Database Reference
In-Depth Information
SOA technical infrastructure from security perspective
Identity management - defending credentials verification systems
Gartner defines Identity Management as follows: "Identity management is the set of busi-
ness processes, and a supporting infrastructure for the creation, maintenance, and use of
digital identities." Direct or Brokered identification services are the most critical resources
in our service inventory, not only because they hold clients and corporate sensitive in-
formation, but also because of their highest level of reuse.
The most common rules around identity management protection are as follows:
• Use a zero-knowledge password protocol (ZKPP) such as SRP.
• Passwords should be stored safely to prevent insider attacks and to ensure that if a
system is compromised, the passwords are not retrievable. Due to the reuse of a
password, this information might be useful in the compromise of other systems
these users or services work with. In order to protect these passwords, they should
be stored in an encrypted way, in a nonreversible state, so that the original text
password cannot be extracted from the stored value.
• Password aging should be strictly enforced to ensure that passwords do not re-
main unchanged for long periods of time. The longer a password remains in use,
Search WWH ::
Custom Search