The life cycle management of a person's identity includes the technologies used for provisioning and password resets, the processes and policies associated with different technologies, and the important events that happen around the management issues of a person's identity. This chapter will discuss the entire process in managing the life cycle of identities using scenarios in illustrating how life cycle management is being used in handling the different activities in IAM.
TopIntroduction
A person’s Identity Life Cycle Management (ILM) requires a complete security policies, processes, and technologies in managing a person’s identity over a long period of time. It utilises different processes and policies associated with different technologies used for provisioning, audit, governance, synchronisation across different platforms, and ongoing management of user credentials, entitlements and password establishments.
The life cycle of a person’s identity encompasses the entire lifespan of a person’s need to access critical data, applications and other resources so as for the person to effectively perform tasks and accomplish some kind of business objectives in a particular system.
Design questions for ILM may consist of the following:
- •
Who decides what access a user needs;
- •
How easy should it be for a user to reset a password;
- •
How to implement different levels of authentication for highly sensitive information; and
- •
When and how do we disable a person’s identity.
There are policy issues to be considered apart from the processing issues in dealing with the management of the life cycle of identities. Rules and policies shall be appropriately set up so as to ensure a person has the necessary access facility and rights at different times and locations while logging, monitoring and restricting access to enforce appropriate security and protect the organisation from intrusions and frauds. ILM addresses the need for decommissioning, or removing, access when a person leaves the organisation or changes roles within the organisation.
ILM policies need to address the tasks associated with provisioning access to information resources. Personal identities for people such as new customers, employees, or business partners are highly visible and frequently repeated tasks like password resets, moves and changes must be securely and efficiently dealt with to safeguard commercial transactions done over the Internet from using stolen people’s identity.
Chapters 1 and 2 have discussed different techniques and technologies which are employed in overcoming the challenges of managing and sharing digital identities. For example, identity federation allows trusted parties to share digital IDs in support of SSO to gain access to more than one network system. The federated model relies on SAML to achieve interoperability across different vendor platforms that provide authentication and authorisation services.
In this chapter, the readers shall learn about the importance of managing a person’s identity life cycle, which covers the entire process of identity management over time. This chapter will include different scenarios to illustrate how the life cycle management is used to manage the different activities of IAM.
TopA Brief History Of Identity Life Cycle Management
The topic of personal Identity life cycle did not gain much attention in the research community until 2006 when Quinn et al. (MacGregor et al., 2006) formed a set of models or “planes” representing different projections of the Identity Credential Ontology (ICO).
The ICO uses the following planes to describe various functionalities in IAM: