Information Technology Reference
In-Depth Information
This many-walled garden poses difficulties for gatherers, hunters, and
those who merely come to enjoy the flowers, because they must stop at
each gate to negotiate entrance. Passing from area to area, different rules
may cause inadvertent accidents when gathering food or hunting. Take
this image now, and label each of the smaller areas with names such as
Microsoft, Novell, IBM, and Red Hat, or with functional segment names
such as Accounting, Shipping, and Human Resources. Within each ven-
dor's offerings or isolated resource silo, identity management and direc-
tory services identify users, computers, and services that are allowed or
denied access to enterprise resources within that segment.
Enterprise solutions that employ a single authentication base share
much in common with a simpler single-walled garden. Enterprise solu-
tions that include two or more authentication directory solutions become
many-walled gardens, creating frustration for users and the potential
for accidental or intentional misuse of networked resources, because too
many walls can make users work against security.
A better solution in the many-walled garden might employ an accom-
panying document or representative able to authorize passage from one
area to another more easily, in which federated identity management
solutions provide the same service within an extended enterprise. Before
examining these solutions, let us first gain an understanding of the pro-
cess of identity management.
Identifi cation
Identification within the network enterprise consists of some method by
which the user or service identifies its unique identity to an authentica-
tion service. Typically, all of the various methods for identification can be
classified in three general categories:
• What you know
• What you have
• What you are
Single-factor identification solutions depend on only one of these checks,
while more complex multifactor solutions might employ a combination
of checks for both what you have and what you know. Automated teller
machine (ATM) systems use such a two-factor identification system by
