Muutke küpsiste eelistusi

Learning Digital Identity: Design, Deploy, and Manage Identity Architectures [Pehme köide]

4.67/5 (11 hinnangut Goodreads-ist)
  • Formaat: Paperback / softback, 469 pages, kõrgus x laius x paksus: 233x178x24 mm, kaal: 744 g
  • Ilmumisaeg: 24-Jan-2023
  • Kirjastus: O'Reilly Media
  • ISBN-10: 1098117697
  • ISBN-13: 9781098117696
Teised raamatud teemal:
  • Pehme köide
  • Hind: 54,01 €*
  • * hind on lõplik, st. muud allahindlused enam ei rakendu
  • Tavahind: 63,54 €
  • Säästad 15%
  • Raamatu kohalejõudmiseks kirjastusest kulub orienteeruvalt 2-4 nädalat
  • Kogus:
  • Lisa ostukorvi
  • Tasuta tarne
  • Tellimisaeg 2-4 nädalat
  • Lisa soovinimekirja
Learning Digital Identity: Design, Deploy, and Manage Identity ArchitecturesSuurem pilt
  • Formaat: Paperback / softback, 469 pages, kõrgus x laius x paksus: 233x178x24 mm, kaal: 744 g
  • Ilmumisaeg: 24-Jan-2023
  • Kirjastus: O'Reilly Media
  • ISBN-10: 1098117697
  • ISBN-13: 9781098117696
Teised raamatud teemal:
Püsilink: https://www.kriso.ee/db/9781098117696.html
Märksõnad:

Why is it difficult for so many companies to get digital identity right? If you're still wrestling with even simple identity problems like modern website authentication, this practical book has the answers you need. Author Phil Windley provides conceptual frameworks to help you make sense of all the protocols, standards, and solutions available and includes suggestions for where and when you can apply them.

By linking current social login solutions to emerging self-sovereign identity issues, this book explains how digital identity works and gives you a firm grasp on what's coming and how you can take advantage of it to solve your most pressing identity problems. VPs and directors will learn how to more effectively leverage identity across their businesses.

This book helps you:

  • Learn why functional online identity is still a difficult problem for most companies
  • Understand the purpose of digital identity and why it's fundamental to your business strategy
  • Learn why "rolling your own" digital identity infrastructure is a bad idea
  • Differentiate between core ideas such as authentication and authorization
  • Explore the properties of centralized, federated, and decentralized identity systems
  • Determine the right authorization methods for your specific application
  • Understand core concepts such as trust, risk, security, and privacy
  • Learn how digital identity and self-sovereign identity can make a difference for you and your organization

