| Page |
|
|
| 1 |
1. |
Introduction and Overview |
| 7 | 1.2 | The Nine Step Methodology for Identity based-security |
| 12 | 1.3 | Validating the Value Proposition of Vertical Integration of Identity Systems |
| 16 | 1.4 | Business Value of Vertical Integration of Identity Systems |
| 18 | 1.5 | Architecture of an Identity System |
| 18 | 1.5.1.1 | Access Management |
| 24 | 1.5.1.2 | Federation Management |
| 28 | 1.5.1.3 | Identity Repository |
| 30 | 1.5.1.4 | Identity Management and Auditing |
| 34 | 1.5.2 | Identity System and the Four Perspectives |
| 34 | 1.5.2.1 | Identity System?Data Model and Meta-Data |
| 37 | 1.5.2.2 | Identity System?Services |
| 41 | 1.5.2.3 | Identity System?Networking |
| 47 | 1.5.2.4 | Identity System?User Centricity |
| 49 | 1.6 | Identity Centric Architecture |
| 52 | 1.6.1 | Alignment for Agility |
| 57 | 1.6.1.3 | MDA enabling SOA (the second dimension) |
| 59 | 1.6.1.4 | EDA augmenting SOA (the third dimension) |
| 60 | 1.6.1.5 | CBA supplementing SOA (the fourth dimension) |
| 63 | 1.6.1.6 | UCA supporting SOA (the fifth dimension) |
| 67 | 1.6.1.7 | ICA extending SOA (the USER dimension) |
| 69 | 1.7 | Use Case |
| 81 | 1.8 | Key take-away |
| 82 | 1.9 | Organisation of the Book |
| 87 | 2. | Identity enabled NG Networks |
| 91 | 2.1 | Value Proposition of Integrating of WiFi & WiMAX with Identity |
| 93 | 2.2 | Integration Approaches |
| 93 | 2.2.1 | Typical WiMAX Architecture |
| 96 | 2.2.2 | Typical Wifi Architectures |
| 98 | 2.2.3 | Multi-Tier Network Identity Architectures |
| 107 | 2.4 | Wire-line Access Networks |
| 110 | 2.3 | Standards for a Converged 4G Network |
| 117 | 2.3.1 | Identity to the Rescue |
| 117 | 2.4 | Conclusion |
| 121 | 3. | Identity enabled Sensor Networks |
| 121 | 3.1 | Introduction and Overview |
| 122 | 3.2 | Sensor Networks |
| 124 | 3.2.1 | What is a Sensor Network? |
| 127 | 3.2.2 | Applications and capabilities of this technology |
| 129 | 3.2.2.1 | Sample Use cases of Sensors in conjunction with user?s Identity |
| 133 | 3.3 | Base set of Security requirements for sensor networks |
| 138 | 3.4 | Identity enabled Sensor Networks |
| 144 | 3.5 | Extending Internet Security to Wireless Sensors |
| 148 | 3.6 | Identify based Encryption (ECC) for Sensor Networks |
| 149 | 3.7 | Conclusion |
| 151 | 4. | Identity enabled Programmable Network |
| 151 | 4.1 | Introduction and Overview |
| 151 | 4.2 | Programmable Networks |
| 155 | 4.3 | What is a Programmable (IP Service) Network? |
| 157 | 4.3.1 | Programmable/Active Networks |
| 159 | 4.3.3 | Applications and capabilities of this technology |
| 159 | 4.4 | Base set of Security requirements for Programmable Networks |
| 164 | 4.5 | Identity enabling Programmable Networks |
| 164 | 4.5.1 | Reasons for Identity enabling Programmable Networks |
| 171 | 4.6 | Conclusion |
| 173 | 5. | Identity enabled IMS Network Services |
| 173 | 5.1 | Introduction and Overview |
| 174 | 5.2 | IMS and HSS |
| 181 | 5.3 | Identity enabling IMS |
| 182 | 5.3.1 | Approach A: Loosely Coupled Integration |
| 185 | 5.3.2 | Approach B: Tightly Coupled integration |
| 190 | 5.5 | Conclusion |
| 193 | 6. | Identity enabled NG IN Services |
| 193 | 6.1 | Introduction and Overview |
| 193 | 6.2 | NG IN Services |
| 203 | 6.3 | Identity enabling IN Services |
| 204 | 6.3.1 | Reasons for Identity enabling NG IN Services: |
| 207 | 6.4 | Conclusion |
| 209 | 7. | Identity enabled OAM&P Services |
| 209 | 7.1 | Introduction and Overview |
| 209 | 7.2 | OAM & OSS Services |
| 216 | 7.3 | Security Requirements for OAM&P environments |
| 223 | 7.4 | Identity enabling OSS/OAM Services |
| 223 | 7.4.1 | Reasons for Identity enabling OSS/OAM Services: |
| 228 | 7.5 | Policy based SLA and QOS for IMS and IP Services |
| 231 | 7.6 | Conclusion |
| 233 | 8. | Identity enabled Web Services |
| 233 | 8.1 | Introduction |
| 234 | 8.2 | How does SSO work? |
| 234 | 8.2.1 | Persistent Logins across Applications |
