Decentralized Identity Explained Embrace Decentralization for a More Secure and Empowering Digital Experience
Delve into the cutting-edge trends of decentralized identities, blockchains, and other digital identity management technologies and leverage them to craft seamless digital experiences for both your customers and employees Key Features Explore decentralized identities and blockchain technology in dep...
| Autor principal: | |
|---|---|
| Formato: | Libro electrónico |
| Idioma: | Inglés |
| Publicado: |
Birmingham :
Packt Publishing, Limited
2024.
|
| Edición: | 1st ed |
| Materias: | |
| Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009841204906719 |
Tabla de Contenidos:
- Cover
- Title Page
- Copyright and Credits
- Dedication
- Contributors
- Table of Contents
- Preface
- Part 1 - Digital Identity Era: Then
- Chapter 1: The History of Digital Identity
- What is digital identity?
- The evolution of digital identities
- Institutional databases
- Characteristics of institutional databases
- Advantages of institutional databases
- Disadvantages of institutional databases
- ACLs
- Functions of ACLs in traditional identity management
- Disadvantages of ACLs
- Circumventing the drawbacks of ACLs
- Public key cryptography - the origin of secure public networks
- The evolution of public networks
- The need for secure communication
- The emergence of PKI
- Components of PKI
- Benefits and applications of PKI
- Drawbacks of PKI
- Secure public networks and PKIs
- The World Wide Web
- Social networks - Identity 2.0
- Biometric identity
- IoT and the identity of things
- Blockchain - a new model for identity
- Summary
- Chapter 2: Identity Management Versus Access Management
- What is identity management?
- What is meant by access?
- Access control in general
- Traditional access control for web applications
- Access management
- Access management versus access controls in traditional centralized digital identity systems
- Access management versus access controls in web applications
- The pitfalls
- The pitfalls of traditional identity management systems
- The pitfalls of traditional access management systems
- Summary
- Part 2 - Digital Identity Era: Now
- Chapter 3: IAM Best Practices
- An overview of the service components of an IAM system
- Building a comprehensive IAM strategy
- User lifecycle management and secure data-sharing practices
- Secure authentication practices
- Security token-based authentication
- Access control and authorization.
- Secure data-sharing practices
- Continuous monitoring and auditing
- User awareness and training
- Compliance and regulatory considerations
- Incident response and recovery and processes for regular evaluation
- Regular evaluation and improvement
- Summary
- Chapter 4: Trust Anchors/Sources of Truth and Their Importance
- Sources of truth
- Defining sources of truth
- Ensuring data accuracy and consistency
- Enhancing identity assurance
- Enabling effective identity management
- Challenges and considerations
- Web of trust
- Understanding the WoT model
- Trust anchors in identity data verification
- Advantages of the WoT model and trust anchors
- Challenges and considerations
- Future trends and innovations
- Enhancing the WoT model through blockchain infrastructure
- The WoT model in the decentralized space
- Blockchain technology
- Integrating blockchain infrastructure into the WoT model
- Real-world use cases
- Summary
- Chapter 5: Historical Source of Authority
- Practical uses of historical sources of authority
- Controlling access to the source of authority
- ACLs
- Securing access to sources of truth with ACLs
- Implementing ACLs for data sources
- Advantages of ACLs for securing data sources
- Best practices for securing data sources with ACLs
- Cons of using historical sources of truth for verification of identity data
- Summary
- Chapter 6: The Relationship between Trust and Risk
- The impact of trust and risk
- Risks arising from compromised identity
- Attacks made on online identity break trust
- Local network risks
- Online surveillance
- Browser-based web risks
- Social engineering
- Risk management principles and assessments
- Proactive approach
- Risk identification
- Risk assessment and analysis
- Risk evaluation
- Risk mitigation strategies
- Monitoring and review.
- Communication and collaboration
- Crisis preparedness
- Risk assessment
- Risk identification methods
- Qualitative risk assessment
- Quantitative risk assessment
- Risk heat maps
- Risk tolerance and assessment
- Risk scenarios and sensitivity analysis
- Risk ranking and prioritization
- Risk mitigation strategies
- Risk and trust management roadmap
- Risk management frameworks for identity networks
- Summary
- Chapter 7: Informed Consent and Why It Matters
- What is informed consent?