Foreword xiii
Preface xvii
1 The Nature of Identity
1(6)
A Bundle of Sticks?
2(1)
Identity Is Bigger Than You Think
3(1)
No Universal Identity Systems
4(1)
The Road Ahead
5(2)
2 Defining Digital Identity
7(12)
The Language of Digital Identity
8(3)
Identity Scenarios in the Physical World
11(1)
Identity, Security, and Privacy
11(1)
Digital Identity Perspectives
12(3)
Tiers of Identity
13(1)
Locus of Control
14(1)
Reimagining Decentralized and Distributed
15(3)
A Common Language
18(1)
3 The Problems of Digital Identity
19(8)
Tacit Knowledge and the Physical World
19(1)
The Proximity Problem
20(1)
The Autonomy Problem
21(1)
The Flexibility Problem
21(1)
The Consent Problem
22(1)
The Privacy Problem
22(1)
The (Lack of) Anonymity Problem
23(1)
The Interoperability Problem
24(1)
The Scale Problem
24(1)
Solving the Problems
25(2)
4 The Laws of Digital Identity
27(16)
An Identity Metasystem
28(1)
The Laws of Identity
29(10)
User Control and Consent
30(1)
Minimal Disclosure for a Constrained Use
31(1)
Justifiable Parties
32(2)
Directed Identity
34(1)
Pluralism of Operators and Technologies
35(1)
Human Integration
36(2)
Consistent Experience Across Contexts
38(1)
Fixing the Problems of Identity
39(4)
5 Relationships and Identity
43(12)
Identity Niches
44(2)
Relationship Integrity
46(1)
Relationship Life Span
47(3)
Anonymity and Pseudonymity
48(1)
Fluid Multi-Pseudonymity
49(1)
Relationship Utility
50(2)
Transactional and Interactional Relationships
52(2)
Promoting Rich Relationships
54(1)
6 The Digital Relationship Lifecyde
55(6)
Discovering
56(1)
Co-Creating
56(1)
Propagating
57(1)
Using
58(1)
Updating or Changing
59(1)
Terminating
59(1)
Lifecycle Planning
60(1)
7 Trust, Confidence, and Risk
61(12)
Risk and Vulnerability
63(2)
Fidelity and Provenance
65(1)
Trust Frameworks
66(2)
The Nature of Trust
68(1)
Coherence and Social Systems
69(2)
Trust, Confidence, and Coherence
71(2)
8 Privacy
73(26)
What Is Privacy?
73(4)
Communications Privacy and Confidentiality
75(1)
Information Privacy
76(1)
Transactional Privacy
76(1)
Correlation
77(1)
Privacy, Authenticity, and Confidentiality
78(2)
Functional Privacy
80(2)
Privacy by Design
82(6)
Principle 1 Proactive Not Reactive; Preventive Not Remedial
82(1)
Principle 2 Privacy as the Default Setting
83(1)
Principle 3 Privacy Embedded into Design
84(1)
Principle 4 Full Functionality---Positive-Sum, Not Zero-Sum
84(1)
Principle 5 End-to-End Security---Full Lifecycle Protection
85(1)
Principle 6 Visibility and Transparency---Keep It Open
85(3)
Principle 7 Respect for User Privacy---Keep It User-Centric
88(1)
Privacy Regulations
88(5)
General Data Protection Regulation
89(2)
California Consumer Privacy Act
91(1)
Other Regulatory Efforts
92(1)
The Time Value and Time Cost of Privacy
93(2)
Surveillance Capitalism and Web 2.0
95(1)
Privacy and Laws of Identity
96(3)
9 Integrity, Nonrepudiation, and Confidentiality
99(38)
Cryptography
100(8)
Secret Key Cryptography
101(1)
Public-Key Cryptography
102(1)
Hybrid Key Systems
103(2)
Public-Key Cryptosystem Algorithms
105(1)
Key Generation
106(1)
Key Management
106(2)
Message Digests and Hashes
108(2)
Digital Signatures
110(1)
Digital Certificates
111(12)
Certificate Authorities
117(1)
Certificate Revocation Lists
118(2)
Public-Key Infrastructures
120(3)
Zero-Knowledge Proofs
123(5)
ZKP Systems
125(1)
Noninteractive ZKPs
126(2)
Blockchain Basics
128(7)
Decentralized Consensus
128(1)
Byzantine Failure and Sybil Attacks
129(1)
Building a Blockchain
130(3)
Other Ways of Countering Sybil Attacks
133(1)
Classifying Blockchains
133(1)
Should You Use a Blockchain?
134(1)
The Limitations of PKI
135(2)
10 Names, Identifiers, and Discovery
137(24)
Utah.gov: A Use Case in Naming and Directories
137(2)
Naming
139(6)
Namespaces
140(2)
Identifiers
142(3)
Zooko's Triangle
145(1)
Discovery
145(8)
Directories
146(3)
Domain Name System
149(1)
WebFinger
150(3)
Heterarchical Directories
153(7)
Personal Directories and Introductions
154(1)
Distributed Hash Tables
155(2)
Using Blockchains for Discovery
157(3)
Discovery Is Key
160(1)
11 Authentication and Relationship Integrity
161(28)
Enrollment
162(1)
Identity Proofing
162(1)
Biometric Collection
163(1)
Attribute Collection
163(1)
Authentication Factors
163(4)
Knowledge Factor: Something You Know
164(1)
Possession Factor: Something You Have
