On Oct-2009, a new book titled "Identity Management" has been published. This book is the first IT security book that addresses the "Identity Management" in all aspects of this subject.
I am one of the authors of the book that covers the latest use cases and examples from our experience at Identity Management deployments at different organizations.
ISBN-10: 158347093X
ISBN-13: 978-1583470930
http://www.amazon.com/Identity-Management-Primer-Graham-Williamson/dp/158347093X/ref=sr_1_1?ie=UTF8&s=books&qid=1256845751&sr=8-1
http://www.flipkart.com/identity-management-david-kibble-ilan/158347093x-xsx3f0gocc
http://search.barnesandnoble.com/booksearch/results.asp?ATH=Ilan+Sharoni
http://www.mc-store.com/5109.html
http://www.ipgbook.com/showbook.cfm?bookid=158347093X&userid=54967A21-803F-2B7A-70AC5AD06D42D3A5
http://www.allbookstores.com/book/158347093X
http://www.infibeam.com/Books/info/david-kibble/identity-management-primer/9781583470930.html
http://www.borders.com/online/store/TitleDetail?sku=158347093X
http://www.ipgbook.com/showbook.cfm?bookid=158347093X&userid=A1DEA163-3048-6445-43B8D3CAFEB7D216
Content of “Identity Management” book (ISBN: 9781583470930)
Identity
1. What Are the Components of a Person’s Identity?
2. So Where Does Privacy Fit In?
3. Privacy Rules
4. Is This Where a “Trusted Third Party” Fits In?
5. Where Do Roles Fit Into the Concept of an Identity?
6. Can I Have Multiple Identities in an Identity Management Environment?
7. Discussion Questions
8. Case Study
Managing Identities and Identity Stores
1. Identities and User Accounts
2. What Is an Identity Store?
3. Why Multiple Stores Are a Fact of Life
4. Strategies for Multiple-Store Environments
5. Managing Roles
6. Role Modeling
7. Delegated Administration and Self-Service
8. Discussion Questions
9. Case Study
Directories
1. Schemas and Namespace Planning
2. The Power of a DIT
3. Issues to Be Aware Of
4. Authoritative Sources
5. Directory and Database Design
6. Virtual Directory
7. The “M” Word
8. Discussion Questions
9. Case Study
Authentication and Access Control
1. Methods of Authentication
2. Levels of Authentication
3. Authentication Assurance Levels
4. Registration Assurance Levels
5. Access Control
6. Single Sign-On
7. Discussion Questions
8. Case Study
Provisioning
1. The Mark of a Robust Process
2. Zero-Day Start
3. Business System Issues
4. Workflow
5. The Role of Roles
6. The Benefits of Roles
7. Automating a Provisioning System
8. Sequential and Parallel Authorization
9. Discussion Questions
10. Case Study
Role-Based Access Control
1. Why Is RBAC Important?
2. How Should RBAC Be Implemented?
3. How Many Roles Should There Be?
4. How Do You Handle Exceptions?
5. Role Discovery
6. A Word of Caution
7. Discussion Questions
8. Case Study
Single Sign-on and Federated Authentication
1. Single Sign-on for the Enterprise
2. ESSO
3. SSO Sessions
4. Web SSO
5. The Use of Proxies and Agents
6. A Word About Policy Enforcement
7. Federated Authentication
8. WAYFs and Other Things
9. What Are the Pitfalls?
10. Discussion Questions
11. Case Study
Governance, Risk, and Compliance
1. HR Pattern-based Auditing
2. Pattern Reporting
3. Business Policies (IT Controls and SoD Rules)
4. Best Practices for System Cleansing and Auditing
5. Sample Graphs
6. Federated Authentication Auditing
7. Discussion Questions
8. Case Study
Implementation and Roadmap
1. Getting Started
2. Engage the Sponsor and Identify the Stakeholders
3. Evaluate Business Needs
4. Evaluate the Existing IT Environment
5. Perform Gap Analysis
6. List and Evaluate Possible Technical Solutions
7. Risk Analysis
8. Create a Roadmap
9. Consider an RFP Process Based on Your Findings
10. Setting Out
11. Physical Implementation
12. Typical Project Structure
13. A Risk Assessment Template
14. Sample Roadmap
15. Navigating the Political Landscape
16. Involving the Stakeholders
17. Challenges - Budget, Budget, Budget
18. Challenges - Skilled Resources
19. Challenges - Corporate Structure and Governance Model
20. Challenges - Vendor “Churn”
21. Challenges - The Games Vendors Play
22. Challenges - The Importance of Project Management
23. Discussion Questions
24. Case Study
Public Key Infrastructure
1. Why Do We Need PKI?
2. How Does PKI Work?
3. How Is PKI Used?
4. The Components
5. Implementation Considerations
6. Storage Device Production
7. A Final Comment
8. Discussion Questions
9. Case Study
Electronic Identity Smartcards
1. History
2. Interoperability
3. Privacy
4. Deployment Issues
5. An Ideal Platform
6. Discussion Questions
7. Case Study
Appendix A - Case Scenario
Appendix B – Standards
Appendix C – Glossary
Appendix D - Public Key Cryptography Standards
Appendix E - X.509 Specification
Appendix F - Key Lengths
