Identity and Access Management System: a Web-Based Approach for an Enterprise

Managing digital identities and access control for enterprise users and applications remains one of the greatest challenges facing computing today. An attempt to address this issue led to the proposed security paradigm called Identity and Access Management (IAM) service based on IAM standards. Current approaches such as Lightweight Directory Access Protocol (LDAP), Central Authentication Service (CAS) and Security Assertion Markup Language (SAML) lack comprehensive analysis from conception to physical implementation to incorporate these solutions thereby resulting in impractical and fractured solutions. In this paper, we have implemented Identity and Access Management System (IAMSys) using the Lightweight Directory Access Protocol (LDAP) which focuses on authentication, authorization, administration of identities and audit reporting. Its primary concern is verification of the identity of the entity and granting correct level of access for resources which are protected in either the cloud environment or on-premise systems. A phased approach methodology was used in the research where it requires any enterprise or organization willing to adopt this must carry out a careful planning and demonstrated a good understanding of the technologies involved. The results of the experimental evaluation indicated that the average rating score is 72.0 % for the participants involved in this study. This implies that the idea of IAMSys is a way to mitigating security challenges associated with authentication, authorization, data protection and accountability if properly deployed

User Provisioning Processes in Identity Management addressing SAP Campus Management

This document is the report of the work of an ISWA working team on a WUSKAR case study. This study tackles on the desire of meta directory synchronisation with a proprietary SAP R/3 system in the context of an identity management system. Early tasks concern identifying exact desires and scenarios, modelling the synchronisation process, identifying what relevant data is to be processed, as well as proposing templates for the matching and transformation process. Intermediate tasks are related to the technical aspects of the case study, as well as problem task division and progress management, regular review of strategic and technical choices

Information Security Synthesis in Online Universities

Information assurance is at the core of every initiative that an organization executes. For online universities, a common and complex initiative is maintaining user lifecycle and providing seamless access using one identity in a large virtual infrastructure. To achieve information assurance the management of user privileges affected by events in the user's identity lifecycle needs to be the determining factor for access control. While the implementation of identity and access management systems makes this initiative feasible, it is the construction and maintenance of the infrastructure that makes it complex and challenging. The objective of this paper1 is to describe the complexities, propose a practical approach to building a foundation for consistent user experience and realizing security synthesis in online universities.Comment: 20 page

RODA - A Service-Oriented Repository to Preserve Authentic Digital Objects

4th International Conference on Open RepositoriesThis presentation was part of the session : Fedora User Group PresentationsDate: 2009-05-20 03:30 PM – 05:00 PMIn mid 2006, the Portuguese National Archives (Directorate-General of the Portuguese Archives) launched a project called RODA (Repository of Authentic Digital Objects) aiming at identifying and bringing together all the necessary technology, human resources and political support to carry out long-term preservation of digital materials being produced by the Portuguese public administration. As part of the original goals of RODA was the development of a digital repository capable of ingesting, managing and providing access to the various types of digital objects produced by national public institutions. The development of such repository should be supported by open-source technologies and, as much as possible, be based on existing standards. Since RODA is nearly finished, this communication aims at describing its main results.European Union; POAP; Ministry of Culture; Portuguese Republi

Experiences in teaching grid computing to advanced level students

The development of teaching materials for future software engineers is critical to the long term success of the grid. At present however there is considerable turmoil in the grid community both within the standards and the technology base underpinning these standards. In this context, it is especially challenging to develop teaching materials that have some sort of lifetime beyond the next wave of grid middleware and standards. In addition, the current way in which grid security is supported and delivered has two key problems. Firstly in the case of the UK e-Science community, scalability issues arise from a central certificate authority. Secondly, the current security mechanisms used by the grid community are not line grained enough. In this paper we outline how these issues are being addressed through the development of a grid computing module supported by an advanced authorisation infrastructure at the University of Glasgow

Web Service Based Universal Management of Workflow Resources

Implementing business process solutions in the way of Web service is being positioned in the center of workflow manag ement. However, there is no robust standard to expose and access workflow resources by Web service interfaces. In this paper, we propose a web service based workflow resource management framework named Universal Resource Manage ment Framework (URMF) with declarations of web service interfaces and interaction protocols among them. We also in troduce a substitutive workflow interface model employing Web services and URMF. Finally, a prototype implementati on model of URMF with J2EE platform is also introduced

Towards Automatic Capturing of Manual Data Processing Provenance

Often data processing is not implemented by a work ow system or an integration application but is performed manually by humans along the lines of a more or less specified procedure. Collecting provenance information during manual data processing can not be automated. Further, manual collection of provenance information is error prone and time consuming. Therefore, we propose to infer provenance information based on the read and write access of users. The derived provenance information is complete, but has a low precision. Therefore, we propose further to introducing organizational guidelines in order to improve the precision of the inferred provenance information

How to develop an administration tool to fit first-time user who lack expertise knowledge

The purpose of this bachelor thesis is to develop an administration tool that will be used by a helpdesk in IKEA IT. The helpdesk members have a lot of responsibilities and have to perform various tasks on a daily basis, thus the goal is to develop an administration tool that has an interface which allows a helpdesk member to perform basic tasks without needing any prior education or experience of the tool. The first part of the thesis consists of a research with three different research methods: • Survey and observation with helpdesk members • Analysis of three different administration tools that currently are being used on a daily basis by the helpdesk • Literature studies: User Interfaces by Soren Lauesen Don’t make me think by Steven Krug Information Architecture by Louis Rosenfenfeld, Peter Morwille Summarizing and examining the results of the researches provided the thesis with a wider knowledge base, which made it possible for us to develop the administration tool we had envisioned from the start. From the results gathered from the research a workflow and prototypes were developed. With a combination of user-tests and surveys enough knowledge was acquired so that the prototypes could be processed until a prototype was approved. There is currently only one person in IKEA handling all the administrative tasks in ALM and to relieve the workload of this person these administrative tasks will be handed over to a helpdesk in IKEA. The administration tool will help to ease the future workload for the helpdesk by making it faster and easier to perform the administrative tasks in ALM. The amount of time it takes to handle requests has been decreased by approximately seven times compared to the existing method. This shows that mental model a user develops when facing the new administration tool for the first time is as intuitive and logical as planned. The final user-test with the final product using the helpdesk members as the test-users proved the design and functionality of the new administration tool to have a perfect balance between complexity and simplicity