An identity-management system refers to an information system, or to a set of technologies that can be used for enterprise or cross-network identity management. Additional terms are used synonymously with "identity-management system" include:
Identity management describes the management of individual identities, their authentication, authorization, roles and privileges within or across system and enterprise boundaries with the goal of increasing security and productivity while decreasing cost, downtime, and repetitive tasks. "Identity management" and "access and identity management" are terms that are used interchangeably under the title of identity management while identity management itself falls under the umbrella of IT security and information privacy and privacy risk as well as usability and e-inclusion studies.
Modes of identity management
Identity is conceptualized in three different modes, according to an analysis:from the FIDIS Network of Excellence:
Idem-identity: A third-person attribution of sameness. Such an objectified perspective can not only be taken towards others but also towards oneself.
Ipse-identity: The ipse-identity perspective is the first-person perspective on what constitutes oneself as a continuous being in the course of time, while experiencing multiplicity and difference in the here and now.
me-identity: The ‘me’ is the organised set of attitudes of others which one assumes. It is coconstituted by the ‘I’, the first person perspective, which incorporates the variety of third person perspectives it encounters and develops. Thus, the ‘me’ is continuously reconstituted in the face of changing third person perspectives on the self.
In Bertino's and Takahashi's textbook, three categories of identity are defined that are to a degree overlapping with the FIDIS identity concepts:
”Me-Identity”: What I define as identity
”Our-Identity”: What others and I define as identity
”Their-Identity”: What others define as my identity
Identity management systems are concerned with the creation, the administration and the deployment of:
Identifiers: Data used to identify a subject.
Credentials: Data providing evidence for claims about identities or parts thereof.
Attributes: Data describing characteristics of a subject.
The purposes of identity management systems are:
Identification: Who is the user – used on logon or database lookup
Authentication: Is this the real user? Systems needs to provide evidence!
Authorization and non-repudiation: Authorization of documents or transaction with e-ID and most often with digital signature based on e-ID. Generates non-repudiation and receipts.
In general, electronic IdM can be said to cover the management of any form of digital identities. The focus on identity management goes back to the development of directories, such as X.500, where a namespace serves to hold named objects that represent real-life "identified" entities, such as countries, organizations, applications, subscribers or devices. The X.509 ITU-T standard defined certificates carried identity attributes as two directory names: the certificate subject and the certificate issuer. X.509 certificates and PKI systems operate to prove the online "identity" of a subject. Therefore, in IT terms, one can consider identity management as the management of information that represents items identified in real life. The design of such systems requires explicit information and identity engineering tasks. The evolution of identity management follows the progression of Internet technology closely. In the environment of static web pages and static portals of the early 1990s, corporations investigated the delivery of informative web content such as the "white pages" of employees. Subsequently, as the information changed, the ability to perform self-service and help-desk updates more efficiently morphed into what became known as Identity Management. Typical identity management functionality includes the following:
Identity management also addresses the age-old 'N+1' problem — where every new application may entail the setting up of new data stores of users. The ability to centrally manage the provisioning and de-provisioning of identities, and consolidate the proliferation of identity stores, all form part of the identity-management process.
Solutions
which fall under the category of identity management may include: Management of identities
