Information Technology Reference
In-Depth Information
have the advantage of a common interface for administration within their
technology envelope.
Identity Management Strategies
In this chapter, we have provided an overview of the functions involved
in managing and consuming identities within the enterprise network.
A number of strategies apply to these solutions, providing enhanced
resource availability, reduced operational costs, and improved regula-
tory compliance.
Implement Strong Identifi cation
Passwords should be strong and changed regularly. Multifactor authenti-
cation solutions provide better protection against unauthorized use and
credentials counterfeit than single-factor alternatives. Combinations of
“what you know,” “what you have,” and “what you are” are much more
difficult to fake than single-factor means of identification such as the
predominant textual log-on/password combination.
Although biometric and token-based solutions may provide improved
security over log-on/password combinations, it is important for the enter-
prise architect to keep in mind physical accessibility requirements that
may restrict their use. Beyond the obvious difficulty of users who may
not possess the appropriate “bio” being “metered,” many conditions and
ailments restrict the ability to use such methods of identification.
Combine Authentication and Authorization
Authentication solutions such as LDAP, CAS, and Kerberos provide only
identity validation. Applications that authenticate identities against a ser-
vice such as LDAP must also include their own mechanism for authoriza-
tion and access control. Enterprise architects must identify whether these
functions should remain separated or if they can be combined in more
well integrated enterprises.
By consuming a merged authentication and access control solution,
application developers will not need to write and maintain separate own
access control systems. This improves security by ensuring that the same
