Additional terms are used synonymously with "identity-management system" include:
- Access-governance system
- Identity and access management system
- Entitlement-management system
- User provisioning system
Identity management, otherwise known as identity and access management (IAM) is an identity security framework that works to authenticate and authorize user access to resources such as applications, data, systems, and cloud platforms. It seeks to ensure only the right people are being provisioned to the right tools, and for the right reasons. As our digital ecosystem continues to advance, so does the world of identity management.
"Identity management" and "access and identity management" (or AIM) are terms that are used interchangeably under the title of identity management while identity management itself falls under the umbrella of IT security and information privacy and privacy risk as well as usability and e-inclusion studies.
There are three components of Identity and Access Management (IAM):
- Access management/Single sign-on to verify users’ identities before they can access the network and applications
- Identity governance to ensure that user access is being granted according to appropriate access policies for onboarding and role/responsibility changes
- Privileged access management to control and monitor access to highly privileged accounts, applications and system assets
These technologies can be combined using identity governance, which provides the foundation for automated workflows and processes.
Modes of identity management
Identity is conceptualized in three different modes, according to an analysis:from the FIDIS Network of Excellence:
- Idem-identity: A third-person (i.e., objectified) attribution of sameness. Such an objectified perspective can not only be taken towards others but also towards oneself.
- Ipse-identity: The ipse-identity perspective is the first-person perspective on what constitutes oneself as a continuous being (idem) in the course of time, while experiencing multiplicity and difference in the here and now.
- me-identity: The ‘me’ (G. H. Mead) is the organised set of attitudes of others which one assumes. It is coconstituted by the ‘I’, the first person perspective, which incorporates the variety of third person perspectives it encounters and develops. Thus, the ‘me’ is continuously reconstituted in the face of changing third person perspectives on the self.
In Bertino's and Takahashi's textbook, three categories of identity are defined that are to a degree overlapping with the FIDIS identity concepts:
- ”Me-Identity”: What I define as identity
- ”Our-Identity”: What others and I define as identity
- ”Their-Identity”: What others define as my identity
Purposes for using identity management systems
Identity management systems are concerned with the creation, the administration and the deployment of:
- Identifiers: Data used to identify a subject.
- Credentials: Data providing evidence for claims about identities or parts thereof.
- Attributes: Data describing characteristics of a subject.
The purposes of identity management systems are:
- Identification: Who is the user – used on logon or database lookup
- Authentication: Is this the real user? Systems needs to provide evidence!
- Authorization and non-repudiation: Authorization of documents or transaction with e-ID and most often with digital signature based on e-ID. Generates non-repudiation and receipts.
Identity-management systems, products, applications, and platforms are commercial Identity-management solutions implemented for enterprises and organizations.
Technologies, services, and terms related to identity management include Microsoft Windows active directory, service providers, identity providers, Web services, access control, digital identities, password managers, single sign-on, security tokens, security token services (STS), workflows, OpenID, WS-Security, WS-Trust, SAML 2.0, OAuth, and RBAC.
Electronic identity management
This article's factual accuracy may be compromised due to out-of-date information. (January 2012)
In general, electronic IdM can be said to cover the management of any form of digital identities. The focus on identity management goes back to the development of directories, such as X.500, where a namespace serves to hold named objects that represent real-life "identified" entities, such as countries, organizations, applications, subscribers or devices. The X.509 ITU-T standard defined certificates carried identity attributes as two directory names: the certificate subject and the certificate issuer. X.509 certificates and PKI systems operate to prove the online "identity" of a subject. Therefore, in IT terms, one can consider identity management as the management of information (as held in a directory) that represents items identified in real life (e.g. users, organizations, devices, services, etc.). The design of such systems requires explicit information and identity engineering tasks.
The evolution of identity management follows the progression of Internet technology closely. In the environment of static web pages and static portals of the early 1990s, corporations investigated the delivery of informative web content such as the "white pages" of employees. Subsequently, as the information changed (due to employee turnover, provisioning and de-provisioning), the ability to perform self-service and help-desk updates more efficiently morphed into what became known as Identity Management today[update].
