Overview

This book is a sequel to the first book published in 2007, “Identity and Security” and is again based on the authors experience working at Sun Microsystems as an IT Architect specializing in Identity System Integration with Telecom Customers and Cable Customers along with Sun’s NEP (Network equipment partners) and integrating Sun Identity System with ISV (independent software vendor) partners. It also includes the author’s understanding of market developments in the Identity & Policy (XACML) space and potential future, based on the developments that have taken shape in the last 3 years (2005 to 2008).

The objective of this book is to explore the strategic significance, market requirements and all the potential possibilities of leveraging Standards based Identity and Policy Systems for an Enterprise IT environment (& Enterprise Architecture) and Telecom environment to provide a pragmatic view for the future in network convergence based on NGN and converged services based on Service Oriented Architecture.

This book also looks into the alignment and functional integration offered by a Policy Orchestration between multiple policy domains, including, device policies, NAC policies, QOE policies, Session Specific policies, Service Polices, Distributed System and Virtual System policies, Privacy policies, Policy assurance and more.

Dr. Chandramouli from NIST and The University of Maryland has also collaborated in this book on "Identity and Policy", as a co-author. He is also the co-author of the well received second edition of the book on RBAC –Role Based Access Control. He has authored many papers as well in the area of RBAC and Policies.

We will revisit and revise the 9 STEP R process for an Identity Enabled Architecture (IDEA) in this book. The 4th step begins with Role and Role Management; and steps 4, 5 and 6; the Role 2 Rule 2 Resource –alignment –talks to how roles, attributes, context changes, events and triggers can influence rules, rules associated with roles and rules associated with resources and more; these 3 steps, lay the;
foundation for fine grained access control and entitlements (including attribute based)

• Foundation for Rules and Pervasive Policies (including referrals and rule combinations)
• Foundation for alignments between Business Process and IT (including workflow policies and policy combinations)
• Foundation for Secure Enterprise Data Integration (privacy policies and privilege policies), and,
• Foundation for federated security and context exchange - via XACML-profiles and PEP, PDP, PMP model

 What will I get by reading this book?

This book is intended for Systems Architects, Network Architects, Software Architects, Security Architects, Enterprise Architects, CSO, CTO and other IT professionals, who work in the Identity and Policy space, both in the CME (communications, media and entertainment) Industry and Enterprises as well. This is the first book on the market that talks to the end-to-end spectrum of an Policy based Orchestration, and how an Identity System acts as a Core Building Block for Enterprise’s building their Architectures based on SOA and evolving IP Network that require a common POLICY platform (end to end policy alignment).

This book talks about the value proposition of a Distributed Identity based Policy System for Access Networks, Devices, Sessions, Services, Content, Distributed Systems and more. It recaps all the major developments in the past 3 to 4 years and projects the potential developments that can take place in terms of a Pervasive Policy Paradigm in the next 5 years as multiple Billions of Dollars gets invested in the NG Network Architecture and Enterprise Architecture based on SOA and a Common Policy & Control Platform is deployed, which will include millions of PDP and billions of PEP (policy decision points and policy enforcement points).

This book explains how an ID-entity Enabled Architecture, a.k.a., IDEA, a.k.a., Identity Centric Architecture (as the Security, Policy and Control Stratum), helps align SOA (the service signaling stratum) with NGN (packet handling stratum). It covers the nature of policies from privacy policies to device policies to QOS policies to Service Centric policies and more to address the range of Authentication, Admission Control, Access Control and Authorization models that exist. The book essentially captures the next wave of activity around an Identity System from a policy perspective, based on developments with the OASIS standard XACML version 1.0, version 2.0 and version 3.0. This is the first book on the market that covers the end to end application of XACML.

What's the value of the content?

Using this book’s content readers are expected to add value to their Enterprise from the following perspectives:

• Align a Common Identity & Policy System as the linchpin for enterprise security initiatives (eigenvector) – that includes Security as a Service
• Leverage an Identity & Policy System to address Regulatory and Privacy compliance requirements
• Develop Policy enabled Secure Services as Web Services, Telecom Services and Mobile Services
• Understand and align the Enterprise Architecture with the evolving 4G IMS based network with a common Policy and Control Layer
• Align User Centric Services to Events in the Communication Network and Sensor Network with a Policy and Contextual Layer
• Align SOA to Programmable Active Grid Networks and the Virtualized Resource with Policies
• Understand and apply the relationship between a Policy Systems and a Log Management Solutions
• Understand and apply an Identity & Policy System for Open Content Delivery and Open/Extensible DRM Architectures
• Understand and align Role Lifecycle with the Rule Life Cycle and Resource Lifecycles.
• Understand the value proposition of an Identity & Policy System for Trusted Networks and Trusted Computing along with its implications on Virtualized Systems
• Understand the alignment between an Identity & Policy System for Web Services, ESB and Policy Orchestration
• Understand the various XACML profiles and their implication along with an idea of where to use them
• Understand and apply the alignment between Identity Standards such as Liberty, SAML, Open-ID, XACML and more.
• Understand and apply the PEP (policy enforcement point), PDP (policy decision point), PMP (policy management point), PCCP (policy compliance and checking point) and PIP (policy information point) –based Policy Architecture
• Understand the significance of a POP (policy orchestration and alignment point)
• Understand the relationship between the policy architecture and STS (secure token services), SAE (secure attribute exchange), SCS (Secure Communication Services).
• Understand the foundation and importance of Policy and Control for a Trust based Architectures
  Review sample XACML code in within each functional domain.
  

The real measure of the value of this book is for the readers to go through the Content and use it on their jobs to Architect and Align System Solutions around a Common Open Standards based Policy Architecture and Framework –that address Privacy, Trust and Security.

Reviewers Comments:

For the 2nd in the book series we decided to get reviews from a Telecom Company, an NEP and ISV who work in this space;

"A long awaited book that highlights the significance of Attributes and
Abstraction for Access Control and Authorization Policies for SOA and
NGN in relation to XACML”.

Dr. Abbie Barbir, CTO Office, Nortel Networks.

"The first book on XACML and Policy -highlighting the value-proposition
of XACML in all policy domains -Excellent work by the Authors" -----

Dr. Ramaswamy Rangarajan, Principle Network Systems Designer, Sprint.

" Policy based management and policy based access control including the
XACML standard is an upcoming and maturing technology. It is great to
see a good book covering most important topics of this technology for
industrial employment." -----

Babak Sadighi, CEO of Axiomatics.