This document introduces best practices for managing users, identity attributes and entitlements in a typical consumer-facing Extranet web portal:
The objective of this document is to present best-practices for what information to capture about users in a typical Extranet web portal and business practices for managing this information.
Organizations that are able to adopt best practices processes will benefit both from optimized change management and from reduced total cost associated with automating their processes on an identity and access management (IAM) platform.
Please note that this document is designed to help organizations design the system by which users are added to, managed in and removed from their Extranet (B2C) portal. The scope of this document does not extend to runtime authentication or authorization of users into applications -- that falls under access control rather than identity and access management.
Table of contents:
|2||Directories, IAM systems, applications and firewalls|
|7||Selecting and encoding security questions|
|7.1||Search Space, Degree of Randomness|
|7.3||Standardized vs. User-Selected Questions|
|7.6||How many Q-A pairs to enroll and how many to authenticate|
|7.7||Encryption vs. hashing|
|8||Selecting and encoding passwords|
|8.1||Password length and character set|
|8.2||Character sets and device interoperability|
|8.4||Hashing and salts|
|9||Enrolling new users|
|11||Making changes to user profiles|
|12||Enrolling additional security questions|
|13||Reports and alerts|
|14.2||Jurisdiction and data storage|
|14.3||Global coverage of application support|
|15||Technical product capabilities|
Access to this document requires registration. Please fill in the form below. The full document will be e-mailed to you automatically.