Difference between revisions of "Identity Management"

Revision as of 15:53, 8 September 2020

Full Title or Meme

Identity Management (IdM) or Identity and Access Management (IAM) is a field of management in enterprises that is not clearly defined.

Context

Customer Relationship Management (CRM) has been an issue from the earliest days of tabulating machine deployment or earlier.
Vendor Relationship Management (VRM) has been proposed by Doc Searls^[1] as the User managing their vendors.
The goal of this wiki is to give the user the same ability to manage their Identifiers and Attributes as the web sites that they visit.
While the focus of Identity Management can be strictly limited to the discussion of the provisioning of subject identifiers, the larger topic of Identity and Access Management goes into the ultimate purpose of the identifier, which is to give access to restricted resources. An unfortunate consequence of the need for trusted identifiers in access management, is that those identifiers, and the attributes attached to them become a valued resource of the access managers and are bought and sold by those entities that collect them.

Problems

The term Identity Management is not well defined and leads to the mistaken assumption that what is managed is a user's identity. What this topic actually addresses is the identifiers that are tied to attributes, behaviors and assumptions that allow others to seek to acquire the assets of the real-world person thus labeled and categorized.

For example: According to Gartner, IGA solutions are tools that “manage digital identity and access rights across multiple systems.” They accomplish this by aggregating and correlating identity and access rights data that is distributed throughout the IT landscape, in order to enhance control over user access. This aggregated data serves as the basis for what Gartner considers the core IGA functions:

Identity Life Cycle and Entitlements Management
Access Requests
Workflow Orchestration
Fulfillment via Automated Provisioning and Service Tickets
Reporting and Analytics
Role and Policy Management
Auditing

The goal of both the user and the web site are basically the same: access to digital resources that should be under their control. In the vendor's case, it is content that the user wants to see, or other resources that the user want to access. In the user's case it is their personal information that the vendor wants to exploit. Each end has content that the other wants. It should be a natural thing for them to come to some agreement; except that the vendor has traditionally had more legal and technological expertise to tilt the playing field in their favor.

Solutions

This wiki will focus on User Object management and User Consent managment rather than the less well defined Identity Management.
IdM roles (as defined in the IDEF Functional Model:

User or User Agent
Identity Provider
Attribute Provider
Relying Party
Intermediaries
Credential Service Provider
Registration Authority

The distinction between the real-world User and the digital Entity User Agent often get confused and should be disambiguated in any serious discussion.
In the wiki items 2 and 3 are combined into Identifier or Attribute Provider IAP since the distinction between the two has become blurred.
Also the last two are less interesting and also hard to separate from other functions.

Self Issued Identifiers

Traditionally the internet issued identifiers only to machines and then those machines issued sub-identifiers to humans: for example the well known "mail-to:" scheme of human@machine.tld. Where a top level domain (tld) issued identifiers to machines (via the DNS) and those machines created email addresses for humans. For the Self-issued Identifier the human creates their own identifier, perhaps a GUID which they could them assign any attributes of interest to them and provide it to any web site of interest to them.

Other Approaches

UNCITRAL UNITED NATIONS COMMISSION ON INTERNATIONAL TRADE LAW Working Group IV: Electronic Commerce WP 160 Draft Provisions on the Cross-border Recognition of Identity Management and Trust Services
This [instrument] applies to the use and cross-border recognition of IdM systems and trust services in the context of commercial activities and trade-related government services. For the purposes of paragraph 1, the consent of a subject may be inferred from the subject’s conduct.
US FTC
Underwriter's Labs Identity Management & Security
Each day our world becomes more interconnected. Consumers and businesses are embracing the digitization of many aspects of our lives - our devices, payments, vehicles, homes. UL is dedicated to empowering trust in our transformation to an interconnected world. As the leading safety and security authority, we proactively work with businesses and governments to create standards and implement solutions that organizations and consumers can trust.
Consumer Reports

References

↑ Doc Searls The Intention Economy: When Customers Take Charge (2012-04) ISBN 978-1422158524

Other Material

Virginia Standards for Identity Management p 30. Binding Identity to a Subscriber Provided Authenticator

[1] Doc Searls The Intention Economy: When Customers Take Charge (2012-04) ISBN 978-1422158524

[1]

