Digital Identity
暫譯: 數位身份認證
Phillip J. Windley
- 出版商: O'Reilly
- 出版日期: 2005-09-06
- 售價: $1,420
- 貴賓價: 9.5 折 $1,349
- 語言: 英文
- 頁數: 256
- 裝訂: Paperback
- ISBN: 0596008783
- ISBN-13: 9780596008789
已過版
買這商品的人也買了...
-
Effective TCP/IP Programming: 44 Tips to Improve Your Network Programs (Paperback)$2,480$2,356 -
Writing Secure Code, 2/e (Paperback)$2,030$1,929 -
$3,420Agile Software Development: Principles, Patterns, and Practices (Hardcover) -
C++ 教學手冊$590$460 -
Win32 API 系統程式實例入門─使用Visual C++.NET實作$480$374 -
天才當家─留住人才的 34 道金配方 (Peopleware: Productive Projects and Teams, 2/e)$300$255 -
JSP 2.0 技術手冊$750$593 -
$1,127Artificial Intelligence Illuminated (Paperback) -
Internet TCP/IP 協定觀念與實作, 2/e$580$493 -
Windows Server 2003 企業伺服器建構與管理實務$620$484 -
ASP.NET 徹底研究進階技巧─高階技巧與控制項實作$650$507 -
駭客防護實戰系列─木馬防護全攻略$490$417 -
離散與組合數學 (Discrete and Combinatorial Mathematics, 5/e)$980$931 -
Linux iptables 技術實務─防火牆、頻寬管理、連線管制$620$527 -
Head First Servlets & JSP:SCWCD 專業認證指南 (Head First Servlets & JSP)$880$748 -
中文輸入實力養成暨評量 (2005年版)$320$253 -
CCNA 認證教戰手冊 (CCNA: Cisco Certified Network Associate Study Guide, 5/e)(Exam 640-801)$820$697 -
RFID 實踐非接觸式智慧卡系統開發$580$493 -
計算機組織與設計 (Computer Organization and Design: The Hardware/Software Interface, 3/e)$680$646 -
深入淺出 Java 程式設計, 2/e (Head First Java, 2/e)$880$695 -
PMP Exam Prep: Rita's Course in a Book for Passing the PMP Exam, 5/e$3,026$2,875 -
ASP.NET 2.0 深度剖析範例集$650$507 -
$1,080CMMI: Guidelines for Process Integration and Product Improvement, 2/e -
例說 89S51-C 語言$595$583 -
ng-book - The Complete Book on AngularJS (Paperback)$2,460$2,337
相關主題
商品描述
Description:
The rise of network-based, automated services in the past decade has definitely changed the way businesses operate, but not always for the better. Offering services, conducting transactions and moving data on the Web opens new opportunities, but many CTOs and CIOs are more concerned with the risks. Like the rulers of medieval cities, they've adopted a siege mentality, building walls to keep the bad guys out. It makes for a secure perimeter, but hampers the flow of commerce.
Fortunately, some corporations are beginning to rethink how they provide security, so that interactions with customers, employees, partners, and suppliers will be richer and more flexible. Digital Identity explains how to go about it. This book details an important concept known as "identity management architecture" (IMA): a method to provide ample protection while giving good guys access to vital information and systems. In today's service-oriented economy, digital identity is everything. IMA is a coherent, enterprise-wide set of standards, policies, certifications and management activities that enable companies like yours to manage digital identity effectively--not just as a security check, but as a way to extend services and pinpoint the needs of customers.
Author Phil Windley likens IMA to good city planning. Cities define uses and design standards to ensure that buildings and city services are consistent and workable. Within that context, individual buildings--or system architectures--function as part of the overall plan. With Windley's experience as VP of product development for Excite@Home.com and CIO of Governor Michael Leavitt's administration in Utah, he provides a rich, real-world view of the concepts, issues, and technologies behind identity management architecture.
How does digital identity increase business opportunity? Windley's favorite example is the ATM machine. With ATMs, banks can now offer around-the-clock service, serve more customers simultaneously, and do it in a variety of new locations. This fascinating book shows CIOs, other IT professionals, product managers, and programmers how security planning can support business goals and opportunities, rather than holding them at bay.
