| 1
Introduction and Overview 1 |
|
| 1.1
Introduction |
1 |
| 1.2
Motivation for an Identity and Policy book |
2 |
| 1.3
Why do you need to read this book? |
10 |
| 1.4
What’s the value of the content? |
11 |
| 1.5
The Nine Potential Pain Points |
12 |
| 1.6
The 9 Step Methodology for Identity based Policies (Revisited) |
14 |
| 1.7
Validating the Value Proposition of Vertical Integration of
Identity and Policies |
17 |
| 1.8
Business Value of Vertical Integration of Identity Systems |
21 |
| 1.9
Architecture of an Identity based Policy System |
23 |
| 1.10
Identity System and the Four Perspectives |
44 |
| 1.11 Identity
Centric Architecture |
57 |
| 1.12
Use Case |
63 |
| 1.13
Multi-Agent Policy Architecture |
69 |
| 1.14
Industry Trends |
97 |
| 1.15
Organization of the Book |
100 |
| 2
Identity enabled Contextual Policies 103 |
|
| 2.1
Introduction and Overview |
103 |
| 2.2
Integration of IDM and Policy Layer for Contextual Services |
106 |
| 2.3
Rationale and Reasons with a Sample Use Case (Target
Advertisement) |
107 |
| 2.4
Sample XACML code/Scenario |
116 |
| 2.5
Conclusions |
120 |
| 3
Identity enabled Device Policies 121 |
|
| 3.1
Introduction and Overview |
121 |
| 3.2
Integration of Identity and Policy for Devices |
128 |
| 3.3
Rationale and Approaches to Identity and Policy Integration with
Devices |
129 |
| 3.5
Sample XACML XML code for Device Policies (XACML-Device Profile) |
137 |
| 3.6
Conclusion |
138 |
| 4
Identity enabled Access Network Policies 139 |
|
| 4.1
Introduction and Overview |
139 |
| 4.2
Identity and Policy integration with Access Networks |
140 |
| 4.3
Rationale and Approach to Identity and Policy Integration with
Access Networks |
142 |
| 4.4
Sample XACML code for Network Policies |
145 |
| 4.5
Conclusion & Futures |
146 |
| 5
Identity enabled Session Specific Policies 147 |
|
| 5.1
Introduction and Overview |
147 |
| 5.2
Integration of Identity and Policy for Sessions |
148 |
| 5.3
Rationale and Approaches to Integration |
149 |
| 5.4
Sample XACML code for Session Policies |
158 |
| 5.5
Conclusion |
160 |
| 6
Identity enabled OAMP Policies 161 |
|
| 6.1
Introduction and Overview |
161 |
| 6.2
Identity System Architecture and Integrated Infrastructure |
162 |
| 6.3
Architecture and Integration with Infrastructure |
164 |
| 6.4
Approaches for integrating OAMP and IDM |
168 |
| 6.5
Rationale (& Value Proposition) for IDS ↔ OAMP
Alignment |
174 |
| 6.6
Conclusion |
180 |
| 7
Identity enabled QOE policies 181 |
|
| 7.1
Introduction and Overview |
181 |
| 7.2
Identity and Policy for QOS |
181 |
| 7.3
Rationale and Approaches to Integration |
183 |
| 7.4
Sample XACML code |
189 |
| 7.5
Conclusion |
190 |
| 8
Identity enabled Privacy Policies 191 |
|
| 8.1
Introduction |
191 |
| 8.2.
Privacy Label Taxonomy |
192 |
| 8.3.
Formulation of Inference Relations |
195 |
| 8.4.
Detecting Violations of Privacy Labeling Semantics |
197 |
| 8.5
Assigning Information Types to Privacy Labels obtained from User
Preferences |
202 |
| 8.6
Summary |
203 |
| 8.7
Sample XACML |
204 |
| 8.8
Conclusion |
205 |
| 9
Identity enabled Service Policies 207 |
|
| 9.1
Introduction |
207 |
| 9.2
Identity and Policy for Services |
209 |
| 9.3
Rationale and Integration of Identity and Policies for Services (&
Service Bus) |
216 |
| 9.4.
Rationale (& Value Proposition) for ESB POLICY Alignment |
223 |
| 9.4
Sample XACML-WS Policy code |
231 |
| 9.5
Conclusion |
232 |
| 10
Identity enabled Data Centric Policies (Secure Data Exchange) 235 |
|
| 10.1
Introduction and Overview |
235 |
| 10.3
Typical Functionality of SCAN |
239 |
| 10.4
Approaches for integrating |
251 |
| 10.5
Conclusion |
252 |
| 11
Identity enabled Distributed (& Virtualized) Systems (Grid
Network) Policies 253 |
|
| 11.1
Introduction and Overview |
253 |
| 11.2
The eXtensible Access Control Markup Language – XACML for
Resources |
255 |
| 11.3.
Policies for Virtualized Systems |
258 |
| 11.4
The Globus Security Architecture |
260 |
| 11.5
Sample XACML for Distributed Systems |
262 |
| 11.6
Conclusion |
265 |
| 12
Identity enabled Log Policies 267 |
|
| 12.1
Introduction and Overview |
267 |
| 12.2
Log Management Architecture and Integration with Infrastructure |
269 |
| 12.3
Approaches for integrating LM and IM |
271 |
| 12.4
Sample XACML/XML Code |
281 |
| 12.5
Conclusion |
283 |
| 13. Assurance for Identity Enabled Authorization policies 285 |
|
| 13.1
Introduction |
285 |
| 13.2
Authorization Policy Validation Framework – Background &
Overall Approach |
286 |
| 13.3.
Authorization Policy Validation Framework Components |
287 |
| 13.4.
Encoding the enterprise authorization specification in XML |
293 |
| 13.5
Specification of Authorization Policy Constraints & Validation
Outcomes |
294 |
| 13.6
Summary, Benefits and Limitations |
300 |
| 14
Conclusion & Futures 301 |
|
| 14.1
INTRA Enterprise Policies using XML and RBAC models (Sample BankDB
application) |
308 |
| 14.2
INTER-Enterprise Policies (Sample Ad-hoc Federated Network
Service) |
320 |
| 14.3
End to end Policy Orchestration and Choreography |
327 |
| 14.4
Futures |
328 |
