Identity management system

An identity management system refers to an information system, or to a set of technologies that can be used for enterprise or cross-network Identity management.

Identity management (IdM) describes the management of individual identities, their authentication, authorization, roles, and privileges [1] within or across system and enterprise boundaries^[1] with the goal of increasing security and productivity while decreasing cost, downtime, and repetitive tasks.^[2]

"Identity Management" and "Access and Identity Management" (or AIM) are terms that are used interchangeably under the title of Identity management while Identity management itself falls the umbrella of IT Security.^[3]

Identity management systems, products, applications, and platforms are commercial Identity management solutions implemented for enterprises and organizations.

Technologies, services, and terms related to Identity management include Active Directories, Service Providers, Identity Providers, Web Services, Access control, Digital Identities, Password Managers, Single Sign-on, Security Tokens, Security Token Services (STS), Workflows, OpenID, WS-Security, WS-Trust, SAML 2.0, OAuth, and RBAC.^[4]

Electronic identity management

In general, electronic IdM can be said to cover the management of any form of digital identities. The focus on identity management goes back to the development of directories, such as X.500, where a namespace serves to hold named objects that represent real-life "identified" entities, such as countries, organizations, applications, subscribers or devices. The X.509 ITU-T standard defined certificates carried identity attributes as two directory names: the certificate subject and the certificate issuer. X.509 certificates and PKI systems operate to prove the online "identity" of a subject. Therefore, in IT terms, one can consider identity management as the management of information (as held in a directory) that represents items identified in real life (e.g. users, organizations, devices, services, etc.). The design of such systems requires explicit information and identity engineering tasks.

The evolution of identity management follows the progression of Internet technology closely. In the environment of static web pages and static portals of the early 1990s, corporations investigated the delivery of informative web content such as the "white pages" of employees. Subsequently, as the information changed (due to employee turnover, provisioning and de-provisioning), the ability to perform self-service and help-desk updates more efficiently morphed into what became known as Identity Management today^[update].

Typical identity management functionality includes the following:

• Access control
• Cloud computing

• Digital identity management

• Password manager
• Workflow automation
• Provisioning
• Single sign-on
• Security Token Service
• Role based access control
• Risk management

Identity management also addresses the age-old 'N+1' problem — where every new application may entail the setting up of new data stores of users. The ability to centrally manage the provisioning and de-provisioning of identities, and consolidate the proliferation of identity stores, all form part of the identity management process.

Solutions

Solutions which fall under the category of identity management may include:

Management of identities

• Active directory
• Provisioning/De-provisioning of accounts
• Workflow automation
• Delegated administration
• Password synchronization
• Self-service password reset

Access control

• Password manager
• Single sign-on (SSO)
• Web single sign-on (Web SSO)
• Role-based access control (RBAC)
• Attribute based access control (ABAC)

Directory services

• Identity repository (directory services for the administration of user account attributes)
• Metadata replication/Synchronization
• Directory virtualization (Virtual directory)
• e-Business scale directory systems
• Next-generation systems - Composite Adaptive Directory Services (CADS) and CADS SDP

Other categories

• Federation of user access rights on web applications across otherwise untrusted networks
• Directory-enabled networking and 802.1X EAP

Standards initiatives

• SAML 2.0
• OAuth
• OpenID
• Liberty Alliance — A consortium promoting federated identity management
• Shibboleth (Internet2) — Identity standards targeted towards educational environments
• Global Trust Center

List of Leading Identity management systems

• SailPoint^[5]

• Aveksa^[6]

• CA Technologies IdM^[7]
• Courion IdM^[8]

• e-trust HORACIUS^[9]

• EmpowerID IdM^[10]

• Hitachi ID IdM^[11]

• IBM Tivoli IdM^[12]

• Microsoft Forefront IM 2010

• i-Sprint AccessMatrix ^[13]

• Microsoft Active Directory in Windows Server^[14]

• Nakina Systems NI-Guardian^[15]

• Novell IdM^[16]

• Oracle IM 11g^[17]

• PortalGuard^[18]

• Quest One^[19]

• Sun Identity Manager (will be supported only up to 2014)

• TrewIDM ^[20]

Comparison of Leading Identity management systems

System	Account Provisioning/De-provisioning	Workflow automation	Delegated administration	Password sync	Self-service password reset	Policy-based access control	Enterprise Single sign-on (SSO)	Web single sign-on (Web SSO)	Identity repository/Directory Services	Metadata replication/Sync engine	Workflow application development
Aveksa	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
CA Tech IdM	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
Courion IdM	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	No
e-trust HORACIUS IdM	Yes	Yes	Yes	Yes	Yes	Yes	No	No	Yes	Yes	Yes
EmpowerID IdM	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
Hitachi ID IdM	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	No
IBM Tivoli IdM	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	No
Microsoft Active Directory	No	No	Yes	Yes between AD	No	Yes	Yes	Yes	Yes	No	No
MS FIM 2010	Yes	Yes	Yes	Yes	Yes	Yes	Yes	No	No	Yes	No
Novell IdM (Now NetIQ)	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
Nakina Systems IdM	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	No
Oracle IM	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
PortalGuard	No	No	Yes	Yes	Yes	Yes	Yes	Yes	Yes	No	No
Quest IdM	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
TrewIdM	Yes	Yes	Yes	Yes	Yes	Yes	No	Yes	Yes	Yes	Yes
Apache Syncope	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
System	Account Provisioning/De-provisioning	Workflow automation	Delegated administration	Password sync	Self-service password reset	Policy-based access control	Enterprise Single sign-on (SSO)	Web single sign-on (Web SSO)	Identity repository/Directory Services	Metadata replication/Sync engine	Workflow application development

See also

• Identity management
• Active directory

• Access control
• Lightweight Directory Access Protocol (LDAP)
• Light-Weight Identity (LID)
• Metadirectory and Virtual directory
• Network Information Service (NIS)
• OpenID
• Privacy enhancing technologies (PET)
• SAML 2.0
• Single sign-on (SSO)
• User profile
• Windows CardSpace
• XML Enabled Directory
• Yadis

References

1. "ABC’s of Identity Management". 
2. "Identity Management in an enterprise setting". 
3. "Identity management as a component of IT Security". 
4. "Identity management security". 
5. "SailPoint Identity Management Solutions". 
6. "Aveksa- Business-Driven Identity Management". 
7. "CA Identity Manager for Provisioning and Access". 
8. "Courion- Identity and Access Management". 
9. "e-trust HORACIUS Identity Assess Management". 
10. "EmpowerID- Identity Management built on a Business Automation (BPA) Platform". 
11. "Hitachi ID- Management Suite". 
12. "IBM Tivoli- Identity Manager software". 
13. "i-Sprint Identity and Access Management Solutions". 
14. "Microsoft Active Directory-specific Identity Management". 
15. "Nakina Systems NI-Guardian". 
16. "Novell- Identity Manager product". 
17. "Oracle- Identity Management 11g". 
18. "PortalGuard Security Platform". 
19. "Quest One- Identity Management Solutions". 
20. "TrewIDM".