1 Identity Management: Setting Context Joseph Pato Trusted Systems Lab Hewlett-Packard Laboratories One Cambridge Center Cambridge, MA 02412, USA [email protected] Identity Management is the set of processes, tools and social contracts surrounding the creation, maintenance and termination of a digital identity for people or, more generally, for systems and services to enable secure access to an expanding set of systems and applications. Traditionally, identity management has been a core component of system security environments where it has been used for the maintenance of account information for login access to a system or a limited set of applications. An administrator issues accounts so that resource access can be restricted and monitored. Control has been the primary focus for identity management. More recently, however, identity management has exploded out of the sole purview of information security professionals and has become a key enabler for electronic business. As the richness of our electronic lives mirrors our physical world experience, as activities such as shopping, discussion, entertainment and business collaboration are conducted as readily in the cyber world as in person, we begin to expect more convenience from our electronic systems. We expect our personal preferences and profile to be readily available so that, for example, when we visit an electronic merchant we needn’t tediously enter home delivery information; when participating in a discussion, we can check the reputation of other participants; when accessing music or videos, we first see the work of our favorite artists; and when conducting business, we know that our partners are authorized to make decisions. Today, identity management systems are fundamental to underpinning accountability in business relationships; providing customization to user experience; protecting privacy; and adhering to regulatory controls. 1 What is Digital Identity Identity is a complicated concept having many nuances ranging from philosophical to practical. For the purposes of this discussion, we define the identity of an individual as the set of information known about that person. For example, a person’s identity in the real world can be a set of names, addresses, driver’s licenses, birth certificate, field of employment, etc. This set of information includes items such as a name which is used as an identifier – it allows us to refer to the identity without enumerating all of the items; a driver’s license or birth certificate which are used as an authenticator – they are issued by a relevant authority and allow us determine the legitimacy of someone’s claim to the identity; a driver’s license which is used as a privilege – it establishes the permission to operate a motor vehicle. Digital identity is the corresponding concept in the digital world. As people engage in more activities in the cyber world, the trend has been to link the real world attributes of identity with an individual’s cyber world identity giving rise to privacy concerns.2 2 Elements of an Identity Management System Identity management solutions are modular and composed of multiple service and system components. This section outlines components of an example identity management architecture illustrated in figure 1. RepositorySingle Sign-OnPersonalization Access ManagementProvisioning LongevityPolicy ControlAuthenticationProviderAuditingFoundationLifecycleConsumable Figure 1. Identity Management System Components 2.1 Identity Management Foundation Components • Repository – At the core of the system is the logical data storage facility and identity data model which is often implemented as an LDAP accessible directory or meta-directory. Policy information governing access to and use of information in the repository is generally stored here as well. • Authentication Provider – The authentication provider, sometimes referred to as the identity provider, is responsible for performing primary authentication of an individual which will link them to a given identity. The authentication provider produces an authenticator – a token which allows other components to recognize that primary authentication has been performed. Primary authentication techniques include mechanisms such as password verification, proximity token verification, smartcard verification, biometric scans, or even X.509 PKI certificate verification. Each identity may be associated with more than one authentication provider. The mechanisms employed by each provider may be of different strengths and some application contexts may require a minimum strength to accept the claim to a given identity. • Policy Control – Access to and use of identity information is governed by policy controls. Authorization policies determine how information is manipulated; privacy policies govern how identity information may be disclosed. Policy controls may cause events to be audited or even for the subject of an identity to be notified when information is accessed. • Auditing – Secure auditing provides the mechanism to track how information in the repository is created, modified and used. This is an essential enabler for forensic analysis – which is used to determine how and by whom policy controls were circumvented. 2.2 Identity Management Lifecycle Components • Provisioning – Provisioning is the automation of all the procedures and tools to manage the lifecycle of an identity: creation of the identifier for the identity; linkage to the authentication providers; setting and changing attributes and privileges; and decommissioning the identity. In large scale systems, these tools generally allow some form of self-service for the creation and ongoing maintenance of an identity and3 frequently use a workflow or transactional system for verification of data from an appropriate authority and to propagate data to affiliated systems which may not directly consume the repository. • Longevity – Longevity tools create the historical record of an identity. These tools allow the examination of the evolution of an identity over time. 2.3 Identity Management Consumable Value Components • Single Sign-On – Single sign-on allows a user to perform primary authentication once and then access the set of applications and systems that are part of the identity management environment. • Personalization – Personalization and preference management tools