.computer.org/comp/mags/ic/2005/01/w1009.pdf

Greg Goth, IEEE INTERNET COMPUTING, Jan/Feb 2005
- Digital Identity - 		6 out of 10 stars
Added 1797 days ago

Review It Bookmark It


Liberty Alliance Releases Enhanced Framework For Identity-Based Web Services

http://www.webservicespipeline.com/60400110

The Liberty Alliance announced the second-generation version of WSF 2.0, a framework for identity-based Web services. The framework now supports SAML 2.0 and defines how SAML 2.0 can be used to communicate identity information among identity-based Web services.
- Digital Identity - SAML - 		2 out of 10 stars
Added 1823 days ago

Review It Bookmark It


New Liberty Alliance president: Open specs work

http://searchwebservices.techtarget.com/qna/0,289202,sid26_gci1043739,00.html

George Goodman, the director of Intel's Visualization and Trust Lab, was recently elected the new president of the Liberty Alliance Project's management board. The Liberty Alliance Project is an organization working to create open standards and business guidelines for federated identity management and Web services.
- Digital Identity - 		10 out of 10 stars
Added 1848 days ago

Review It Bookmark It