Table of Contents:
Foreword
Preface
1. Introduction
Business Opportunity
Digital Identity Matters
Using Digital Identity
The Business Context of Identity
Foundational Technologies for Digital Identity
Identity Management Architectures
2. Defining Digital Identity
The Language of Digital Identity
Identity Scenarios in the Physical World
Identity, Security, and Privacy
Digital Identity Perspectives
Identity Powershifts
Conclusion
3. Trust
What Is Trust?
Trust and Evidence
Trust and Risk
Reputation and Trust Communities
Conclusion
4. Privacy and Identity
Who's Afraid of RFID?
Privacy Pragmatism
Privacy Drivers
Privacy Audits
Privacy Policy Capitalism
Anonymity and Pseudonymity
Privacy Principles
Prerequisites
Conclusion
5. The Digital Identity Lifecycle
Provisioning
Propagating
Using
Maintaining
Deprovisioning
Conclusion
6. Integrity, Non-Repudiation, and Confidentiality
Integrity
Non-Repudiation
Confidentiality
Conclusion
7. Authentication
Authentication and Trust
Authentication Systems
Authentication System Properties
Conclusion
8. Access Control
Policy First
Authorization Patterns
Abstract Authorization Architectures
Digital Certificates and Access Control
Conclusion
9. Names and Directories
Utah.gov: Naming and Directories
Naming
Directories
Aggregating Directory Information
Conclusion
10. Digital Rights Management
Digital Leakage
The DRM Battle
Apple iTunes: A Case Study in DRM
Features of DRM
DRM Reference Architecture
Trusted Computing Platforms
Specifying Rights
Conclusion
11. Interoperability Standards
Standards and the Digital Identity Lifecycle
Integrity and Non-Repudiation: XML Signature
Confidentiality: XML Encryption
Authentication and Authorization Assertions
Example SAML Use Cases
Identity Provisioning
Representing and Managing Authorization Policies
Conclusion
12. Federating Identity
Centralized Versus Federated Identity
The Mirage of Centralized Efficiency
Network Effects and Digital Identity Management
Federation in the Credit Card Industry
Benefits of Federated Identity
Digital Identity Standards
Three Federation Patterns
Conclusion
13. An Architecture for Digital Identity
Identity Management Architecture
The Benefits of an Identity Management Architecture
Success Factors
Roadblocks
Identity Management Architecture Components
Conclusion
14. Governance and Business Modeling
IMA Lifecycle
IMA Governance Model
Initial Steps
Creating a Vision
IMA Governing Roles
Resources
What to Outsource
Understanding the Business Context
Business Function Matrix
IMA Principles
Conclusion
15. Identity Maturity Models and Process Architectures
Maturity Levels
The Maturity Model
The Rights Steps at the Right Time
Finding Identity Processes
Evaluating Processes
A Practical Action Plan
Filling the Gaps with Best Practices
Conclusion
16. Identity Data Architectures
Build a Data Architecture
Processes Link Identities
Data Categorization
Identity Data Structure and Metadata
Exchanging Identity Data
Principles for Identity Data
Conclusion
17. Interoperability Frameworks for Identity
Principles of a Good IF
Contents of an Identity IF
Example Interoperability Framework
A Word of Warning
Conclusion
18. Identity Policies
The Policy Stack
Attributes of a Good Identity Policy
Determining Policy Needs
Writing Identity Policies
An Identity Policy Suite
Assessing Identity Policies
Enforcement
Procedures
Conclusion
19. Identity Management Reference Architectures
Reference Architectures
Benefits and Pitfalls
Reference Architecture Best Practices
Using a Reference Architecture
Components of a Reference Architecture
Technical Position Statements
Consolidated Infrastructure Blueprint
System Reference Architectures
Conclusion
20. Building an Identity Management Architecture
Scoping the Process
Which Projects Are Enterprise Projects?
