Identity Management Systems

For some of our projects here at the TLC, we need to be able to manage identity information – traditionally, user accounts, groups, roles, etc… We’re taking a bit of time to think about a better way of implementing this, and how to use a flexible, distributed identity model.

I’ve been going through some web searches to find out what others are doing. The “version numbers” are loosely based on Dick Hardt’s descriptions (with apologies to him if I’ve misinterpreted what he was trying to say).

“Identity 1.0”

  • centralized repository – institutional directory…
  • LDAP
  • OpenLDAP

“Identity 1.5”

“Identity 2.0”

Any glaring omissions? I’ll be editing this post as I go along (I’ve got the info in our TLC wiki, but that’s behind an Identity 1.0 login)

Categories: UncategorizedTags:

4 Replies to “Identity Management Systems”

  1. Kim, thanks for the clarification. Is Infocard a Windows-only solution? Can it be used by software on other platforms, or is it an integrated part of Vista? Can it be used by web apps (java, php, etc…)?

  2. Liberty Alliance and SAML are protocols, not implementations. The protocols can be used to implement any of the 3 identified models above (so, yes, I can use Liberty/SAML protocols to run an IdP off my phone/laptop to assert any identity that I currently maintain).

    In reality, I expect that the the world of Identity will evolve towards a mixture of third party asserted (what you would call centralized) and what I refer to as self asserted (I don’t use the term user-centric since any identity system can be user-centric if they give control of the use of the identity to the user). Depending upon where you want to assert your identity you may need one form or another.


  3. Conor – thanks for the clarification. I’m still in the early stages of getting my feet wet in the identity concepts, so likely have a lot of stuff a bit muddy at the moment.

    Also, thanks for the distinction between self-asserted and user-centric. They are different things, but I was using them as interchangable terms.

Comments are closed.