Learning Digital Identity - Helion

ebook

Autor: Phillip J. Windley
ISBN: 9781098117658
stron: 472, Format: ebook
Data wydania: 2023-01-10
Księgarnia: Helion

Cena książki: 194,65 zł (poprzednio: 226,34 zł)
Oszczędzasz: 14% (-31,69 zł)

Osoby, które kupiły tę książkę, wybierały także »

Why is it difficult for so many companies to get digital identity right? If you're still wrestling with even simple identity problems like modern website authentication, this practical book has the answers you need. Author Phil Windley provides conceptual frameworks to help you make sense of all the protocols, standards, and solutions available and includes suggestions for where and when you can apply them.

By linking current social login solutions to emerging self-sovereign identity issues, this book explains how digital identity works and gives you a firm grasp on what's coming and how you can take advantage of it to solve your most pressing identity problems. VPs and directors will learn how to more effectively leverage identity across their businesses.

This book helps you:

Learn why functional online identity is still a difficult problem for most companies
Understand the purpose of digital identity and why it's fundamental to your business strategy
Learn why "rolling your own" digital identity infrastructure is a bad idea
Differentiate between core ideas such as authentication and authorization
Explore the properties of centralized, federated, and decentralized identity systems
Determine the right authorization methods for your specific application
Understand core concepts such as trust, risk, security, and privacy
Learn how digital identity and self-sovereign identity can make a difference for you and your organization

Osoby które kupowały "Learning Digital Identity", wybierały także:

Windows Media Center. Domowe centrum rozrywki 66,67 zł, (8,00 zł -88%)
Ruby on Rails. Ćwiczenia 18,75 zł, (3,00 zł -84%)
DevOps w praktyce. Kurs video. Jenkins, Ansible, Terraform i Docker 190,00 zł, (39,90 zł -79%)
Przywództwo w świecie VUCA. Jak być skutecznym liderem w niepewnym środowisku 58,64 zł, (12,90 zł -78%)
Scrum. O zwinnym zarządzaniu projektami. Wydanie II rozszerzone 58,64 zł, (12,90 zł -78%)

