Learning Digital Identity: Design, Deploy, and Manage Identity Architectures
Why is it difficult for so many companies to get digital identity right? If you’re still wrestling with even simple identity problems like modern website authentication, this practical book has the answers you need. Author Phil Windley provides conceptual frameworks to help you make sense of all the protocols, standards, and solutions available and includes suggestions for where and when you can apply them.
By linking current social login solutions to emerging self-sovereign identity issues, this book explains how digital identity works and gives you a firm grasp on what’s coming and how you can take advantage of it to solve your most pressing identity problems. VPs and directors will learn how to more effectively leverage identity across their businesses.
This book helps you:
- Learn why functional online identity is still a difficult problem for most companies
- Understand the purpose of digital identity and why it’s fundamental to your business strategy
- Learn why “rolling your own” digital identity infrastructure is a bad idea
- Differentiate between core ideas such as authentication and authorization
- Explore the properties of centralized, federated, and decentralized identity systems
- Determine the right authorization methods for your specific application
- Understand core concepts such as trust, risk, security, and privacy
- Learn how digital identity and self-sovereign identity can make a difference for you and your organization
Foreword Preface Who Is This Book For? Conventions Used in This Book O’Reilly Online Learning How to Contact Us Acknowledgments Credits In Memoriam 1. The Nature of Identity A Bundle of Sticks? Identity Is Bigger Than You Think No Universal Identity Systems The Road Ahead 2. Defining Digital Identity The Language of Digital Identity Identity Scenarios in the Physical World Identity, Security, and Privacy Digital Identity Perspectives Tiers of Identity Locus of Control Reimagining Decentralized and Distributed A Common Language 3. The Problems of Digital Identity Tacit Knowledge and the Physical World The Proximity Problem The Autonomy Problem The Flexibility Problem The Consent Problem The Privacy Problem The (Lack of) Anonymity Problem The Interoperability Problem The Scale Problem Solving the Problems 4. The Laws of Digital Identity An Identity Metasystem The Laws of Identity User Control and Consent Minimal Disclosure for a Constrained Use Justifiable Parties Directed Identity Pluralism of Operators and Technologies Human Integration Consistent Experience Across Contexts Fixing the Problems of Identity 5. Relationships and Identity Identity Niches Relationship Integrity Relationship Life Span Anonymity and Pseudonymity Fluid Multi-Pseudonymity Relationship Utility Transactional and Interactional Relationships Promoting Rich Relationships 6. The Digital Relationship Lifecycle Discovering Co-Creating Propagating Using Updating or Changing Terminating Lifecycle Planning 7. Trust, Confidence, and Risk Risk and Vulnerability Fidelity and Provenance Trust Frameworks The Nature of Trust Coherence and Social Systems Trust, Confidence, and Coherence 8. Privacy What Is Privacy? Communications Privacy and Confidentiality Information Privacy Transactional Privacy Correlation Privacy, Authenticity, and Confidentiality Functional Privacy Privacy by Design Principle 1: Proactive Not Reactive; Preventive Not Remedial Principle 2: Privacy as the Default Setting Principle 3: Privacy Embedded into Design Principle 4: Full Functionality—Positive-Sum, Not Zero-Sum Principle 5: End-to-End Security—Full Lifecycle Protection Principle 6: Visibility and Transparency—Keep It Open Principle 7: Respect for User Privacy—Keep It User-Centric Privacy Regulations General Data Protection Regulation California Consumer Privacy Act Other Regulatory Efforts The Time Value and Time Cost of Privacy Surveillance Capitalism and Web 2.0 Privacy and Laws of Identity 9. Integrity, Nonrepudiation, and Confidentiality Cryptography Secret Key Cryptography Public-Key Cryptography Hybrid Key Systems Public-Key Cryptosystem Algorithms Key Generation Key