UKUUG home


(the UK's Unix & Open Systems User Group)






Book Discounts

Other Discounts

Mailing lists






Digital Identity

Phil Windley
Published by O'Reilly and Associates
254 pages
£ 24.95
Published: 5th August 2005
reviewed by Greg Matthews
   in the March 2006 issue (pdf), (html)

Identity is a hot topic right now. Sociologists are debating the meaning of individual identity, politicians are arguing over ID cards. What is perhaps less well known are the big issues being tackled by the technical departments of corporations and organisations, surrounding the concept of digital identity.

It seems fairly obvious that when I log into my computer in the morning, my identity is checked against a directory, authentication takes place and then I am authorised to perform most of my day to day activities on this system. On closer inspection, it turns out I have multiple identities existing on various directories of many different kinds and that's just the organisation where I work. I have an identity stored in OpenLDAP, another in eDirectory, several more for various parts of our internal and external web space, a few more for various corporate systems, I could go on. These various identities are used for different purposes and contain greater or lesser amounts of overlap in the information that they contain and optionally make available. Most of the examples above are for authentication or authorisation or both (although they needn't be, I also have a ``white pages'' identity) and each can have completely separate authentication tokens. This can be a nightmare for the user to remember and manage all those passwords. It can also become very difficult to maintain and synchronise all these various repositories of information.

This is only the tip of the proverbial iceberg. Identity verification is required for just about every digital transaction. For instance, I can go to any newsagent in the country and buy my newspaper completely anonymously, provided I can pay in cash. However, if I want to access funds from my bank, my identity must be verified, by my PIN or by the signature on my cheque guarantee card or credit card. The same is true for hosts on a network, businesses must be determine who has access to which applications or data and this can only be done with accurate identity information. Traditionally this is done by building a wall around systems and keeping very tight control on the flow of information into and out of the organisation using a firewall.

Ideally, I'd like to sign on to my computer in the morning and have access to all relevant systems needed to do my job without having to remember another pass phrase. Some people will immediately think of ``single sign-on'' (SSO) and groan inwardly, in the past, SSO solutions have depended on a single vault of information and all systems relying on this vault for resolving identities. However, such systems tended to lock customers into a limited set of technologies. More modern thinking on digital identity is based on the concept of trust. For instance, I may log on to an airline website and book tickets to New York, The airline may recommend a rental car from a particular company. When I click on the link the rental company will receive an assurance of my identity (an authentication assertion in the lingo) allowing me to use the services of the site without another lengthy sign on. Here, two different companies can set up a trust relationship and their users reap the benefit.

Phillip Windley is well placed to talk authoritatively on these issues, he was the CTO for which provides e-commerce services where identity issues are paramount. In 2000 he became the CIO for the state of Utah helping to develop e-government systems. He is currently an associate professor of Brigham Young University. This book is a timely and informative introduction to the burning issue of digital identity. Windley's writing demonstrates his strong grasp of this difficult subject. He introduces each concept and defines it carefully in technical terms. Without this attention to detail, chapters on trust and privacy would be too woolly to be useful. This careful approach means the text doesn't descend into stultifying technical language or impenetrable management-speak. It is clearly laid out and the sections are short and to the point.

This book is not a technical book, it will not tell you how to install and configure an identity management architecture (IMA). In fact, it's almost impossible to find a reference to an existing product. This makes it all the more interesting as the subject is in turns, philosophical (what do we mean by ``privacy''?) and pragmatic (how is it implemented?). Each chapter is peppered with relevant examples, many from Windley's personal experience, many from the banking world where issues of digital identity have been paramount for a long time. When discussing related technologies, he is quick to point out interoperability problems between standards and the fact that implementing an IMA is politically challenging to say the least.

I expected the book to be worthy but dry, and this was not helped by the picture on the cover of a couple of girls attending what looks like the most boring fancy dress party ever. I found instead, that the subject was interesting and the text informative. Some of the diagrams did little to enlighten the text and had inadequate explanation. Those looking for technical book with code examples will find little to interest them, instead this is a thorough review at the architectural level of the technology required to implement identity management. Highly recommended.

Back to reviews list

Tel: 01763 273 475
Fax: 01763 273 255
Web: Webmaster
Queries: Ask Here
Join UKUUG Today!

UKUUG Secretariat
More information

Page last modified 02 Apr 2007
Copyright © 1995-2011 UKUUG Ltd.