165(1)
Inherence Factor: Something You Are
166(1)
Behavior Factor: Something You Do
166(1)
Location Factor: Somewhere You Are
166(1)
Temporal Factor: Some Time You're In
167(1)
Authentication Methods
167(11)
Identifier Only
168(2)
Identifier and Authentication Factors
170(3)
Challenge-Response Systems
173(5)
Token-Based Authentication
178(1)
Classifying Authentication Strength
178(5)
The Authentication Pyramid
179(4)
Authentication Assurance Levels
183(1)
Account Recovery
183(2)
Authentication System Properties
185(3)
Practicality
186(1)
Appropriate Level of Security
186(1)
Locational Transparency
186(1)
Integrable and Flexible
187(1)
Appropriate Level of Privacy
187(1)
Reliability
187(1)
Auditability
187(1)
Manageability
188(1)
Federation Support
188(1)
Authentication Preserves Relationship Integrity
188(1)
12 Access Control and Relationship Utility
189(16)
Policy First
190(3)
Responsibility
191(1)
Principle of Least Privilege
192(1)
Accountability Scales Better Than Enforcement
192(1)
Authorization Patterns
193(6)
Mandatory and Discretionary Access Control
193(1)
User-Based Permission Systems
194(2)
Access Control Lists
196(1)
Role-Based Access Control
196(2)
Attribute- and Policy-Based Access Control
198(1)
Abstract Authorization Architectures
199(1)
Representing and Managing Access Control Policies
200(3)
Handling Complex Policy Sets
203(1)
Digital Certificates and Access Control
204(1)
Maintaining Proper Boundaries
204(1)
13 Federated Identity---Leveraging Strong Relationships
205(34)
The Nature of Federated Identity
207(1)
SSO Versus Federation
208(1)
Federation in the Credit Card Industry
209(1)
Three Federation Patterns
210(6)
Pattern 1 Ad Hoc Federation
210(1)
Pattern 2 Hub-and-Spoke Federation
211(2)
Pattern 3 Identity Federation Network
213(3)
Addressing the Problem of Trust
216(1)
Network Effects and Digital Identity Management
217(1)
Federation Methods and Standards
218(18)
SAML
218(4)
SAML Authentication Flow
222(2)
SCIM
224(2)
OAuth
226(8)
OpenID Connect
234(2)
Governing Federation
236(1)
Networked Federation Wins
237(2)
14 Cryptographic Identifiers
239(22)
The Problem with Email-Based Identifiers
240(1)
Decentralized Identifiers
241(7)
DID Properties
241(1)
DID Syntax
242(1)
DID Resolution
243(1)
DID Documents
244(2)
Indirection and Key Rotation
246(2)
Autonomic Identifiers
248(11)
Self-Certification
248(2)
Peer DIDs
250(6)
Key Event Receipt Infrastructure
256(2)
Other Autonomic Identifier Systems
258(1)
Cryptographic Identifiers and the Laws of Identity
259(2)
15 Verifiable Credentials
261(28)
The Nature of Credentials
262(3)
Roles in Credential Exchange
263(1)
Credential Exchange Transfers Trust
264(1)
Verifiable Credentials
265(2)
Exchanging VCs
267(4)
Issuing Credentials
268(1)
Holding Credentials
269(1)
Presenting Credentials
269(2)
Credential Presentation Types
271(7)
Full Credential Presentation
271(4)
Derived Credential Presentation
275(3)
Answering Trust Questions
278(1)
The Properties of Credential Exchange
279(2)
VC Ecosystems
281(3)
Alternatives to DIDs for VC Exchange
284(2)
A Marketplace for Credentials
286(1)
VCs Expand Identity Beyond Authn and Authz
287(2)
16 Digital Identity Architectures
289(12)
The Trust Basis for Identifiers
290(1)
Identity Architectures
291(6)
Administrative Architecture
292(1)
Algorithmic Architecture
293(2)
Autonomic Architecture
295(2)
Algorithmic and Autonomic Identity in Practice
297(1)
Comparing Identity Architectures
298(1)
Power and Legitimacy
299(1)
Hybrid Architectures
300(1)
17 Authentic Digital Relationships
301(16)
Administrative Identity Systems Create Anemic Relationships
302(3)
Alternatives to Transactional Relationships
305(2)
The Self-Sovereign Alternative
307(3)
Supporting Authentic Relationships
310(4)
Disintermediating Platforms
310(2)
Digitizing Auto Accidents
312(2)
Taking Our Rightful Place in the Digital Sphere
314(3)
18 Identity Wallets and Agents
317(22)
Identity Wallets
318(2)
Platform Wallets
320(2)
The Roles of Agents
322(1)
Properties of Wallets and Agents
323(1)
SSI Interaction Patterns
324(8)
DID Authentication Pattern
324(2)
Single-Party Credential Authorization Pattern
326(2)
Multiparty Credential Authorization Pattern
328(2)
Revisiting the Generalized Authentic Data Transfer Pattern
330(2)
What If I Lose My Phone?
332(4)
