Identity and Access Management System: a Web-Based Approach for an Enterprise

Managing digital identities and access control for enterprise users and applications remains one of the greatest challenges facing computing today. An attempt to address this issue led to the proposed security paradigm called Identity and Access Management (IAM) service based on IAM standards. Current approaches such as Lightweight Directory Access Protocol (LDAP), Central Authentication Service (CAS) and Security Assertion Markup Language (SAML) lack comprehensive analysis from conception to physical implementation to incorporate these solutions thereby resulting in impractical and fractured solutions. In this paper, we have implemented Identity and Access Management System (IAMSys) using the Lightweight Directory Access Protocol (LDAP) which focuses on authentication, authorization, administration of identities and audit reporting. Its primary concern is verification of the identity of the entity and granting correct level of access for resources which are protected in either the cloud environment or on-premise systems. A phased approach methodology was used in the research where it requires any enterprise or organization willing to adopt this must carry out a careful planning and demonstrated a good understanding of the technologies involved. The results of the experimental evaluation indicated that the average rating score is 72.0 % for the participants involved in this study. This implies that the idea of IAMSys is a way to mitigating security challenges associated with authentication, authorization, data protection and accountability if properly deployed

Sustainable Identity and Access Management

For today's enterprises, information technology (IT) evolved into a key success factor affecting nearly all areas of value chains. As a consequence, identity and access management (IAM) is established for centralized and structured management of digital identities together with their access to internal assets. During this effort, a centralized management platform is created, which serves as middle-ware among available software systems and human resource applications, thereby creating a unified view and enabling business-oriented management. This enables the implementation of an according level of IT-security, business process automation and the alignment to external compliance requirements. However, as IT-infrastructures evolve over time, thereby leading to continuous changes and varying demands, these developments need to be addressed within IAM in a constant manner. As IAM is designed as a cross-cutting topic between business and IT , business requirements such as restructurings need to be realized likewise. Additionally, more and more legal requirements are set in place by external authorities which affect the way digital information are to be managed. Bringing together requirements of these different stakeholders in a comprehensive way imposes high complexity for enterprises, thereby leading to high administrational effort. This leads to a situation where enterprises are in need to constantly evaluate and adapt their implemented IAM strategy and execution. Thus the dissertation at hand is devoted to provide means of aligning IAM to a more sustainable way of operation. Within information systems research, sustainability comprises the ability to meet the needs of today without hindering future developments. To achieve this, the two concepts IAM measurement and IAM policies are leveraged. Firstly, IAM measurement enables enterprises to achieve detailed information concerning the state of an IAM infrastructure. Secondly, this effort is fostered to shift IAM to a more dynamic way of operation and provide suitable recommendations concerning how to adjust different aspects of IAM in a long-term manner. During the research process, the presented approaches have been evaluated within real-world scenarios to outline their relevance and demonstrate practical applicability

INTELLIGENT AUTHENTICATION FOR IDENTITY AND ACCESS MANAGEMENT: A REVIEW PAPER

Identity and access management (IAM) system usually consist of predefined tasks as an information security system. Themain task is the authentication, since it is responsible for user identity proving for service providers that corporate with (IAM).This paper provides a review on intelligent authentication research applicable to IAM systems. These researches areevaluated according to the proposal of intelligent authentication key factors. Depending on this evaluation it could not be foundresearch implement an authentication that satisfies all these key factors

Identity and Access Management as Security-as-a-Service from Clouds

AbstractIn Security-as-a-service model the focus is on security delivered as cloud services; i.e. security provided through the cloud instead of on premise security solutions. Identity and Access Management (IAM) focuses on authentication, authorization, administration of Identities and audit. Its primary concern is verification of identity of entity and grating correct level of access for resources which are protected in the cloud environment. The IAM implemented as the cloud service can benefit the user with all the advantages offered by Security-as-a-service (SECaaS). We have implemented a proof-of-concept (POC) of IAM-aaS which is also evaluated. The relevant standards and technologies are also discussed for providing secure access to cloud users

Using Message Queuing to Drive Polyglot Identity and Access Management Development

This paper describes a method of using an Advanced Message Queuing Protocol (AMQP) broker, RabbitMQ in particular, to facilitate the management of accounts across a variety of systems. Higher education poses a unique challenge in the management of accounts due to the wide variety of systems involved. The Central IT department of an organization, those that usually run management systems, does not always have control over what systems are chosen, but needs to be able to manage them nonetheless. Unique requirements of each of the systems requires custom integration. That integration can be limited in what platform or languages are used. Use of an AMQP broker along with JSON allows an identity management system to distribute changes in a platform independent and distributed manner. Administrators of systems are then free to choose their best platform and language for management

Decentralized Identity and Access Management Framework for Internet of Things Devices

The emerging Internet of Things (IoT) domain is about connecting people and devices and systems together via sensors and actuators, to collect meaningful information from the devices surrounding environment and take actions to enhance productivity and efficiency. The proliferation of IoT devices from around few billion devices today to over 25 billion in the next few years spanning over heterogeneous networks defines a new paradigm shift for many industrial and smart connectivity applications. The existing IoT networks faces a number of operational challenges linked to devices management and the capability of devices’ mutual authentication and authorization. While significant progress has been made in adopting existing connectivity and management frameworks, most of these frameworks are designed to work for unconstrained devices connected in centralized networks. On the other hand, IoT devices are constrained devices with tendency to work and operate in decentralized and peer-to-peer arrangement. This tendency towards peer-to-peer service exchange resulted that many of the existing frameworks fails to address the main challenges faced by the need to offer ownership of devices and the generated data to the actual users. Moreover, the diversified list of devices and offered services impose that more granular access control mechanisms are required to limit the exposure of the devices to external threats and provide finer access control policies under control of the device owner without the need for a middleman. This work addresses these challenges by utilizing the concepts of decentralization introduced in Distributed Ledger (DLT) technologies and capability of automating business flows through smart contracts. The proposed work utilizes the concepts of decentralized identifiers (DIDs) for establishing a decentralized devices identity management framework and exploits Blockchain tokenization through both fungible and non-fungible tokens (NFTs) to build a self-controlled and self-contained access control policy based on capability-based access control model (CapBAC). The defined framework provides a layered approach that builds on identity management as the foundation to enable authentication and authorization processes and establish a mechanism for accounting through the adoption of standardized DLT tokenization structure. The proposed framework is demonstrated through implementing a number of use cases that addresses issues related identity management in industries that suffer losses in billions of dollars due to counterfeiting and lack of global and immutable identity records. The framework extension to support applications for building verifiable data paths in the application layer were addressed through two simple examples. The system has been analyzed in the case of issuing authorization tokens where it is expected that DLT consensus mechanisms will introduce major performance hurdles. A proof of concept emulating establishing concurrent connections to a single device presented no timed-out requests at 200 concurrent connections and a rise in the timed-out requests ratio to 5% at 600 connections. The analysis showed also that a considerable overhead in the data link budget of 10.4% is recorded due to the use of self-contained policy token which is a trade-off between building self-contained access tokens with no middleman and link cost