O’Reilly news

"Digital Identity": Planning and Creating an Identity Management Architecture

September 8, 2005

Sebastopol, CA--The rise of network-based, automated services in the past decade has definitely changed the way businesses operate, and not always for the better. Offering services, conducting transactions, and moving data on the Web opens new opportunities, but many CTOs and CIOs are more concerned with the risks. Like the rulers of medieval cities, they've adopted a siege mentality, building walls to keep the bad guys out. It makes for a secure perimeter, but hampers the flow of commerce.

Fortunately, some corporations are beginning to rethink how they provide security, so that interactions with customers, employees, partners, and suppliers will be richer and more flexible. Digital Identity (O'Reilly, US $34.95) by Phillip J. Windley explains how to go about it. Drawing on his experience as CTO of iMall, Inc., VP of product development for Excite@Home, and CIO in Governor Michael Leavitt's administration in Utah, Windley provides a rich, real-world view of the concepts, issues, and technologies behind a key concept known as "identity management architecture" (IMA).

According to Windley, IMA is a method to provide ample protection against malicious attacks while giving good guys access to vital information and systems. In today's service-oriented economy, digital identity is critical: it provides a set of standards, policies, certifications, and management activities that enable companies to manage digital identity effectively--not just as a security check, but as a way to extend services and pinpoint the needs of customers.

The ATM machine is one of Windley's favorite examples of the way digital identity increases business. "Before ATMs were invented, a bank's customers took care of their banking needs by presenting pieces of paper to a human teller," recalls Windley. The papers included instructions to the bank, cash, checks, and other financial instruments. Unless the teller personally knew the customer, the customer also presented some kind of identity credential, such as a driver's license, that allowed the teller to verify the customer's identity and proceed with the transaction. "The ATM was possible only because banks created a means of identifying their customers digitally," explains Windley. "With the advent of a digital identity infrastructure, banks no longer needed a human in the loop to verify the customer's identity, allowing them to provide around-the-clock access to banking in a broad range of convenient locations.

In the foreword to the book, Jamie Lewis, CEO and research chair for the Burton Group, reflects on the importance of digital identity in the virtual world:

"The societal mores, legal structures, and commonly accepted business practices that govern everyday life in the physical world have evolved over thousands of years, and that evolution continues every day. But now we're in the process of translating those structures to the Internet, creating a new place where people can interact. That 'place' is radically different from the physical world, one where networked applications combine with ubiquitous connectivity to free transactions, communications, and other activities from physical constraints, thus, creating an entirely new set of activities."

Lewis adds, "When it comes to enabling a truly virtual world that can accommodate the breadth and depth of human endeavor, nothing is more important than identity."

Windley likens IMA to good city planning: cities define uses and design standards to ensure that buildings and city services are consistent and workable. In Digital Identity, CIOs, other IT professionals, product managers, and programmers will learn how security planning can support their business goals and opportunities, rather than holding them at bay.

Additional Resources:

Digital Identity
Phillip J. Windley
ISBN: 0-596-00878-3, 234 pages, $34.95 US, $48.95 CA
1-800-998-9938; 1-707-827-7000

About O’Reilly

O’Reilly Media spreads the knowledge of innovators through its books, online services, magazines, and conferences. Since 1978, O’Reilly Media has been a chronicler and catalyst of cutting-edge development, homing in on the technology trends that really matter and spurring their adoption by amplifying “faint signals” from the alpha geeks who are creating the future. An active participant in the technology community, the company has a long history of advocacy, meme-making, and evangelism.

Email a link to this press release