← Patterns / SP-010

Identity Management Pattern

Core concepts for Identity management depicting security controls and processes

Release: 08.02 Authors: Tobias Updated: 2025-07-05

Your browser does not support SVG. Download the diagram.

Click on controls in the diagram to view details. Download SVG

When to Use

This pattern applies to companies where private customer or confidential business identity information is stored and processed.

Contra-indications:

You do not process critical data, and do not store or process private or confidential identity information.

 

Resistance against threats: TBD.

 

References:

Patterns:

Books (Chapters):

Related patterns:

  • to be added

Classification:

  • to be added : Industry sector | Threat | Infrastructure area

Release Date: 2008-Sep-29, Minor revision 2009-Sep-29

Authors: Tobias

Reviewers: Russell, Phaedrus

When NOT to Use

You do not process critical data, and do not store or process private or confidential identity information.

 

Resistance against threats: TBD.

 

References:

Patterns:

Books (Chapters):

Related patterns:

  • to be added

Classification:

  • to be added : Industry sector | Threat | Infrastructure area

Release Date: 2008-Sep-29, Minor revision 2009-Sep-29

Authors: Tobias

Reviewers: Russell, Phaedrus

Typical Challenges

The oldest enterprise challenge when it comes to managing identities across all business applications is the synchronisation of data between the distributed systems. In the age of “business process outsourcing” however we are faced with systems that are distributed across network and trust boundaries and hence synchronisation can present an even larger challenge. A better approach is promised via identity federation, however this requires a trust model that spans across organisations, so that the relying party is able to accept identity assertions made by a partners systems. Furthermore federation requires a unification or a translation of identity attributes at the federation boundary. Standards for federation are slowly emerging,and vendors gradually making their products compatible.

 

Another big challenge in outsourced scenarios is the control of service level agreements (SLAs) regarding the timely provisioning and de-provisioning of identities. Data-leakage of identity information is also a critical risk in every corporation.

 

Indications:

This pattern applies to companies where private customer or confidential business identity information is stored and processed.

Contra-indications:

You do not process critical data, and do not store or process private or confidential identity information.

 

Resistance against threats: TBD.

 

References:

Patterns:

Books (Chapters):

Related patterns:

  • to be added

Classification:

  • to be added : Industry sector | Threat | Infrastructure area

Release Date: 2008-Sep-29, Minor revision 2009-Sep-29

Authors: Tobias

Reviewers: Russell, Phaedrus

Threat Resistance

TBD.

 

References:

Patterns:

Books (Chapters):

Related patterns:

  • to be added

Classification:

  • to be added : Industry sector | Threat | Infrastructure area

Release Date: 2008-Sep-29, Minor revision 2009-Sep-29

Authors: Tobias

Reviewers: Russell, Phaedrus

Assumptions

There are different needs for authentication of business partners and private customers. Mostly these needs are different because the transaction volume of a business partner tends to be much larger and hence the risk is higher. With higher risks one expects stronger security and hence the level of confidence needed for an authentication assertion increases.

 

Typical challenges:

The oldest enterprise challenge when it comes to managing identities across all business applications is the synchronisation of data between the distributed systems. In the age of “business process outsourcing” however we are faced with systems that are distributed across network and trust boundaries and hence synchronisation can present an even larger challenge. A better approach is promised via identity federation, however this requires a trust model that spans across organisations, so that the relying party is able to accept identity assertions made by a partners systems. Furthermore federation requires a unification or a translation of identity attributes at the federation boundary. Standards for federation are slowly emerging,and vendors gradually making their products compatible.

 

Another big challenge in outsourced scenarios is the control of service level agreements (SLAs) regarding the timely provisioning and de-provisioning of identities. Data-leakage of identity information is also a critical risk in every corporation.

 

Indications:

This pattern applies to companies where private customer or confidential business identity information is stored and processed.

Contra-indications:

You do not process critical data, and do not store or process private or confidential identity information.

 

Resistance against threats: TBD.

 

References:

Patterns:

Books (Chapters):

Related patterns:

  • to be added

Classification:

  • to be added : Industry sector | Threat | Infrastructure area

Release Date: 2008-Sep-29, Minor revision 2009-Sep-29

Authors: Tobias

Reviewers: Russell, Phaedrus