Digital identity can be discussed in the context of a set of concepts that provide a framework for addressing the important issues involved in developing an organizational identity management strategy.
The following sections provide reference to information about each area in the framework. At first, these are mostly reference to standards documents and articles about standards in each area. I hope to add other references about the general problem areas as well in the future.
In an online world it is tough to ensure the security and integrity of electronic signatures. For different scenarios something stronger than username and password is required, since the agreements and transaction consents may high value and high risk to both institution and customer.
In this issue of the IEEE Security & Privacy Journal, I have an article on Introduction to Identity Management Risk Metrics it is in the "Build Security In" column that I co-edit with John Steven. The article looks at ways to use metrics to measure and monitor identity's distribution, quality, affiliation, and governance in the enterprise. There are specific tips for identity and security architects on how to locate and use metrics in their identity management processes and systems.
Eve Maler, May 2005