Spis treści

Learning Digital Identity eBook -- spis treści

Foreword
Preface
- Who Is This Book For?
- Conventions Used in This Book
- OReilly Online Learning
- How to Contact Us
- Acknowledgments
- Credits
- In Memoriam
1. The Nature of Identity
- A Bundle of Sticks?
- Identity Is Bigger Than You Think
- No Universal Identity Systems
- The Road Ahead
2. Defining Digital Identity
- The Language of Digital Identity
- Identity Scenarios in the Physical World
- Identity, Security, and Privacy
- Digital Identity Perspectives
  - Tiers of Identity
  - Locus of Control
- Reimagining Decentralized and Distributed
- A Common Language
3. The Problems of Digital Identity
- Tacit Knowledge and the Physical World
- The Proximity Problem
- The Autonomy Problem
- The Flexibility Problem
- The Consent Problem
- The Privacy Problem
- The (Lack of) Anonymity Problem
- The Interoperability Problem
- The Scale Problem
- Solving the Problems
4. The Laws of Digital Identity
- An Identity Metasystem
- The Laws of Identity
  - User Control and Consent
  - Minimal Disclosure for a Constrained Use
  - Justifiable Parties
  - Directed Identity
  - Pluralism of Operators and Technologies
  - Human Integration
  - Consistent Experience Across Contexts
- Fixing the Problems of Identity
5. Relationships and Identity
- Identity Niches
- Relationship Integrity
- Relationship Life Span
  - Anonymity and Pseudonymity
  - Fluid Multi-Pseudonymity
- Relationship Utility
- Transactional and Interactional Relationships
- Promoting Rich Relationships
6. The Digital Relationship Lifecycle
- Discovering
- Co-Creating
- Propagating
- Using
- Updating or Changing
- Terminating
- Lifecycle Planning
7. Trust, Confidence, and Risk
- Risk and Vulnerability
- Fidelity and Provenance
- Trust Frameworks
- The Nature of Trust
- Coherence and Social Systems
- Trust, Confidence, and Coherence
8. Privacy
- What Is Privacy?
  - Communications Privacy and Confidentiality
  - Information Privacy
  - Transactional Privacy
- Correlation
- Privacy, Authenticity, and Confidentiality
- Functional Privacy
- Privacy by Design
  - Principle 1: Proactive Not Reactive; Preventive Not Remedial
  - Principle 2: Privacy as the Default Setting
  - Principle 3: Privacy Embedded into Design
  - Principle 4: Full FunctionalityPositive-Sum, Not Zero-Sum
  - Principle 5: End-to-End SecurityFull Lifecycle Protection
  - Principle 6: Visibility and TransparencyKeep It Open
  - Principle 7: Respect for User PrivacyKeep It User-Centric
- Privacy Regulations
  - General Data Protection Regulation
  - California Consumer Privacy Act
  - Other Regulatory Efforts
- The Time Value and Time Cost of Privacy
- Surveillance Capitalism and Web 2.0
- Privacy and Laws of Identity
9. Integrity, Nonrepudiation, and Confidentiality
- Cryptography
  - Secret Key Cryptography
  - Public-Key Cryptography
  - Hybrid Key Systems
  - Public-Key Cryptosystem Algorithms
  - Key Generation
  - Key Management
- Message Digests and Hashes
- Digital Signatures
- Digital Certificates
  - Certificate Authorities
  - Certificate Revocation Lists
  - Public-Key Infrastructures
- Zero-Knowledge Proofs
  - ZKP Systems
  - Noninteractive ZKPs
- Blockchain Basics
  - Decentralized Consensus
  - Byzantine Failure and Sybil Attacks
  - Building a Blockchain
    - Problem 1: Sending money
    - Problem 2: Uniquely identifying coins
    - Problem 3: Distributing the bank
    - Problem 4: Preventing double spending
    - Problem 5: Stopping network hijacking
    - Problem 6: Ordering transactions and handling disagreements
  - Other Ways of Countering Sybil Attacks
  - Classifying Blockchains
  - Should You Use a Blockchain?
- The Limitations of PKI
10. Names, Identifiers, and Discovery
- Utah.gov: A Use Case in Naming and Directories
- Naming
  - Namespaces
  - Identifiers
    - Uniform Resource Identifiers: A universal namespace
    - Cool URIs dont change
    - Uniform Resource Names
  - Zookos Triangle
- Discovery
  - Directories
    - Directories are not databases
    - LDAP
  - Domain Name System
  - WebFinger
- Heterarchical Directories
  - Personal Directories and Introductions
  - Distributed Hash Tables
  - Using Blockchains for Discovery
- Discovery Is Key
11. Authentication and Relationship Integrity
- Enrollment
  - Identity Proofing
  - Biometric Collection
  - Attribute Collection
- Authentication Factors
  - Knowledge Factor: Something You Know
  - Possession Factor: Something You Have
  - Inherence Factor: Something You Are
  - Behavior Factor: Something You Do
  - Location Factor: Somewhere You Are
  - Temporal Factor: Some Time Youre In
- Authentication Methods
  - Identifier Only
  - Identifier and Authentication Factors
    - Passwords
    - Password management
    - Password reset
    - Biometric factors
  - Challenge-Response Systems
    - Digital certificates and challenge-response
    - FIDO authentication
  - Token-Based Authentication
- Classifying Authentication Strength
  - The Authentication Pyramid
  - Authentication Assurance Levels
- Account Recovery
- Authentication System Properties
  - Practicality
  - Appropriate Level of Security
  - Locational Transparency
  - Integrable and Flexible
  - Appropriate Level of Privacy
  - Reliability
  - Auditability
  - Manageability
  - Federation Support
- Authentication Preserves Relationship Integrity
12. Access Control and Relationship Utility
- Policy First
  - Responsibility
  - Principle of Least Privilege
  - Accountability Scales Better Than Enforcement
- Authorization Patterns
  - Mandatory and Discretionary Access Control
  - User-Based Permission Systems
  - Access Control Lists
  - Role-Based Access Control
  - Attribute- and Policy-Based Access Control
- Abstract Authorization Architectures
- Representing and Managing Access Control Policies
- Handling Complex Policy Sets
- Digital Certificates and Access Control
- Maintaining Proper Boundaries
