Copyright
Syngress is an imprint of Elsevier
The Boulevard, Langford Lane, Kidlington, Oxford, OX5 1GB, UK
225 Wyman Street, Waltham, MA 02451, USA
First published 2013
Copyright 2013 Elsevier Inc. All rights reserved.
No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or any information storage and retrieval system, without permission in writing from the publisher. Details on how to seek permission, further information about the Publishers permissions policies and our arrangement with organizations such as the Copyright Clearance Center and the Copyright Licensing Agency, can be found at our website: www.elsevier.com/permissions
This book and the individual contributions contained in it are protected under copyright by the Publisher (other than as may be noted herein).
Notices
Knowledge and best practice in this field are constantly changing. As new research and experience broaden our understanding, changes in research methods, professional practices, or medical treatment may become necessary.
Practitioners and researchers must always rely on their own experience and knowledge in evaluating and using any information, methods, compounds, or experiments described herein. In using such information or methods they should be mindful of their own safety and the safety of others, including parties for whom they have a professional responsibility.
To the fullest extent of the law, neither the Publisher nor the authors, contributors, or editors, assume any liability for any injury and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of any methods, products, instructions, or ideas contained in the material herein.
British Library Cataloguing in Publication Data
A catalogue record for this book is available from the British Library
Library of Congress Cataloging-in-Publication Data
A catalog record for this book is available from the Library of Congress
ISBN: 978-0-12-407189-6
For information on all Syngress publications visit our website at store.elsevier.com
This book has been manufactured using Print On Demand technology. Each copy is produced to order and is limited to black ink. The online version of this book will show color figures where appropriate.
Preface
The concept of federated identity is nothing new. In fact, it has been around a long time. It just never really caught on, partially because its usage scenarios were limited. But, that has changed. Now with the increased usage of cloud and Internet-based applications, federated identity has started to gain a lot of traction. Instances of federated identity are popping up all over the IT landscape. Not only is it being used on the Internet, but it is also being used within enterprises and other organizations. If you havent come across an instance of federated identity yet, you most likely will in the very near future.
What to Expect from this Book
The purpose of this book is to provide you with a general introduction to federated identity. We will talk about federated identity and the technologies used to implement it. We will not discuss actual implementation details, but we will cover all the basics you need to know in order to get started using and implementing federated identity.
We will start in by going over the concept of identity. Identity can mean a lot of things. Well briefly cover physical identity just to give you a little background. Then well get into digital identity. Well go over what your digital identity can be used for and why it should be protected. Finally, in this chapter we will introduce what I call the Internet Identity Problem. Well talk about the problem and how federated identity can be used to solve it.
In , well start by giving a little background info and common terminology used when talking about identity management and federated identity. We will give some background on authentication, authorization, and access control. Understanding these concepts helps lay the foundation for understanding how federated identity is established and implemented. Then, we will start talking about federated identity and why you would want to use it.
In , we will dive into technology. There are many different methods for implementing federated identity. But, most of these methods share common technologies and protocols. This chapter will go over some of those common technologies and protocols. Once you have a good understanding of these technologies, it will make it a little easier for you to understand the different federated identity methodologies.
In , we will discuss some of the deployment options. There are cloud-based deployment options and on-premise options. Well talk about some of the things you should consider when making your decision regarding which solution to use. We will also cover two of the more commonly used solutions: ADFS 2.0 and Access Control Services.
Chapter 1
Introduction to Identity
Information in this chapter:
What Is Identity?
The Internet Identity Problem
1.1. Introduction
Before we get into federated identity, lets just talk for a minute about identity itself. After all, if you dont understand identity, how can you understand federated identity? Identity may seem like a straightforward concept, but its actually a little more complicated than people think. What makes it so complicated is the fact that someones overall identity encompasses a lot more factors than you might first think. My goal in this chapter is to make sure you have a good understanding of what these factors are and how they come into play. Once you understand the overall concept of identity, then we will talk about what I call the Internet identity problem. The Internet identity problem is probably why you bought this book in the first place. You are being faced with the problem, and you are hoping that federated identity is the answer.
When breaking down the concepts, it becomes apparent that we cannot fully understand federated identity until we understand identity itself. This is why this chapter is so important. So, you need to make sure that you have a good understanding of the information in this chapter before you move onto the next one. It will make the subsequent concepts a lot easier to understand.
1.2. What Is Identity?
To put it succinctly, your identity is the set of characteristics that make you who you are. To understand the concept a little easier, we will break your identity up into two categories: your physical identity and your digital identity. This book focuses on what is considered digital identity. But, before we can talk about that, well quickly review physical identity so we can draw analogies between physical and digital identity concepts throughout the remainder of this text. Once we paint a clear picture of what physical identity is, its main characteristics, and how it is used, we will relate them to their digital equivalents. Although physical identity and digital identity refer to two different things, the fundamental concepts are the same. Getting a good grasp on the concept of physical identity will help you get a better grasp on the concept of digital identity much more quickly.