| 235 | 8.2.2 | Basics of Web-Based Access Control and SSO |
| 237 | 8.2.3 | Federated Identity |
| 237 | 8.2.3.1 | SAML |
| 238 | 8.2.3.2 | SSO Workflow |
| 239 | 8.2.1.1 | APIs and Code Samples |
| 244 | 8.2.3.4 | Liberty Alliance Project |
| 248 | 8.3 | Problem and Solution |
| 248 | 8.3.1 | The Problem |
| 250 | 8.3.2 | The Solution |
| 252 | 8.4 | Basic Interaction Model for ID-WSF |
| 254 | 8.4.1 | JSR 196: Java Authentication Service Provider Interface for Containers |
| 255 | 8.4.2 | Architecture |
| 256 | 8.4.3 | Process |
| 257 | 8.5 | Policies and Entities for Services |
| 264 | 8.6 | Conclusion |
| 265 | 9. | Identity enabled ESB |
| 265 | 9.1 | Introduction |
| 266 | 9.2 | ESB and Telecom Service Brokers |
| 267 | 9.3 | Identity based ESB |
| 272 | 9.3.1 | Rationale (& Value Proposition) for ESB/IDS Alignment |
| 272 | 9.3.1.1 | Common Security Framework for Security Alignment |
| 275 | 9.3.1.2 | User centric preference driven Secure Service Brokering |
| 278 | 9.3.1.3 | Alignment of Event Execution with Service Invocation (JBI-SLEE-JEE-role based routing) |
| 280 | 9.3.1.4 | Moving from request response to sense response (RFID/ID/ESB) |
| 281 | 9.3.1.5 | Converged Network to IP Service Alignment (QOS, IMS, OAM/OSSJ, access network type) |
| 283 | 9.4 | Conclusion |
| 285 | 10.1 | Introduction |
| 286 | 10.2 | Identity enabled DRM |
| 290 | 10.2.1 | Rationale (& Value Proposition) for IDS & DRM Alignment |
| 290 | 10.2.1.1 | Breaking current DRM Silos |
| 293 | 10.1.2.2 | Federated DRM |
| 297 | 10.2.1.3 | User Centric DRM Workflows |
| 298 | 10.2.1.4 | DRM for Content created by users |
| 299 | 10.2.1.5 | Content agnostic to Services |
| 300 | 10.3 | Conclusion |
| 303 | 11. | Identity enabled Devices |
| 303 | 11.1 | Introduction and Overview |
| 306 | 11.2 | Advances in Device and their functionality |
| 308 | 11.3 | Security Requirements for Devices |
| 312 | 11.4 | The Five areas of Synergy and Alignment for Identity enabled Devices |
| 312 | 11.4.1 | Solution that can address the Device validation,Device behavior and Device reputation. |
| 313 | 11.4.2 | Solution that can push device centric policies based on parameters such as (time of day, location, presence, and more). |
| 315 | 11.4.3 | A hardware-based approach to mobile device security |
| 316 | 11.4.4 | A cross-platform and open security standard given the wide array of networks, devices, operating systems and services in the converging world |
| 318 | 11.4.5 | A solution which simultaneously provides protection for the user?s information, the device itself and the network operator?s assets. (Bio metric combination, JSR 279 and more.) |
| 320 | 11.5 | Conclusion |
| 323 | 12. | Identity enabled Service Containers |
| 323 | 12.1 | Introduction and Overview |
| 325 | 12.2 | Generic Enterprise Computing Security Requirements |
| 327 | 12.3 | The Five areas of Alignment |
| 327 | 12.3.1 | Identity based Trusted Platform Model |
| 328 | 12.3.2 | Identity enabled NAC appliances |
| 329 | 12.3.3 | Identity enabled NG enterprise network security services |
| 333 | 12.3.5 | Identity enabled Enterprise Rights Management |
| 334 | 12.4 | Conclusion |
| 337 | 13. | Identity enabled ILM |
| 337 | 13.1 | Introduction and Overview |
| 340 | 13.2 | Security requirements for ILM |
| 340 | 13.2.1 | Physical Security |
| 342 | 13.2.2 | Access Control |
| 342 | 13.2.3 | Encryption |
| 344 | 13.3 | The Five areas of Synergy in terms of Identityenabling ILM include |
| 344 | 13.3.1 | IdLM acting as the Meta Layer between SLM and ILM |
| 345 | 13.3.2 | Streamlined automated Data control over long periods of time |
| 347 | 13.3.3 | Value to Storage Environments and Storage Networks |
| 348 | 13.3.4 | Value created for Auditing and Reporting |
| 348 | 13.3.5 | Alignment of Access Rights |
| 350 | 13.4 | Conclusion |
| 351 | 14. | Conclusion & Future |
| 397 | | Acknowledgements |
| 399 | | Glossary of Keywords |
| 407 | | References |
