The COVID-19 pandemic helped countries to increase the use of their mobile eID solutions. These are based on traditional identity management systems, which suffer from weaknesses, such as the reliance on a central entity to provide the identity data and the lack of control of the user over her or his data. The introduction of self-sovereign identity (SSI) for e-government systems can strengthen the privacy of the citizens while enabling identification also for the weakest. To successfully initiate SSI, different factors have to be taken into account. In order to have a clear understanding of the challenges, but also lessons learned, we provide an overview of existing solutions and projects and conducted an analysis of their experiences. Based on a taxonomy, we identified strong points, as well as encountered challenges. The contribution of this paper is threefold: First, we enhanced existing taxonomies based on the literature for further evaluations. Second, we analyzed eID solutions for lessons learned. Third, we evaluated more recently started SSI projects in different states of their lifecycle. This led to a comprehensive discussion of the lessons learned and challenges to address, as well as further findings.
Part 7: Identity ManagementInternational audienceWe present the concept and design of Géant-TrustBroker, a new service to facilitate multi-tenant ICT service user authentication and authorization (AuthNZ) management in large-scale eScience infrastructures that is researched and implemented by the pan-European research and education network, Géant. Géant-TrustBroker complements eduGAIN, a successful umbrella inter-federation created on top of national higher education federations in more than 20 countries world-wide. Motivated by experiences with real-world limits of eduGAIN, Géant-TrustBroker’s primary goal is to enable a dynamic and highly scalable management of identity federations and inter-federations. Instead of eduGAIN’s federation-of-federations approach, Géant-TrustBroker enables the on-demand establishment and life-cycle management of dynamic virtual federations and achieves a high level of automation to reduce the manual workload for the participating organizations, which so far is one of the most significant obstacles for the adoption of Federated Identity Management, e.g., based on the SAML standard. We contrast Géant-TrustBroker with other state-of-the-art approaches, present its workflows and internal mode of operations and give an outlook to how eduGAIN can be used in combination with Géant-TrustBroker to solve current AuthNZ problems in international research projects and communities
Identity and access management (I&AM) is the umbrella term for managing users and their permissions. It is required for users to access different services. These services can either be provided from their home organization, like a company or university, or from external service providers, e. g., cooperation partners. I&AM provides the management of identifiers with the attributes, credentials, roles, and permissions the user has. Today, the requirements have evolved from simply accessing individual web services in the internet or at a company to the majority of all IT services from different service providers with various accounts. Several identity management models have been created with different approaches within.In order to adjust to heterogeneous environments, use cases, and the evolution of identity management, this paper extends known requirements for identity management. Existing models and approaches for identity management are mapped to the derived requirements. Based on the mapping, advantages, disadvantages, and gaps are identified. Current approaches suffer, as an example, from trustworthiness and liability issues. Interoperability issues are even more inherent as the approaches partly develop apart, forming an heterogeneous environment. The results from this analysis emphasize the need for one holistic identity management framework.
This paper presents a comprehensive classification of identity management approaches. The classification makes use of three axes: topology, type of user, and type of environment. The analysis of existing approaches using the resulting identity management cube (IMC) highlights the trade-off between user control and trust in attributes. A comparative analysis of IMC and established models identifies missing links between the approaches. The IMC is extended by a morphology of identity management, describing characteristics of cooperation. The morphology is then mapped to the life cycle of users and identity management in a further step. These classifications are practically underlined with current approaches. Both methods combined provide a comprehensive characterization of identity management approaches. The methods help to choose suited approaches and implement needed tools.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.