A Novel Blockchain-based Trust Model for Cloud Identity Management

Secure and reliable management of identities has become one of the greatest challenges facing cloud computing today, mainly due to the huge number of new cloud-based applications generated by this model, which means more user accounts, passwords, and personal information to provision, monitor, and secure. Currently, identity federation is the most useful solution to overcome the aforementioned issues and simplify the user experience by allowing efficient authentication mechanisms and use of identity information from data distributed across multiple domains. However, this approach creates considerable complexity in managing trust relationships for both the cloud service providers and their clients. Poor management of trust in federated identity management systems brings with it many security, privacy and interoperability issues, which contributes to the reluctance of organizations to move their critical identity data to the cloud. In this paper, we aim to address these issues by introducing a novel trust and identity management model based on the Blockchain for cloud identity management with security and privacy improvements

Towards a Federated Identity and Access Management Across Universities

Many research projects are too complex to yield the efforts of a single investigator and require a coordinated effort from interdisciplinary research teams across universities and industries. The research data, documents, experimental testbeds, high-end computing equipment, etc. is a critical component of any large-scale project and hence the cooperation and resource sharing across universities become very important for timely and budget-friendly execution of these projects. However, it is extremely challenging to frequently and effectively access data and other resources across universities without creating new identities for the users. In this thesis, we propose Federated Identity Management (FIM) approach for facilitating secure resource sharing among collaborating associates without creating new identities. We provide a comprehensive literature survey of identity and access management and discuss the privacy issues associated with identity management that can be addressed using FIM. We also provide a comprehensive overview and security features of the OAuth 2.0 framework which is an industry-standard protocol for authorization and user management used by FIM. The proposed scheme can be generalized and used by the student users to access academic libraries and recreate research results easily and securely. Keyword: federated identity management, OAuth 2.0, cloud computing, identity management, cloud identity, federated cloud identity broker, privacy, protocol

Benefits of Federated Identity Management - A Survey from an Integrated Operations Viewpoint

Part 1: ConferenceInternational audienceFederated Identity Management is considered a promising approach to facilitate secure resource sharing between collaborating partners. A structured survey has been carried out in order to document the benefits of adopting such systems from a user and business perspective, and also to get an indication on how Integrated Operations in the oil and gas industry can benefit from identity federations. This has resulted in a set of benefit categories grouping existing claims from researchers. The literature indicates that adoption of Federated Identity Management in Integrated Operation seems like a good idea, however, there are several challenges that need to be solved

Exploring Identity Management at Community Colleges in Texas with Open Access to College Computer Networks

The study addressed the lack of identity management practices in Texas community colleges to identify guest users who access college computers. Guest user access is required by Texas law and is part of the state\u27s mission to bridge the technology gap; however, improper identification methods leave the college vulnerable to liability issues. The purpose of this study was to eliminate or mitigate liabilities facing colleges by creating and using security policies to identify guest users. This study combined the theoretical concepts of Cameron\u27s internal security management model with the external trust models of the Liberty Alliance and Microsoft\u27s Passport software. The research question revolved around the identity and access management framework used by 13 community colleges in Texas to track guest users and the college\u27s ability to protect the college from illegal acts. Using a grounded theory approach, data were collected by interviewing 13 information technology management professionals at the community colleges regarding their security policies and procedures as well as by campus observations of security practices. The results of constant comparison analysis indicate that no universal theory was being used. Only 3 of the 13 colleges tracked guest user access. Reasons for not tracking guest access included lack of financial and technology resources and process knowledge. Based on these findings, the identity management infrastructure theory was recommended for network access control, self-registration, and identity authentication at these colleges and many other colleges. The implications for social change include raising awareness of the risks most community colleges face from network security breaches, regulatory noncompliance, and lawsuit damages that could result from the lack of an identity management process

PROFILING - CONCEPTS AND APPLICATIONS

Profiling is an approach to put a label or a set of labels on a subject, considering the characteristics of this subject. The New Oxford American Dictionary defines profiling as: “recording and analysis of a person’s psychological and behavioral characteristics, so as to assess or predict his/her capabilities in a certain sphere or to assist in identifying a particular subgroup of people”. This research extends this definition towards things demonstrating that many methods used for profiling of people may be applied for a different type of subjects, namely things. The goal of this research concerns proposing methods for discovery of profiles of users and things with application of Data Science methods. The profiles are utilized in vertical and 2 horizontal scenarios and concern such domains as smart grid and telecommunication (vertical scenarios), and support provided both for the needs of authorization and personalization (horizontal usage).:The thesis consists of eight chapters including an introduction and a summary. First chapter describes motivation for work that was carried out for the last 8 years together with discussion on its importance both for research and business practice. The motivation for this work is much broader and emerges also from business importance of profiling and personalization. The introduction summarizes major research directions, provides research questions, goals and supplementary objectives addressed in the thesis. Research methodology is also described, showing impact of methodological aspects on the work undertaken. Chapter 2 provides introduction to the notion of profiling. The definition of profiling is introduced. Here, also a relation of a user profile to an identity is discussed. The papers included in this chapter show not only how broadly a profile may be understood, but also how a profile may be constructed considering different data sources. Profiling methods are introduced in Chapter 3. This chapter refers to the notion of a profile developed using the BFI-44 personality test and outcomes of a survey related to color preferences of people with a specific personality. Moreover, insights into profiling of relations between people are provided, with a focus on quality of a relation emerging from contacts between two entities. Chapters from 4 to 7 present different scenarios that benefit from application of profiling methods. Chapter 4 starts with introducing the notion of a public utility company that in the thesis is discussed using examples from smart grid and telecommunication. Then, in chapter 4 follows a description of research results regarding profiling for the smart grid, focusing on a profile of a prosumer and forecasting demand and production of the electric energy in the smart grid what can be influenced e.g. by weather or profiles of appliances. Chapter 5 presents application of profiling techniques in the field of telecommunication. Besides presenting profiling methods based on telecommunication data, in particular on Call Detail Records, also scenarios and issues related to privacy and trust are addressed. Chapter 6 and Chapter 7 target at horizontal applications of profiling that may be of benefit for multiple domains. Chapter 6 concerns profiling for authentication using un-typical data sources such as Call Detail Records or data from a mobile phone describing the user behavior. Besides proposing methods, also limitations are discussed. In addition, as a side research effect a methodology for evaluation of authentication methods is proposed. Chapter 7 concerns personalization and consists of two diverse parts. Firstly, behavioral profiles to change interface and behavior of the system are proposed and applied. The performance of solutions personalizing content either locally or on the server is studied. Then, profiles of customers of shopping centers are created based on paths identified using Call Detail Records. The analysis demonstrates that the data that is collected for one purpose, may significantly influence other business scenarios. Chapter 8 summarizes the research results achieved by the author of this document. It presents contribution over state of the art as well as some insights into the future work planned