"This Scenario explores the requirements for identity management, the  environment within which it must exist, and the implementation architectures that have been proposed for it.

Individuals wish to:

• Publish identity and address Information;
• Authenticate for service entitlement;
• Pay for goods and services;
• Manage their own identity information; and
• Manage the identity information of their personal contacts.

Organizations wish to:

• Support these personal objectives within the organization;
• Manage their members’ and associates’ identity information;
• Have data consistency across distributed identity information stores;
• Manage identity information for people who are mobile;
• Achieve seamless e-client management; and
• Prevent fraud." [The Open Group]

11:21:55 PM    

Discussing federation, identity-centric and whatnot concepts, let's not forget the basics of the subject we are talking about.

Philip Greenspun of the late Ars Digita's fame has written exactly on these basics. In his illustrative and easy to understand essay on User Registration and Management (i.e. identity and access management), he describes the use of RDBMS to store and manipulate user details SQL database may not be completly in line with the identity trends, but it is a method widely used, not likely to die out anytime soon, and what's more, it does works - so what. The essay goes through many subtleties associated with the use of user data in web applications - registration process, user profiles, groups, dynamic groups, efficiency of data model.

Anybody knows about something similar on LDAP?

11:09:44 PM