Sustainable Identity and Access Management

For today's enterprises, information technology (IT) evolved into a key success factor affecting nearly all areas of value chains. As a consequence, identity and access management (IAM) is established for centralized and structured management of digital identities together with their access to internal assets. During this effort, a centralized management platform is created, which serves as middle-ware among available software systems and human resource applications, thereby creating a unified view and enabling business-oriented management. This enables the implementation of an according level of IT-security, business process automation and the alignment to external compliance requirements. However, as IT-infrastructures evolve over time, thereby leading to continuous changes and varying demands, these developments need to be addressed within IAM in a constant manner. As IAM is designed as a cross-cutting topic between business and IT , business requirements such as restructurings need to be realized likewise. Additionally, more and more legal requirements are set in place by external authorities which affect the way digital information are to be managed. Bringing together requirements of these different stakeholders in a comprehensive way imposes high complexity for enterprises, thereby leading to high administrational effort. This leads to a situation where enterprises are in need to constantly evaluate and adapt their implemented IAM strategy and execution. Thus the dissertation at hand is devoted to provide means of aligning IAM to a more sustainable way of operation. Within information systems research, sustainability comprises the ability to meet the needs of today without hindering future developments. To achieve this, the two concepts IAM measurement and IAM policies are leveraged. Firstly, IAM measurement enables enterprises to achieve detailed information concerning the state of an IAM infrastructure. Secondly, this effort is fostered to shift IAM to a more dynamic way of operation and provide suitable recommendations concerning how to adjust different aspects of IAM in a long-term manner. During the research process, the presented approaches have been evaluated within real-world scenarios to outline their relevance and demonstrate practical applicability

Adaptive identity and access management—contextual data based policies

Due to compliance and IT security requirements, company-wide identity and access management within organizations has gained significant importance in research and practice over the last years. Companies aim at standardizing user management policies in order to reduce administrative overhead and strengthen IT security. These policies provide the foundation for every identity and access management system no matter if poured into IT systems or only located within responsible identity and access management (IAM) engineers’ mind. Despite its relevance, hardly any supportive means for the automated detection and refinement as well as management of policies are available. As a result, policies outdate over time, leading to security vulnerabilities and inefficiencies. Existing research mainly focuses on policy detection and enforcement without providing the required guidance for policy management nor necessary instruments to enable policy adaptibility for today’s dynamic IAM. This paper closes the existing gap by proposing a dynamic policy management process which structures the activities required for policy management in identity and access management environments. In contrast to current approaches, it utilizes the consideration of contextual user management data and key performance indicators for policy detection and refinement and offers result visualization techniques that foster human understanding. In order to underline its applicability, this paper provides an evaluation based on real-life data from a large industrial company

Dynamic Trust-based Recertifications in Identity and Access Management

Security compliance has become an important topic for medium- and large-sized companies in the recent years. In order to fulfill all requirements legally imposed, high quality identity management – particularly with respect to correct and consistent access control – is essential. In this context, the concept of recertification has proven itself to maintain the quality and correctness of access rights over a long period of time. In this paper, we show how the traditional recertification concept can be notably enhanced through involving the notion of trust. We thereto propose a trust-based recertification model and demonstrate its benefits by means of a realistic use case. Our dynamic concept can help to better spread the recertification overhead compared to the traditional approach with fixed periods. Furthermore, it aids in the identification of risky employees

Complex Unfolding Kinetics of Single-Domain Proteins in the Presence of Force

Single-molecule force spectroscopy is providing unique, and sometimes unexpected, insights into the free-energy landscapes of proteins. Despite the complexity of the free-energy landscapes revealed by mechanical probes, forced unfolding experiments are often analyzed using one-dimensional models that predict a logarithmic dependence of the unfolding force on the pulling velocity. We previously found that the unfolding force of the protein filamin at low pulling speed did not decrease logarithmically with the pulling speed. Here we present results from a large number of unfolding simulations of a coarse-grain model of the protein filamin under a broad range of constant forces. These show that a two-path model is physically plausible and produces a deviation from the behavior predicted by one-dimensional models analogous to that observed experimentally. We also show that the analysis of the distributions of unfolding forces (p[F]) contains crucial and exploitable information, and that a proper description of the unfolding of single-domain proteins needs to account for the intrinsic multidimensionality of the underlying free-energy landscape, especially when the applied perturbation is small

The Interplay between Chemistry and Mechanics in the Transduction of a Mechanical Signal into a Biochemical Function

There are many processes in biology in which mechanical forces are generated. Force-bearing networks can transduce locally developed mechanical signals very extensively over different parts of the cell or tissues. In this article we conduct an overview of this kind of mechanical transduction, focusing in particular on the multiple layers of complexity displayed by the mechanisms that control and trigger the conversion of a mechanical signal into a biochemical function. Single molecule methodologies, through their capability to introduce the force in studies of biological processes in which mechanical stresses are developed, are unveiling subtle intertwining mechanisms between chemistry and mechanics and in particular are revealing how chemistry can control mechanics. The possibility that chemistry interplays with mechanics should be always considered in biochemical studies.Comment: 50 pages, 18 figure

A coarse-grained model for a nanometer-scale molecular pump

A theory for a nanometer-scale pump based on the ratchet concept is presented. A lattice gas model with a set of moves that satisfy hydrodynamic equations is used to describe an asymmetric nanometer channel connecting two reservoirs of fluid. The channel, which is coupled to an external oscillatory (or stochastic) driving force, pumps fluid from one reservoir to the other. The frequency of the external driving force, the fluid density, and the channel dimensions are used to control the fluid flow. We observe a nonmonotonic behavior of the flow with respect to some model parameters and discuss the efficiency of the device

Direct Observation of Active Protein Folding Using Lock-in Force Spectroscopy

Direct observation of the folding of a single polypeptide chain can provide important information about the thermodynamic states populated along its folding pathway. In this study, we present a lock-in force-spectroscopy technique that improves resolution of atomic-force microscopy force spectroscopy to 400 fN. Using this technique we show that immunoglobulin domain 4 from Dictyostelium discoideum filamin (ddFLN4) refolds against forces of ∼4 pN. Our data show folding of this domain proceeds directly from an extended state and no thermodynamically distinct collapsed state of the polypeptide before folding is populated. Folding of ddFLN4 under load proceeds via an intermediate state. Three-state folding allows ddFLN4 to fold against significantly larger forces than would be possible for a mere two-state folder. We present a general model for protein folding kinetics under load that can predict refolding forces based on chain-length and zero force refolding rate