Solving Identity Management in Modern Applications

Yvonne Wilson has had many roles in the software industry related to security and identity management as a developer, security architect, customer success engineer working with customers, founder of cloud identity services, and director of a security governance, risk, and compliance function. She was responsible for IT security strategy and architecture at Sun Microsystems, founded and designed the identity management services offered through Oracle Managed Cloud Services, and works as Senior Director of GRC at Auth0 with customers and vendors to ensure end-to-end security of the application technology supply chain. In working with business teams at Sun and while founding the initial support team at Auth0, Yvonne worked with many customers, from small startups to large enterprises, and through the implementation of SSO, federated SSO, adaptive knowledge-based authentication, and identity provisioning. From this depth of experience, she realized the need for a basic understanding of identity management concepts by business application owners as well as architects and developers.  Abhishek Hingnikar has enjoyed writing software from an early age and has worked on multiple startups during his career. He currently works as a pre-sales engineer at Auth0 where he helps customers architect federated identity management solutions using OIDC, SAML, WSFed, and OAuth.

IntroductionOffers an introduction to the book and sets the goals that will be achieved in the book, who this book is for and what this book deals with.



Chapter 1: Identity



This chapter explains the concept of Identity and what we mean by Identity throughout the book, it is used to create familiarity with digital identity and walks the use through where these concepts originate from.



Chapter 2: Establishing Identity



This takes a little in-depth approach towards identity and how identity evolved on the internet and how we went from admin party (a term used to denote a server where everyone has administrative access) to secured systems with multi-level identities etc.



Chapter 3: Using Identity



Explains how identity works for applications and modern systems, including: authenticating, deep links, how to protect multiple pages in your app (tell if user has a valid session), and SSO - Sharing identity between apps.



Chapter 4: Nothing Lasts Forever



A missing point in identity books is the cleanup-there are laws and increasing complexities today that get more and more involved as time passes. This chapter deals with what is done even on user end devices and what users should do, as well on the developer side on how to properly log a user out. Covers: Logout, Password Reset, Forgotten Password, and deprovisioning.



Chapter 5: Architecture



From this point on the book takes a deeper turn targeted towards architects, which helps developers and architects focus on how to visualize and develop identity architectures. It covers Trust, PSP, PIP, PDP, PEP, Enterprise Identity, User-centric Identity, and current Identity Providers.



Chapter 6: Failure is an option!



Every now and then we often find a security vulnerability making headlines in the news, this chapter aims to explain what happened wrong on a higher level and then provide pillars on how to avoid them



Chapter 7: Looking into the Crystal Ball



A look into the horizon of identity, privacy and security today. This chapter talks about the bleeding edge work in cryptography.