@@ Line 1: / Line 1: @@
 ==Full Title or Meme==
-Identity Management (IdM) or Identity and Access Management (IAM) is a field of management in enterprises that is not clearly defined.
+[[Identity Management]] (IdM) or [[Identity and Access Management]] (IAM) is a field of management in enterprises that is not clearly defined.
 ==Context==
 *Customer Relationship Management (CRM) has been an issue from the earliest days of tabulating machine deployment or earlier.
 *Vendor Relationship Management (VRM) has been proposed by Doc Searls<ref>Doc Searls ''The Intention Economy: When Customers Take Charge'' (2012-04) ISBN 978-1422158524</ref> as the [[User]] managing their vendors.
-*The goal of this wiki is to give the user the same ability to manage identity as the web sites that they visit.
+*The goal of this wiki is to give the user the same ability to manage their [[Identifier]]s and [[Attribute]]s as the web sites that they visit.
+* While the focus of [[Identity Management]] can be strictly limited to the discussion of the provisioning of subject identifiers, the larger topic of [[Identity and Access Management]] goes into the ultimate purpose of the identifier, which is to give access to restricted resources. An unfortunate consequence of the need for trusted identifiers in access management, is that those identifiers, and the attributes attached to them become a valued resource of the access managers and are bought and sold by those entities that collect them.
 ==Problems==
-The term is not well defined.
+The term [[Identity Management]] is not well defined and leads to the mistaken assumption that what is managed is a user's identity. What this topic actually addresses is the identifiers that are tied to attributes, behaviors and assumptions that allow others to seek to acquire the assets of the real-world person thus labeled and categorized.
 For example: According to Gartner, IGA solutions are tools that “manage digital identity and access rights across multiple systems.” They accomplish this by aggregating and correlating identity and access rights data that is distributed throughout the IT landscape, in order to enhance control over user access. This aggregated data serves as the basis for what Gartner considers the core IGA functions:
-•	Identity Life Cycle and Entitlements Management
+* Identity Life Cycle and Entitlements Management
-•	Access Requests
+* Access Requests
-•	Workflow Orchestration
+* Workflow Orchestration
-•	Fulfillment via Automated Provisioning and Service Tickets
+* Fulfillment via Automated Provisioning and Service Tickets
-•	Reporting and Analytics
+* Reporting and Analytics
-•	Role and Policy Management
+* Role and Policy Management
-•	Auditing
+* Auditing
+The goal of both the user and the web site are basically the same: access to digital resources that should be under their control. In the vendor's case, it is content that the user wants to see, or other resources that the user want to access. In the user's case it is their personal information that the vendor wants to exploit. Each end has content that the other wants. It should be a natural thing for them to come to some agreement; except that the vendor has traditionally had more legal and technological expertise to tilt the playing field in their favor.
 ==Solutions==
-*This wiki will focus on [[User Object]] management and [[User Consent]] managment rather than [[Identity Management]].
+*This wiki will focus on [[User Object]] management and [[User Consent]] managment rather than the less well defined [[Identity Management]].
 *IdM roles (as defined in the IDEF Functional Model:
 #[[User]] or [[User Agent]]
@@ Line 27: / Line 29: @@
 #Relying Party
 #Intermediaries
-#Credential Service Provider
+#[[Credential Service Provider]]
-#Registration Authorities
+#[[Registration Authority]]
 *The distinction between the real-world [[User]] and the digital [[Entity]] [[User Agent]] often get confused and should be disambiguated in any serious discussion.
-*In the wiki items 2 and 3 are combined into IAP since the distinction between the two has become blurred.
+*In the wiki items 2 and 3 are combined into [[Identifier or Attribute Provider]] IAP since the distinction between the two has become blurred.
 *Also the last two are less interesting and also hard to separate from other functions.
+===Self Issued Identifiers===
+Traditionally the internet issued identifiers only to machines and then those machines issued sub-identifiers to humans: for example the well known "mail-to:" scheme of human@machine.tld. Where a top level domain (tld) issued identifiers to machines (via the [[DNS]]) and those machines created email addresses for humans. For the [[Self-issued Identifier]] the human creates their own identifier, perhaps a [[GUID]] which they could them assign any attributes of interest to them and provide it to any web site of interest to them.
+===Other Approaches===
+#UNCITRAL UNITED NATIONS COMMISSION ON INTERNATIONAL TRADE LAW Working Group IV: Electronic Commerce WP 160 [https://undocs.org/en/A/CN.9/WG.IV/WP.160 Draft Provisions on the Cross-border Recognition of Identity Management and Trust Services]<blockquote>This [instrument] applies to the use and cross-border recognition of IdM systems and trust services in the context of commercial activities and trade-related government services. For the purposes of paragraph 1, the consent of a subject may be inferred from the subject’s conduct.</blockquote>
+# US FTC
+# [https://ims.ul.com/ Underwriter's Labs] Identity Management & Security<blockquote>Each day our world becomes more interconnected. Consumers and businesses are embracing the digitization of many aspects of our lives - our devices, payments, vehicles, homes. UL is dedicated to empowering trust in our transformation to an interconnected world. As the leading safety and security authority, we proactively work with businesses and governments to create standards and implement solutions that organizations and consumers can trust.</blockquote>
+#Consumer Reports
 ==References==
 <references />
 ===Other Material===
-*[https://rga.lis.virginia.gov/Published/2017/RD367/PDF Virginia Standards] for [[Identity Managment]] p 30. Binding Identity to a Subscriber Provided Authenticator
+*[https://rga.lis.virginia.gov/Published/2017/RD367/PDF Virginia Standards] for [[Identity Management]] p 30. Binding Identity to a Subscriber Provided Authenticator
 [[Category:Glossary]]
 [[Category:Identity]]

Difference between revisions of "Identity Management"

Revision as of 15:53, 8 September 2020

Contents

Full Title or Meme

Context

Problems

Solutions

Self Issued Identifiers

Other Approaches

References

Other Material

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Tools

Sidebar Links