Management Message Digests and Hashes Digital Signatures Digital Certificates Certificate Authorities Certificate Revocation Lists Public-Key Infrastructures Zero-Knowledge Proofs ZKP Systems Noninteractive ZKPs Blockchain Basics Decentralized Consensus Byzantine Failure and Sybil Attacks Building a Blockchain Problem 1: Sending money Problem 2: Uniquely identifying coins Problem 3: Distributing the bank Problem 4: Preventing double spending Problem 5: Stopping network hijacking Problem 6: Ordering transactions and handling disagreements Other Ways of Countering Sybil Attacks Classifying Blockchains Should You Use a Blockchain? The Limitations of PKI 10. Names, Identifiers, and Discovery Utah.gov: A Use Case in Naming and Directories Naming Namespaces Identifiers Uniform Resource Identifiers: A universal namespace Cool URIs don’t change Uniform Resource Names Zooko’s Triangle Discovery Directories Directories are not databases LDAP Domain Name System WebFinger Heterarchical Directories Personal Directories and Introductions Distributed Hash Tables Using Blockchains for Discovery Discovery Is Key 11. Authentication and Relationship Integrity Enrollment Identity Proofing Biometric Collection Attribute Collection Authentication Factors Knowledge Factor: Something You Know Possession Factor: Something You Have Inherence Factor: Something You Are Behavior Factor: Something You Do Location Factor: Somewhere You Are Temporal Factor: Some Time You’re In Authentication Methods Identifier Only Identifier and Authentication Factors Passwords Password management Password reset Biometric factors Challenge-Response Systems Digital certificates and challenge-response FIDO authentication Token-Based Authentication Classifying Authentication Strength The Authentication Pyramid Authentication Assurance Levels Account Recovery Authentication System Properties Practicality Appropriate Level of Security Locational Transparency Integrable and Flexible Appropriate Level of Privacy Reliability Auditability Manageability Federation Support Authentication Preserves Relationship Integrity 12. Access Control and Relationship Utility Policy First Responsibility Principle of Least Privilege Accountability Scales Better Than Enforcement Authorization Patterns Mandatory and Discretionary Access Control User-Based Permission Systems Access Control Lists Role-Based Access Control Attribute- and Policy-Based Access Control Abstract Authorization Architectures Representing and Managing Access Control Policies Handling Complex Policy Sets Digital Certificates and Access Control Maintaining Proper Boundaries 13. Federated Identity—Leveraging Strong Relationships The Nature of Federated Identity SSO Versus Federation Federation in the Credit Card Industry Three Federation Patterns Pattern 1: Ad Hoc Federation Pattern 2: Hub-and-Spoke Federation Pattern 3: Identity Federation Network A secure, protected environment Identity networks are more complicated than financial networks Addressing the Problem of Trust Network Effects and Digital Identity Management Federation Methods and Standards SAML SAML Authentication Flow SCIM OAuth OAuth basics Getting a token Refresh tokens OAuth scopes Using a token OpenID Connect Governing Federation Networked Federation Wins 14. Cryptographic Identifiers The Problem with Email-Based Identifiers Decentralized Identifiers DID Properties DID Syntax DID Resolution DID Documents Indirection and Key Rotation Autonomic Identifiers Self-Certification Peer DIDs Benefits of peer DIDs Making peer DIDs trustworthy Peer DID authentication and authorization Key Event Receipt Infrastructure Self-certifying key event logs Prerotation of keys Delegation The KERI DID Method Other Autonomic Identifier Systems Cryptographic Identifiers and the Laws of Identity 15. Verifiable Credentials The Nature of Credentials Roles in Credential Exchange Credential Exchange Transfers Trust Verifiable Credentials Exchanging VCs Issuing Credentials Holding Credentials Presenting Credentials Credential Presentation Types Full Credential Presentation Derived Credential Presentation ZKPs and credentials Correlation and blinded identifiers Answering Trust Questions