13. Federated IdentityLeveraging Strong Relationships
- The Nature of Federated Identity
- SSO Versus Federation
- Federation in the Credit Card Industry
- Three Federation Patterns
  - Pattern 1: Ad Hoc Federation
  - Pattern 2: Hub-and-Spoke Federation
  - Pattern 3: Identity Federation Network
    - A secure, protected environment
    - Identity networks are more complicated than financial networks
- Addressing the Problem of Trust
- Network Effects and Digital Identity Management
- Federation Methods and Standards
  - SAML
  - SAML Authentication Flow
  - SCIM
  - OAuth
    - OAuth basics
    - Getting a token
    - Refresh tokens
    - OAuth scopes
    - Using a token
  - OpenID Connect
- Governing Federation
- Networked Federation Wins
14. Cryptographic Identifiers
- The Problem with Email-Based Identifiers
- Decentralized Identifiers
  - DID Properties
  - DID Syntax
  - DID Resolution
  - DID Documents
  - Indirection and Key Rotation
- Autonomic Identifiers
  - Self-Certification
  - Peer DIDs
    - Benefits of peer DIDs
    - Making peer DIDs trustworthy
    - Peer DID authentication and authorization
  - Key Event Receipt Infrastructure
    - Self-certifying key event logs
    - Prerotation of keys
    - Delegation
    - The KERI DID Method
  - Other Autonomic Identifier Systems
- Cryptographic Identifiers and the Laws of Identity
15. Verifiable Credentials
- The Nature of Credentials
  - Roles in Credential Exchange
  - Credential Exchange Transfers Trust
- Verifiable Credentials
- Exchanging VCs
  - Issuing Credentials
  - Holding Credentials
  - Presenting Credentials
- Credential Presentation Types
  - Full Credential Presentation
  - Derived Credential Presentation
    - ZKPs and credentials
    - Correlation and blinded identifiers
- Answering Trust Questions
- The Properties of Credential Exchange
- VC Ecosystems
- Alternatives to DIDs for VC Exchange
- A Marketplace for Credentials
- VCs Expand Identity Beyond Authn and Authz
16. Digital Identity Architectures
- The Trust Basis for Identifiers
- Identity Architectures
  - Administrative Architecture
  - Algorithmic Architecture
  - Autonomic Architecture
- Algorithmic and Autonomic Identity in Practice
- Comparing Identity Architectures
- Power and Legitimacy
- Hybrid Architectures
17. Authentic Digital Relationships
- Administrative Identity Systems Create Anemic Relationships
- Alternatives to Transactional Relationships
- The Self-Sovereign Alternative
- Supporting Authentic Relationships
  - Disintermediating Platforms
  - Digitizing Auto Accidents
- Taking Our Rightful Place in the Digital Sphere
18. Identity Wallets and Agents
- Identity Wallets
- Platform Wallets
- The Roles of Agents
- Properties of Wallets and Agents
- SSI Interaction Patterns
  - DID Authentication Pattern
  - Single-Party Credential Authorization Pattern
  - Multiparty Credential Authorization Pattern
  - Revisiting the Generalized Authentic Data Transfer Pattern
- What If I Lose My Phone?
  - Step 1: Alice Revokes the Lost Agents Authorization
  - Step 2: Alice Rotates Her Relationship Keys
  - What Alice Has Protected
  - Protecting the Information in Alices Wallet
  - Censorship Resistance
- Web3, Agents, and Digital Embodiment
19. Smart Identity Agents
- Self-Sovereign Authority
  - Principles of Self-Sovereign Communication
  - Reciprocal Negotiated Accountability
- DID-Based Communication
- Exchanging DIDs
- DIDComm Messaging
  - Properties of DIDComm Messaging
  - Message Formats
- Protocological Power
  - Playing Tic-Tac-Toe
  - Protocols Beyond Credential Exchange
- Smart Agents and the Future of the Internet
- Operationalizing Digital Relationships
  - Multiple Smart Agents
  - Realizing the Smart Agent Vision
- Digital Memories
20. Identity on the Internet of Things
- Access Control for Devices
  - Using OAuth with Devices
  - OAuths Shortcomings for the IoT
    - Device limitations
    - Wheres the owner?
    - Magically working together
- The CompuServe of Things
  - Online Services
  - Online 2.0: The Silos Strike Back
  - A Real, Open Internet of Things
- Alternatives to the CompuServe of Things
- The Self-Sovereign Internet of Things
  - DID Relationships for IoT
  - Use Case 1: Updating Firmware
  - Use Case 2: Proving Ownership
  - Use Case 3: Real Customer Service
- Relationships in the SSIoT
  - Multiple Owners
  - Lending the Truck
  - Selling the Truck
- Unlocking the SSIoT
21. Identity Policies
- Policies and Standards
- The Policy Stack
- Attributes of a Good Identity Policy
- Recording Decisions
- Determining Policy Needs
  - Business-Inspired Projects and Processes
  - Security Considerations
  - Privacy Considerations
  - Information Governance
  - Meeting External Requirements
  - Feedback on Existing Policies
- Writing Identity Policies
- Policy Outline
- The Policy Review Framework
- Assessing Identity Policies
- Enforcement
- Procedures
- Policy Completes the System
22. Governing Identity Ecosystems
- Governing Administrative Identity Systems
- Governing Autonomic Identity Systems
- Governing Algorithmic Identity Systems
- Governance in a Hybrid Identity Ecosystem
- Governing Individual Identity Ecosystems
  - Credential Fidelity and Confidence
  - Credential Provenance and Trust
  - Domain-Specific Trust Frameworks
- The Legitimacy of Identity Ecosystems
23. Generative Identity
- A Tale of Two Metasystems
  - The Social Login Metasystem
  - The Self-Sovereign Identity Metasystem
- Generativity
- The Self-Sovereign Internet
  - Properties of the Self-Sovereign Internet
  - The Generativity of the Self-Sovereign Internet
    - Capacity for leverage
    - Adaptability
    - Ease of use
    - Accessibility
- Generative Identity
  - The Generativity of Credential Exchange
    - Capacity for leverage
    - Adaptability
    - Ease of use
    - Accessibility
  - Self-Sovereign Identity and Generativity
- Our Digital Future
Index