Identity management system

From Wikipedia, the free encyclopedia
Jump to: navigation, search

An identity management system refers to an information system, or to a set of technologies that can be used for enterprise or cross-network identity management.

Additional terms are used synonymously with "identity management system" including:

  • Access governance system
  • Identity and access management system
  • Entitlement management system
  • User provisioning system

Identity management (IdM) describes the management of individual identities, their authentication, authorization, roles, and privileges [1] within or across system and enterprise boundaries[1] with the goal of increasing security and productivity while decreasing cost, downtime, and repetitive tasks.[2]

"Identity Management" and "Access and Identity Management" (or AIM) are terms that are used interchangeably under the title of Identity management while Identity management itself falls the umbrella of IT Security.[3]

Identity management systems, products, applications, and platforms are commercial Identity management solutions implemented for enterprises and organizations.

Technologies, services, and terms related to Identity management include Active Directories, Service Providers, Identity Providers, Web Services, Access control, Digital Identities, Password Managers, Single Sign-on, Security Tokens, Security Token Services (STS), Workflows, OpenID, WS-Security, WS-Trust, SAML 2.0, OAuth, and RBAC.[4]

Electronic identity management[edit]

In general, electronic IdM can be said to cover the management of any form of digital identities. The focus on identity management goes back to the development of directories, such as X.500, where a namespace serves to hold named objects that represent real-life "identified" entities, such as countries, organizations, applications, subscribers or devices. The X.509 ITU-T standard defined certificates carried identity attributes as two directory names: the certificate subject and the certificate issuer. X.509 certificates and PKI systems operate to prove the online "identity" of a subject. Therefore, in IT terms, one can consider identity management as the management of information (as held in a directory) that represents items identified in real life (e.g. users, organizations, devices, services, etc.). The design of such systems requires explicit information and identity engineering tasks.

The evolution of identity management follows the progression of Internet technology closely. In the environment of static web pages and static portals of the early 1990s, corporations investigated the delivery of informative web content such as the "white pages" of employees. Subsequently, as the information changed (due to employee turnover, provisioning and de-provisioning), the ability to perform self-service and help-desk updates more efficiently morphed into what became known as Identity Management today.

Typical identity management functionality includes the following:

Identity management also addresses the age-old 'N+1' problem — where every new application may entail the setting up of new data stores of users. The ability to centrally manage the provisioning and de-provisioning of identities, and consolidate the proliferation of identity stores, all form part of the identity management process.

Solutions[edit]

Solutions which fall under the category of identity management may include:

Management of identities

Access control

Directory services

Other categories

Standards initiatives

Products[edit]

See also[edit]

References[edit]