On federated single sign-on in e-government interoperability frameworks

Mecca, Giansalvatore; Santomauro, Michele; Santoro, Donatello; Veltri, Enzo

doi:10.1504/ijeg.2016.076684

Cited by 7 publications

(6 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…SOA is not a new concept and is usually implemented to model government services and integrate them in a, e.g., service catalog (Yli-Huomo et al, 2018;Paul et al, 2012;Ma, 2010;Echevarria et al, 2015;Penna et al, 2015;Riyanto et al, 2018;Abdullah et al, 2017;Sedek et al, 2015;Tebib et al, 2015). However, due to the diversity of government agencies, a middleware component is usually implemented to ease the integration of information systems within SOA architectures (Mecca et al, 2016). Other authors implemented Platformas-a-service (PaaS), a cloud computing concept enabling service integration without the complexity of building and maintaining the infrastructure (Muller et al, 2016).…”

Section: Icts Implemented In Mature E-government Systemsmentioning

confidence: 99%

“…One of the main concerns regarding SSO is the security and privacy of the system users. One of the solutions is to move all the security logic to a dedicated server to create a single authentication point for the whole system (Ma, 2010;Riyanto et al, 2018;Sedek et al, 2015;Tebib et al, 2015;Mecca et al, 2016;Setiawan et al, 2018). Another system to guarantee network security is the public key infrastructure (PKI), which is an identity authentication scheme based on digital certificates, and provides identity authentication even in the open cloud environment (Abdullah et al, 2017;Sedek et al, 2015).…”

Section: Icts Implemented In Mature E-government Systemsmentioning

confidence: 99%

See 1 more Smart Citation

Conceptual framework for the development of an e-government licensing system

Ivic¹,

Stefanović²,

Dakić³

et al. 2023

ACCESS

View full text Add to dashboard Cite

The term electronic government (e-government) is widely used to describe the utilization of Information and Communication Technologies (ICTs) to digitize government functions and procedures. One of the e-government system's most used functionality is issuing licenses to citizens and businesses. Governments usually develop centralized egovernment licensing systems to issue a specific license type, hence limiting the possibility of system expansion and integration with other government bodies. However, a flexible solution enabling a platform for the rapid transformation of specific and various license-issuing processes and integration with other government bodies could reduce the time and cost of e-government projects. This paper presents such a novel e-government licensing framework developed with the waterfall methodology and implemented in Serbia. Firstly, the system requirements were set as flexible, low coding, continuous improvement, and digital transformation of all government licensing processes. Secondly, a generic government licensing process containing recurring activities was identified as the BPMN process model. The process is then integrated with horizontal e-services such as Government Service Bus, Electronic Identification(eID), eDelivery, eNotify, eSeal, ePayment, and National Government Portal. The main contribution of this approach is the attempt to automate and manage licensing process through a Business Process Management engine to achieve a low-coding and flexible development and maintenance environment. The designed e-government licensing framework was successfully applied to transform and digitalize Serbia's e-services into a standardized, integrated platform, where e-services are designed as a customizable e-licensing process and managed through Business Process Management software.

show abstract

Section: Icts Implemented In Mature E-government Systemsmentioning

confidence: 99%

Section: Icts Implemented In Mature E-government Systemsmentioning

confidence: 99%

Conceptual framework for the development of an e-government licensing system

Ivic¹,

Stefanović²,

Dakić³

et al. 2023

ACCESS

View full text Add to dashboard Cite

show abstract

“…Second, SSO authentication improves overall security from both a system architecture and a behavioural perspective. Architecturally speaking, the SSO authentication model enhances the overall security because security credentials are accepted and processed only at a specific SSO server; no security credentials are transmitted to other systems (Mecca et al 2016). Behavioural-wise, maintaining multiple passwords for different access points requires a high level of cognitive effort from users.…”

Section: Characteristics Of B2b Cloudmentioning

confidence: 99%

Cloud Service Brokerage: Exploring Characteristics and Benefits of B2B Cloud Marketplaces

Paulsson

Emeakaroha

Morrison

et al. 2020

Measuring the Business Value of Cloud Computing

View full text Add to dashboard Cite

show abstract

“…First, the developer should have knowledge in security policy and potential threats to build a threat model and also to know attacker view, how to attempt the threat model (Wang et al, 2007). The effectiveness and performance of middleware architecture and frameworks for egovernment is discussed (Mecca et al, 2016). An architecture metamodels and security risk can be inferred from metamodel instantiations.…”

Section: Related Workmentioning

confidence: 99%

A risk-centric defensive architecture for threat modeling in e-government application

Venkatasen

Mani

2017

View full text Add to dashboard Cite

To improve the security of an e-government, software engineering plays a vital role. During the application development for an e-government, there exist several risks. To analyse those risks, threat modelling methodology which is defined as the process to understand and address the threats of an application. Threat modelling is used to determine security controls and countermeasures for the targeting attacks. This paper describes an approach to identify how far the attack penetrates in risk layers and how the model defends from an attacker in e-government systems. The relevant attacks are retrieved from the attack pattern information is gathered from MITRE's common attack pattern enumeration and classification (CAPEC) security source. This architecture dynamically identifies the risk severity and prioritises the risk in a single step. An attack pattern applied to a risk-centric defensive architecture model to identify threat severity and also it is prioritised based on its impact. We validate risk-centric defensive architecture model by implementing it in a tool based on data flow diagrams (DFDs), from the Microsoft security development methodology.

show abstract

On federated single sign-on in e-government interoperability frameworks

Cited by 7 publications

References 9 publications

Conceptual framework for the development of an e-government licensing system

Conceptual framework for the development of an e-government licensing system

Cloud Service Brokerage: Exploring Characteristics and Benefits of B2B Cloud Marketplaces

A risk-centric defensive architecture for threat modeling in e-government application

Contact Info

Product

Resources

About