Step 1 Alice Revokes the Lost Agents Authorization
333(1)
Step 2 Alice Rotates Her Relationship Keys
333(1)
What Alice Has Protected
334(1)
Protecting the Information in Alice's Wallet
334(1)
Censorship Resistance
335(1)
Web3, Agents, and Digital Embodiment
336(3)
19 Smart Identity Agents
339(22)
Self-Sovereign Authority
339(4)
Principles of Self-Sovereign Communication
342(1)
Reciprocal Negotiated Accountability
342(1)
DID-Based Communication
343(2)
Exchanging DIDs
345(1)
DIDComm Messaging
346(4)
Properties of DIDComm Messaging
347(1)
Message Formats
348(2)
Protocological Power
350(3)
Playing Tic-Tac-Toe
350(2)
Protocols Beyond Credential Exchange
352(1)
Smart Agents and the Future of the Internet
353(1)
Operationalizing Digital Relationships
354(4)
Multiple Smart Agents
356(1)
Realizing the Smart Agent Vision
357(1)
Digital Memories
358(3)
20 Identity on the Internet of Things
361(24)
Access Control for Devices
362(5)
Using OAuth with Devices
364(1)
OAuth's Shortcomings for the IoT
364(3)
The CompuServe of Things
367(3)
Online Services
367(1)
Online 2.0: The Silos Strike Back
368(1)
A Real, Open Internet of Things
369(1)
Alternatives to the CompuServe of Things
370(3)
The Self-Sovereign Internet of Things
373(5)
DID Relationships for IoT
374(1)
Use Case 1 Updating Firmware
374(1)
Use Case 2 Proving Ownership
375(1)
Use Case 3 Real Customer Service
376(2)
Relationships in the SSIoT
378(5)
Multiple Owners
380(1)
Lending the Truck
381(1)
Selling the Truck
381(2)
Unlocking the SSIoT
383(2)
21 Identity Policies
385(16)
Policies and Standards
385(1)
The Policy Stack
386(1)
Attributes of a Good Identity Policy
387(1)
Recording Decisions
388(1)
Determining Policy Needs
389(4)
Business-Inspired Projects and Processes
389(1)
Security Considerations
390(1)
Privacy Considerations
391(1)
Information Governance
391(1)
Meeting External Requirements
392(1)
Feedback on Existing Policies
392(1)
Writing Identity Policies
393(1)
Policy Outline
394(1)
The Policy Review Framework
395(1)
Assessing Identity Policies
396(1)
Enforcement
397(1)
Procedures
398(1)
Policy Completes the System
399(2)
22 Governing Identity Ecosystems
401(16)
Governing Administrative Identity Systems
402(1)
Governing Autonomic Identity Systems
403(2)
Governing Algorithmic Identity Systems
405(2)
Governance in a Hybrid Identity Ecosystem
407(2)
Governing Individual Identity Ecosystems
409(5)
Credential Fidelity and Confidence
410(1)
Credential Provenance and Trust
410(3)
Domain-Specific Trust Frameworks
413(1)
The Legitimacy of Identity Ecosystems
414(3)
23 Generative Identity
417(16)
A Tale of Two Metasystems
418(4)
The Social Login Metasystem
418(2)
The Self-Sovereign Identity Metasystem
420(2)
Generativity
422(1)
The Self-Sovereign Internet
423(5)
Properties of the Self-Sovereign Internet
425(2)
The Generativity of the Self-Sovereign Internet
427(1)
Generative Identity
428(4)
The Generativity of Credential Exchange
429(2)
Self-Sovereign Identity and Generativity
431(1)
Our Digital Future
432(1)
Index 433
Phil Windley is a Principal Engineer in the Office of Information Technology at Brigham Young University. He was the Founding Chair of the Sovrin Foundation, serving from 2016 to 2020. He is also the co-founder and organizer of the Internet Identity Workshop, one of the world's most important and long-lived identity conferences. Phil writes the popular Technometria blog, and is the author of the books The Live Web (Course Technology, 2011) and Digital Identity (O'Reilly Media, 2005). Phil has served on the Boards of Directors and Advisory Boards for several high-tech companies. Phil has been a professor of Computer Science at Brigham Young University (twice) and the University of Idaho. In addition, Phil was the Founder and Chief Technology Officer of Kynetx, the company behind the open-source connected-car product, Fuse. He also spent two years as the Chief Information Officer (CIO) for the State of Utah in 2001-2002, serving on Governor Mike Leavitt's Cabinet and as a member of his Senior Staff. Before entering public service, Phil was Vice President for Product Development and Operations at Excite@Home. He was the Founder and Chief Technology Officer (CTO) of iMALL, Inc. an early creator of ecommerce tools. Phil received his Ph.D. in Computer Science from University of California, Davis in 1990.