New Directions and Challenges within Identity and Access Management

Q1 Social Sciences

IEEE Communications Standards Magazine Pub Date : 2023-06-01 DOI:10.1109/MCOMSTD.0006.2200077

Daniela Pöhn, Wolfgang Hommel

{"title":"New Directions and Challenges within Identity and Access Management","authors":"Daniela Pöhn, Wolfgang Hommel","doi":"10.1109/MCOMSTD.0006.2200077","DOIUrl":null,"url":null,"abstract":"Identity and access management is a core building block for the majority of web services. Cloud-based services, social webs, mobile apps, but also IoT-related services rely on identity management to provide a seamless and secure user experience. Transmitting and sharing sensitive information with other organizations always poses a security and privacy risk to all participating entities. One solution to tackle this problem is the principle of federated identity management (FIM). FIM is used to authenticate and authorize users across multiple organizations and platforms in order to obtain access to resources and services. The benefits of FIM are, for example, consistent data, reduced amount of sensitive information needed to be shared, as well as less passwords for the user to remember. Both predominant standards, Secure Assertion Markup Language (SAML) 2.0 and Open Authentication (OAuth) 2.0 with the authentication layer OpenID Connect, are in wide-spread practical use for at least a decade. However, these protocols were developed with different requirements in mind than nowadays present. This led to several extensions to tackle real-world problems, making it cumbersome to comply with every flavor. Also, Request for Comments (RFC) 8252 suggests that a native app opens a system browser for user authentication; consequently, new protocols are currently developed. For example, within Internet Engineering Task Force (IETF), Kantara Initiative, and OpenID Foundation, which (should) have three main goals in common: • Reducing the complexity in contrast to SAML 2.0 and OAuth 2.0. • Decreasing the amount of extensions and varieties found in the wild. Both help developers to comply with the standards and, consequently, increase the security. • Including edge and future use cases, making the protocols even more useful. This article gives insights into current developments and possible future paths.","PeriodicalId":36719,"journal":{"name":"IEEE Communications Standards Magazine","volume":"7 1","pages":"84-90"},"PeriodicalIF":0.0000,"publicationDate":"2023-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Communications Standards Magazine","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/MCOMSTD.0006.2200077","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"Social Sciences","Score":null,"Total":0}

引用次数: 0

Abstract

Identity and access management is a core building block for the majority of web services. Cloud-based services, social webs, mobile apps, but also IoT-related services rely on identity management to provide a seamless and secure user experience. Transmitting and sharing sensitive information with other organizations always poses a security and privacy risk to all participating entities. One solution to tackle this problem is the principle of federated identity management (FIM). FIM is used to authenticate and authorize users across multiple organizations and platforms in order to obtain access to resources and services. The benefits of FIM are, for example, consistent data, reduced amount of sensitive information needed to be shared, as well as less passwords for the user to remember. Both predominant standards, Secure Assertion Markup Language (SAML) 2.0 and Open Authentication (OAuth) 2.0 with the authentication layer OpenID Connect, are in wide-spread practical use for at least a decade. However, these protocols were developed with different requirements in mind than nowadays present. This led to several extensions to tackle real-world problems, making it cumbersome to comply with every flavor. Also, Request for Comments (RFC) 8252 suggests that a native app opens a system browser for user authentication; consequently, new protocols are currently developed. For example, within Internet Engineering Task Force (IETF), Kantara Initiative, and OpenID Foundation, which (should) have three main goals in common: • Reducing the complexity in contrast to SAML 2.0 and OAuth 2.0. • Decreasing the amount of extensions and varieties found in the wild. Both help developers to comply with the standards and, consequently, increase the security. • Including edge and future use cases, making the protocols even more useful. This article gives insights into current developments and possible future paths.

查看原文本刊更多论文

身份和访问管理的新方向和挑战

身份和访问管理是大多数web服务的核心构建块。基于云的服务、社交网络、移动应用程序以及物联网相关服务都依赖于身份管理，以提供无缝和安全的用户体验。与其他组织传输和共享敏感信息总是给所有参与实体带来安全和隐私风险。解决这个问题的一个解决方案是联合身份管理（FIM）原则。FIM用于跨多个组织和平台对用户进行身份验证和授权，以便获得对资源和服务的访问权限。例如，FIM的好处是数据一致，减少了需要共享的敏感信息量，以及减少了用户需要记住的密码。安全断言标记语言（SAML）2.0和具有身份验证层OpenID Connect的开放身份验证（OAuth）2.0这两个主要标准都在实际应用中广泛使用了至少十年。然而，这些协议的开发考虑到了与目前不同的要求。这导致了一些扩展来解决现实世界中的问题，使得遵守每种口味都很麻烦。此外，征求意见（RFC）8252建议本地应用程序打开系统浏览器进行用户身份验证；因此，目前正在开发新的协议。例如，在互联网工程任务组（IETF）、Kantara Initiative和OpenID Foundation中，它们（应该）有三个共同的主要目标：•与SAML 2.0和OAuth 2.0相比，降低复杂性。•减少在野外发现的扩展和变种的数量。两者都有助于开发人员遵守标准，从而提高安全性。•包括边缘和未来的用例，使协议更加有用。这篇文章对当前的发展和未来可能的道路提供了见解。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

IEEE Communications Standards Magazine Social Sciences-Law

CiteScore

10.80

自引率

0.00%

发文量