Identity Management: Concepts, Technologies, and Systems -- Contents -- 1 Introduction -- 1.1 Stakeholders and Business Opportunities -- 1.2 Identity Ecosystem and Key Trends -- 1.3 Challenges in Identity Management -- 1.4 Overview of This Book -- References -- 2 What Is Identity Management? -- 2.1 Stakeholders and Their Requirements -- 2.1.2 Identity Providers -- 2.1.3 Relying Parties -- 2.2 Identity Life Cycle -- 2.2.1 Creation -- 2.2.2 Usage -- 2.2.3 Update -- 2.2.4 Revocation -- 2.2.5 Governance -- 2.3 Identity Assurance -- References -- 3 Fundamental Technologies andProcesses -- 3.1 Credentials -- 3.1.2 Public-Key Certificates and Public-Key Infrastructures -- 3.1.3 Attribute and Authorization Certificates -- 3.1.4 Credential Delegation -- 3.1.5 Proxy Certificates -- 3.2 Single Sign-On -- 3.2.1 Kerberos Protocols -- 3.2.2 Reverse Proxy-Based SSO -- 3.3 Attribute Federation -- 3.3.1 Distributed Mediation -- 3.3.2 Single Party-Based Mediation -- 3.4 Privacy -- 3.4.1 Pseudonym Systems -- 3.4.2 Anonymous Credentials -- 3.5 Assurance and Compliance -- References -- 4 Standards and Systems -- 4.1 Overview -- 4.2 OASIS Security Assertion Markup Language (SAML) -- 4.2.1 Overview -- 4.2.2 Specification Structure -- 4.2.3 Web SSO -- 4.2.4 Use Cases -- 4.3 Liberty Identity Web Services Framework -- 4.3.1 Opt-In Discovery Registration -- 4.3.3 Federated Identity-Based Access Control -- 4.3.4 Pseudonym Mapping -- 4.3.5 Use Cases -- 4.4 OpenID -- 4.4.1 Overview -- 4.4.2 Authentication -- 4.4.3 Attribute Exchange (AX) -- 4.4.4 Provider Authentication Policy Extension (PAPE) -- 4.4.5 Simple Registration (SREG) -- 4.4.6 Use Cases -- 4.5 Information Card-Based Identity Management (IC-IDM) -- 4.5.1 Overview -- 4.5.2 WS-MetadataExchange -- 4.5.3 WS-Trust -- 4.5.4 Use Cases -- 4.6 Towards Interoperability -- 4.6.1 Use Cases.

4.6.2 Comparative Analysis of SAML, OpenID, and Information Cards -- 4.7 Security Analysis -- 4.7.1 Confidentiality -- 4.7.2 Integrity -- 4.7.3 Availability -- 4.7.4 Repudiation -- 4.7.5 Authentication -- 4.7.6 Authorization -- 4.8 Privacy Analysis -- 4.9 Research Prototypes -- 4.9.1 SASSO -- 4.9.2 VeryIDX -- 4.9.3 SWIFT -- 4.9.4 Emerging Areas: Social Networks, Mobile, and Cloud Computing -- References -- 5 Challenges -- 5.1 Usability -- 5.1.1 Usability Principles and Requirements -- 5.1.2 Evaluating the Usability of Identity Management Solutions -- 5.1.3 Antiphishing Measures -- 5.2 Access Control -- 5.3 Privacy Protection -- 5.3.1 Privacy Policies -- 5.3.2 Anonymization of Personally Identifiable Information and Privacy-Preserving Data Mining -- 5.3.3 Privacy Protection in Emerging Services -- 5.4 Trust Management -- 5.4.1 Reputation of the Party -- 5.4.2 Objective Verification of Certain Party Characteristics -- 5.4.3 Possession of Credentials Attesting Certain Party Identity Information -- 5.4.4 Trust in the Context of Identity Management -- 5.5 Interoperability Challenge -- 5.5.1 Universal User Experiences -- 5.5.2 Naming Heterogeneity Management -- 5.6 Biometrics -- References -- 6 Conclusions -- References -- About the Authors -- Index.