Sequencing the IMA Effort
A Piece at a Time
Conclusion: Dispelling IMA Myths
Index
商品描述(中文翻譯)
**描述:**
在過去十年中,基於網路的自動化服務的興起無疑改變了企業的運作方式,但並不總是朝著更好的方向發展。提供服務、進行交易和在網路上移動數據開啟了新的機會,但許多首席技術官(CTO)和首席資訊官(CIO)更關心的是風險。就像中世紀城市的統治者一樣,他們採取了圍城的心態,建立牆壁以阻擋壞人。這雖然形成了一個安全的周邊,但卻阻礙了商業的流通。
幸運的是,一些企業開始重新思考如何提供安全性,以便與客戶、員工、合作夥伴和供應商的互動更加豐富和靈活。《數位身份》解釋了如何做到這一點。本書詳細介紹了一個重要概念,稱為「身份管理架構」(Identity Management Architecture, IMA):這是一種在提供充分保護的同時,讓好人能夠訪問重要信息和系統的方法。在當今以服務為導向的經濟中,數位身份就是一切。IMA是一套連貫的、企業範圍內的標準、政策、認證和管理活動,使像您這樣的公司能夠有效管理數位身份——不僅僅作為安全檢查,而是作為擴展服務和精確定位客戶需求的一種方式。
作者 Phil Windley 將 IMA 比作良好的城市規劃。城市定義用途和設計標準,以確保建築和城市服務的一致性和可行性。在這種背景下,單個建築——或系統架構——作為整體計劃的一部分運作。憑藉 Windley 在 Excite@Home.com 擔任產品開發副總裁和猶他州州長 Michael Leavitt 行政團隊的 CIO 的經驗,他提供了關於身份管理架構背後的概念、問題和技術的豐富現實觀點。
數位身份如何增加商業機會?Windley 最喜歡的例子是自動提款機(ATM)。有了 ATM,銀行現在可以提供全天候服務,同時服務更多客戶,並在各種新地點進行操作。這本引人入勝的書向 CIO、其他 IT 專業人員、產品經理和程式設計師展示了安全規劃如何支持商業目標和機會,而不是阻礙它們。
**目錄:**
**前言**
**序言**
**1. 介紹**
商業機會
數位身份的重要性
使用數位身份
身份的商業背景
數位身份的基礎技術
身份管理架構
**2. 定義數位身份**
數位身份的語言
物理世界中的身份場景
身份、安全性和隱私
數位身份的觀點
身份權力轉移
結論
**3. 信任**
什麼是信任?
信任與證據
信任與風險
聲譽與信任社群
結論
**4. 隱私與身份**
誰害怕 RFID?
隱私務實主義
隱私驅動因素
隱私審計
隱私政策資本主義
匿名性與假名性
隱私原則
前提條件
結論
**5. 數位身份生命周期**
供應
傳播
使用
維護
撤銷供應
結論
**6. 完整性、不可否認性與保密性**
完整性
不可否認性
保密性
結論
**7. 認證**
認證與信任
認證系統
認證系統屬性
結論
**8. 存取控制**
政策優先
授權模式
抽象授權架構
數位證書與存取控制
結論
**9. 名稱與目錄**
Utah.gov:命名與目錄
命名
目錄
聚合目錄信息
結論
**10. 數位權利管理**
數位洩漏
DRM 戰鬥
Apple iTunes:DRM 的案例研究
DRM 的特徵
DRM 參考架構
受信計算平台
指定權利
結論
**11. 互操作性標準**
標準與數位身份生命周期
完整性與不可否認性:XML 簽名
保密性:XML 加密
認證與授權聲明
示例 SAML 使用案例
身份供應
表示與管理授權政策
結論
**12. 聯邦身份**
集中式與聯邦身份
集中式效率的幻影
網路效應與數位身份管理
信用卡行業的聯邦
聯邦身份的好處
數位身份標準
三種聯邦模式
結論
**13. 數位身份架構**
身份管理架構
身份管理架構的好處
成功因素
障礙
身份管理架構組件
結論
**14. 治理與商業建模**
IMA 生命週期
IMA 治理模型
初步步驟
創建願景
IMA 治理角色
資源
外包內容
理解商業背景
商業功能矩陣
IMA 原則
結論
**15. 身份成熟度模型與流程架構**
成熟度等級
成熟度模型
在正確的時間採取正確的步驟
尋找身份流程
評估流程
實用行動計劃
用最佳實踐填補空白
結論
**16. 身份數據架構**
建立數據架構
流程連結身份
數據分類
身份數據結構與元數據
交換身份數據
身份數據原則
結論
**17. 身份的互操作性框架**
良好互操作性框架的原則
身份互操作性框架的內容
示例互操作性框架
警告
結論
**18. 身份政策**
政策堆疊
良好身份政策的屬性
確定政策需求
撰寫身份政策
身份政策套件
評估身份政策
執行
程序
結論
**19. 身份管理參考架構**
參考架構
好處與陷阱
參考架構最佳實踐
使用參考架構
參考架構的組件
技術立場聲明
整合基礎設施藍圖
系統參考架構
結論