Typical identity management functionality includes the following:
- Access control
- Cloud computing
- Digital identity management
- Password manager
- Workflow automation
- Single sign-on
- Security Token Service
- Role based access control
- Risk management
Identity management also addresses the age-old 'N+1' problem — where every new application may entail the setting up of new data stores of users. The ability to centrally manage the provisioning and de-provisioning of identities, and consolidate the proliferation of identity stores, all form part of the identity-management process.
Solutions which fall under the category of identity management may include:
Management of identities
- Provisioning/De-provisioning of accounts
- Workflow automation
- Delegated administration
- Password synchronization
- Self-service password reset
- Password manager
- Single sign-on (SSO)
- Web single sign-on (Web SSO)
- Role-based access control (RBAC)
- Attribute based access control (ABAC)
- x.500 and LDAP
- Microsoft Active Directory
- NetIQ eDirectory
- Identity repository (directory services for the administration of user account attributes)
- Metadata replication/Synchronization
- Directory virtualization (Virtual directory)
- e-Business scale directory systems
- Next-generation systems - Composite Adaptive Directory Services (CADS) and CADS SDP
- Federation of user access rights on web applications across otherwise untrusted networks
- Directory-enabled networking and 802.1X EAP
- SAML 2.0
- Liberty Alliance — A consortium promoting federated identity management
- Shibboleth (Internet2) — Identity standards targeted towards educational environments
- Global Trust Center
- Central Authentication Service
- Identity verification service
- Light-weight Identity (LID)
- Metadirectory and Virtual directory
- Network Information Service (NIS)
- Privacy enhancing technologies (PET)
- Self-sovereign identity
- User profile
- Windows CardSpace
- XML Enabled Directory
- "What Is Identity Management and Access Control? | Okta". www.okta.com. Retrieved 2020-11-22.
- "History of Identity Management". www.sailpoint.com. SailPoint Technologies. Retrieved 12 May 2021.
- "Identity management as a component of IT Security".
- Rannenberg, Kai; Royer, Denis; Deuker, André, eds. (2009). The Future of Identity in the Information Society. Berlin, Heidelberg: Springer Berlin Heidelberg. doi:10.1007/978-3-642-01820-6. ISBN 978-3-540-88480-4.
- Fritsch, Lothar (March 2013). "The Clean Privacy Ecosystem of the Future Internet". Future Internet. 5 (1): 34–45. doi:10.3390/fi5010034.
- Paintsil, Ebenezer; Fritsch, Lothar (2013), "Executable Model-Based Risk Analysis Method for Identity Management Systems: Using Hierarchical Colored Petri Nets", Trust, Privacy, and Security in Digital Business, Springer Berlin Heidelberg, pp. 48–61, doi:10.1007/978-3-642-40343-9_5, ISBN 978-3-642-40342-2
- Fritsch, Lothar; Fuglerud, Kristin Skeide; Solheim, Ivar (2010-12-01). "Towards inclusive identity management". Identity in the Information Society. 3 (3): 515–538. doi:10.1007/s12394-010-0075-6. ISSN 1876-0678.
- Røssvoll, Till Halbach; Fritsch, Lothar (2013). Kurosu, Masaaki (ed.). "Trustworthy and Inclusive Identity Management for Applications in Social Media". Human-Computer Interaction. Users and Contexts of Use. Lecture Notes in Computer Science. Springer Berlin Heidelberg. 8006: 68–77. doi:10.1007/978-3-642-39265-8_8. ISBN 978-3-642-39265-8.
- "What Is Identity and Access Management?". www.sailpoint.com. SailPoint Technologies. Retrieved 12 May 2021.
- Hildebrandt, M., Koops, E. J., & de Vries, K. (2008). D7.14a: Where idem-identity meets ipse-identity: Conceptual explorations. Brussel: FIDIS.http://www.fidis.net/fileadmin/fidis/deliverables/fidis-WP7-del7.14a-idem_meets_ipse_conceptual_explorations.pdf, accessed 2019-12-09
- Bertino, Elisa. (2010). Identity Management : concepts, technologies, and systems. Takahashi, Kenji. Boston, MA: Artech House. ISBN 978-1-60807-039-8. OCLC 700220032.
- "FREE Verification App for 4.2 Billion Online Users".
- "Identity management security".