Consumer Identity & Access Management: Design Fundamentals
Consumer Identity & Access Management: Design Fundamentals
Consumer Identity & Access Management: Design Fundamentals

This book is 22% complete

About the Book

Consumer identity and access management (CIAM) is a critical component of any modern organisation's digital transformation initiative.  If you used the Internet yesterday, you would very likely have interacted with a website that had customer identity and access management at its foundation.  

Making an online purchase, checking your bank balance, getting a quote for car insurance, logging into a social media site or submitting and paying your income tax return.  All of those interactions require high scale, secure identity and access management services. 

But how are those systems designed?  Modern organisations need to not only meet end user privacy, security and usability requirements, but also provide business enablement opportunities that are agile and can respond to market changes rapidly. 

The modern enterprise architect and CISO is no longer just focused upon internal employee security - they now need to address the growing need for digital enablement across consumers and citizens too.

About the Author


20 year veteran of the identity and access management space, working within industry, consultancy, startups and global software companies.

The last 7 years working for software vendor ForgeRock, designing next generation access management systems.

Blogger and researcher at the The Cyber Hut and AuthYard, analysing market trends and architecture patterns within digital identity and security.

Professional Qualifications: Certified Information Systems Security Professional (2007-2022), Certified Ethical Hacker (2018-2021), Certified Information Systems Auditor (2010-2014) and numerous vendor qualifications from the likes of Microsoft, Cisco, Novell and Citrix.

Professional Memberships: Member of the British Computer Society, Senior Member of the Information Systems Security Association, Affiliate of the Chartered Institute of Information Security Professionals

Professional Publications: Reviewer and contributor to NIST Special Publication 800-204, Security Strategies for Microservices Based Application Systems; Reviewer and contributor to the IETF OAuth2 Device Authorization Grant

Further information see here.

Table of Contents

  • Prologue
  • 1. What is CIAM?
    • 1.1 Identity Evolution
    • 1.2 Drivers
    • 1.3 Benefits
    • 1.4 Challenges
    • 1.5 Real World Examples
  • 2. Existing Approaches
    • 2.1 Homegrown Solutions
    • 2.2 Legacy Enterprise IAM
    • 2.3 Specialist Providers
  • 3. Modern CIAM Requirements
    • 3.1 Getting to KYC
    • 3.2 Data on Demand
    • 3.3 Multi-platform Journeys
    • 3.4 CIA Triad + Usability
    • 3.5 Adding in Consent
  • 4. The CIAM Lifecycle
    • 4.1 Account Onboarding
    • 4.2 Identity & Attribute Proofing
    • 4.3 Profile Management
    • 4.4 Secure Login
    • 4.5 Data Management
    • 4.6 Consent Management
    • 4.7 Contextual & Adaptive Access
    • 4.8 Device Binding
    • 4.9 Account Removal
  • 5. CIAM Design Principles
    • 5.1 Business Objectives Mapping
    • 5.2 Usability
    • 5.3 Security
    • 5.4 Privacy
    • 5.5 Scalability
    • 5.6 Elasticity
    • 5.7 Distributed
    • 5.8 Pluggable & Extendable
    • 5.9 Standards
    • 5.10 Re-Usability
  • 6. Design Planning
    • 6.1 What Are You Desiging for Who?
    • 6.2 Describing User Coverage
    • 6.3 Application Coverage
    • 6.4 Data Requirements
    • 6.5 Authentication Requirements
    • 6.6 Authorization Requirements
    • 6.7 Scale, Throughput & SLA's
    • 6.8 Security & Privacy
    • 6.9 Usability Requirements
    • 6.10 Roadmapping
  • 7. Implementers Toolbox
    • 7.1 Crypto Crashcourse
    • 7.2 API+REST+JSON
    • 7.3 OAuth2
    • 7.4 OIDC
    • 7.5 JWT
    • 7.6 FIDO/WebAuthn/FIDO2
    • 7.7 SCIM
    • 7.8 LDAP
  • 8. Vendor Selection Support
    • 8.1 Market Understanding
    • 8.2 Vendor Selection Process
    • 8.3 RFP Design
    • 8.4 PoC Design
  • 9. Sample Architectures
    • 9.1 Microservices
    • 9.2 Data Integration
    • 9.3 Event Driven Identity
    • 9.4 Identity at the Edge

Authors have earned$9,108,966writing, publishing and selling on Leanpub,
earning 80% royalties while saving up to 25 million pounds of CO2 and up to 46,000 trees.

Learn more about writing on Leanpub

The Leanpub 45-day 100% Happiness Guarantee

Within 45 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.

See full terms

Free Updates. DRM Free.

If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).

Most Leanpub books are available in PDF (for computers), EPUB (for phones and tablets) and MOBI (for Kindle). The formats that a book includes are shown at the top right corner of this page.

Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.

Learn more about Leanpub's ebook formats and where to read them

Write and Publish on Leanpub

You can use Leanpub to easily write, publish and sell in-progress and completed ebooks and online courses! Leanpub is a powerful platform for serious authors, combining a simple, elegant writing and publishing workflow with a store focused on selling in-progress ebooks. Leanpub is a magical typewriter for authors: just write in plain text, and to publish your ebook, just click a button. It really is that easy.

Learn more about writing on Leanpub