Building a conceptual framework for analyzing, comparing and evaluating identity management systems

The thesis proposes a framework to objectively analyze, compare and evaluate identity management systems. The central focus is on the integration of all essential aspects of identity management in the evaluation process of an identity management system. The aspects reflect the generic requirements t...

Full description

Bibliographic Details
Main Author: Chehab, Maya Ismail
Published: London South Bank University 2011
Subjects:
Online Access:http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.634035
Description
Summary:The thesis proposes a framework to objectively analyze, compare and evaluate identity management systems. The central focus is on the integration of all essential aspects of identity management in the evaluation process of an identity management system. The aspects reflect the generic requirements that organizations have sought in the design of an identity management system in order to attain their objectives. These include attributes, binding, functionalities, trust, scope, assurance, privacy and usability. For each aspect, the framework analyzes and discusses the prominent role that the aspect plays in an identity management system, highlighting the potential advantages it may bring and emphasizing on its influences on the security of information. A whole identity management system can thus be viewed as an assembly of the essential aspects. This would reflect the potential benefits that the system may offer along with the influences on information security that it entails. In an identity management system, some aspects are viewed through the interaction of the core components of the system. An abstraction is given to the underlying architectures of identity management systems. This allows a clearer understanding to the features provided by the systems. Additionally, the framework views trust inherent in identity management systems as a relationship that entails significant risk to information security. An approach to evaluating trust in terms of measuring the risk entailed to it is provided in this framework. The measure can be used as the input knowledge to help in analysis and decision-making about whether to trust or not. The framework also characterizes authentication assurance and measures it according to a scale that reflects the risk entailed to the online services that are intended to be used. This gives service providers confidence that their critical services are only granted to users who have gone through stringent authentication mechanisms in the identity management system. Moreover, privacy and usability principles are customized to identity management systems in this framework. The principles of an aspect can be used as the foundation for criteria to evaluating the aspect in an identity management system. Finally, the framework introduces a model that presents every system as an integration of all the aspects of identity management. It uses a chart to depict the quality of each aspect in the system. By illustrating charts to multiple identity management systems, this allows organizations to compare, contrast and choose with confidence the system that best fit their objectives.