The Properties of Credential Exchange VC Ecosystems Alternatives to DIDs for VC Exchange A Marketplace for Credentials VCs Expand Identity Beyond Authn and Authz 16. Digital Identity Architectures The Trust Basis for Identifiers Identity Architectures Administrative Architecture Algorithmic Architecture Autonomic Architecture Algorithmic and Autonomic Identity in Practice Comparing Identity Architectures Power and Legitimacy Hybrid Architectures 17. Authentic Digital Relationships Administrative Identity Systems Create Anemic Relationships Alternatives to Transactional Relationships The Self-Sovereign Alternative Supporting Authentic Relationships Disintermediating Platforms Digitizing Auto Accidents Taking Our Rightful Place in the Digital Sphere 18. Identity Wallets and Agents Identity Wallets Platform Wallets The Roles of Agents Properties of Wallets and Agents SSI Interaction Patterns DID Authentication Pattern Single-Party Credential Authorization Pattern Multiparty Credential Authorization Pattern Revisiting the Generalized Authentic Data Transfer Pattern What If I Lose My Phone? Step 1: Alice Revokes the Lost Agent’s Authorization Step 2: Alice Rotates Her Relationship Keys What Alice Has Protected Protecting the Information in Alice’s Wallet Censorship Resistance Web3, Agents, and Digital Embodiment 19. Smart Identity Agents Self-Sovereign Authority Principles of Self-Sovereign Communication Reciprocal Negotiated Accountability DID-Based Communication Exchanging DIDs DIDComm Messaging Properties of DIDComm Messaging Message Formats Protocological Power Playing Tic-Tac-Toe Protocols Beyond Credential Exchange Smart Agents and the Future of the Internet Operationalizing Digital Relationships Multiple Smart Agents Realizing the Smart Agent Vision Digital Memories 20. Identity on the Internet of Things Access Control for Devices Using OAuth with Devices OAuth’s Shortcomings for the IoT Device limitations Where’s the owner? Magically working together The CompuServe of Things Online Services Online 2.0: The Silos Strike Back A Real, Open Internet of Things Alternatives to the CompuServe of Things The Self-Sovereign Internet of Things DID Relationships for IoT Use Case 1: Updating Firmware Use Case 2: Proving Ownership Use Case 3: Real Customer Service Relationships in the SSIoT Multiple Owners Lending the Truck Selling the Truck Unlocking the SSIoT 21. Identity Policies Policies and Standards The Policy Stack Attributes of a Good Identity Policy Recording Decisions Determining Policy Needs Business-Inspired Projects and Processes Security Considerations Privacy Considerations Information Governance Meeting External Requirements Feedback on Existing Policies Writing Identity Policies Policy Outline The Policy Review Framework Assessing Identity Policies Enforcement Procedures Policy Completes the System 22. Governing Identity Ecosystems Governing Administrative Identity Systems Governing Autonomic Identity Systems Governing Algorithmic Identity Systems Governance in a Hybrid Identity Ecosystem Governing Individual Identity Ecosystems Credential Fidelity and Confidence Credential Provenance and Trust Domain-Specific Trust Frameworks The Legitimacy of Identity Ecosystems 23. Generative Identity A Tale of Two Metasystems The Social Login Metasystem The Self-Sovereign Identity Metasystem Generativity The Self-Sovereign Internet Properties of the Self-Sovereign Internet The Generativity of the Self-Sovereign Internet Capacity for leverage Adaptability Ease of use Accessibility Generative Identity The Generativity of Credential Exchange Capacity for leverage Adaptability Ease of use Accessibility Self-Sovereign Identity and Generativity Our Digital Future Index
How to download source code?
1. Go to:
2. Search the book title:
Learning Digital Identity: Design, Deploy, and Manage Identity Architectures, sometime you may not get the results, please search the main title
3. Click the book title in the search results
Publisher resources section, click
Download Example Code.
1. Disable the AdBlock plugin. Otherwise, you may not get any links.
2. Solve the CAPTCHA.
3. Click download link.
4. Lead to download server to download.