- Educating the user about informed consent
- Understanding informed consent
- Legal and regulatory frameworks for informed consent
- Challenges and limitations of informed consent
- Improving informed consent
- The future of informed consent
- The re-purposed data problem
- Privacy by design
- The Personal Information Protection and Electronic Documents Act (PIPEDA)
- The role of consent in other jurisdictions
- Challenges to meaningful informed consent
- Alternatives to consent
- Enforcement models in informed consent
- The future of privacy
- Summary
- Chapter 8: IAM - the Security Perspective
- IAM security fundamentals
- IAM principals
- Access control models and frameworks
- Identity governance and administration
- Identity lifecycle management
- Threat detection and IAM security
- Security information and event management
- Repercussions of a weak SIEM system
- Compliance and regulatory considerations
- Importance of compliance in IAM
- Key regulations and compliance frameworks
- Challenges and risks in IAM compliance
- Future trends in IAM compliance
- Emerging technologies in IAM security
- Challenges and future directions in IAM security
- Summary
- Part 3 - Digital Identity Era: The Near Future
- Chapter 9: Self-Sovereign Identity
- Introduction to SSI
- Why SSI matters
- Cryptography in SSI.
- Cryptographic techniques
- Public and private keys
- Digital signatures
- Verifiable credentials
- Blockchain and DLT in SSI
- Role of blockchain in SSI
- DLTs
- Data storage and decentralization
- DIDs
- Usage of DIDs in the SSI space
- DID methods
- DID resolution and resolution protocols
- The SSI ecosystem
- SSI stakeholders
- SSI interoperability
- Importance of interoperability
- SSI in a multi-SSI network
- SSI and regulatory compliance
- GDPR and data protection
- Compliance frameworks
- Legal challenges
- Future trends in SSI
- Emerging technologies
- Scalability and performance improvements
- SSI in a post-quantum world
- SSI and blockchain scalability
- Scalability challenges
- Layer-2 solutions
- Future scaling options
- Use of tokens in SSI
- Role of tokens
- Token standards
- SSI wallets and tokens
- SSI and identity in IoT
- IoT and identity
- SSI in the IoT
- Security challenges
- Ethical and philosophical implications of SSI
- Ethical considerations
- Philosophical implications
- Individual empowerment
- Challenges and risks in SSI implementation
- Adoption challenges
- Regulatory risks
- Technological threats
- Summary
- Chapter 10: Privacy by Design in the SSI Space
- PbD in SSI
- The value of PbD
- PbD frameworks
- Safeguarding data in the digital age
- User-centric privacy controls
- Consent management
- Data reduction
- Selective dissemination
- Security best practices
- Threats and mitigations
- Summary
- Chapter 11: Relationship between DIDs and SSI
- DIDs as the backbone of SSI
- DIDs and SSI relationship basics
- Emerging DID methods and innovations
- Development of new DID methods
- Relevance of new DID methods
- Need for the standardization of DID methods
- Distributed identity issuers and verifiers
- Basics of verifiable credentials and digital identity.
- Understanding verifiable credentials
- Key components of verifiable credentials
- Privacy and security considerations
- Potential benefits and concerns
- The road ahead
- Enhancing privacy and security
- Technological challenges and future directions
- Summary
- Chapter 12: Protocols and Standards - DID Standards
- The need for standards
- What do standards and protocols entail?
- What do standards address?
- What do protocols address?
- DID standards and protocols
- The impact on the DID ecosystem
- W3C DID standards
- Anatomy of a DID
- DID methods
- DID documents
- DID universal resolver
- Decentralized trust
- Privacy by design
- Proactive not reactive
- preventative not remedial
- Privacy as the default setting
- Privacy embedded into design
- Full functionality - positive-sum, not zero-sum
- End-to-end security - full life cycle protection
- Visibility and transparency
- Respect for user privacy
- Verifiable credentials
- Key components of verifiable credential standards
- W3C Verifiable Credentials Data Model
- Examples of implementing VCs
- Summary
- Chapter 13: DID Authentication
- Traditional authentication
- Lightweight Directory Access Protocol
- Kerberos
- OAuth 2 and OIDC
- Understanding the OAuth 2.0 authorization model
- Security Assertion Markup Language
- DID authentication protocols
- Implementing DID authentication
- Core methodologies in DID authentication
- Strategies for implementing DID authentication
- Real-world examples and case studies
- Paving the way for a decentralized identity frontier
- Security and privacy considerations
- The pillars of DID security
- Privacy-first design
- Security challenges
- Privacy challenges
- Ongoing developments and initiatives
- Summary
- Chapter 14: Identity Verification
- Historical evolution of identity verification.
- The birth of trust and recognition.
