Anmerkungen:
Diese Datenquelle enthält auch Bestandsnachweise, die nicht zu einem Volltext führen.
Beschreibung:
Federated identity management (FIM) systems are defined as a group of organizations (entities) that have agreed to establish trust relationships and share identity information to enable seamless access to resources across organizational boundaries. In FIM, service providers (SPs) authorize user requests to access their services by assessing user information and assertions issued by external identity providers (IdPs). Methods of authentication and identification and security strategies used for data transmissions between SPs and IdPs are examples of assurance information that SPs rely on for authorization. In this context, the level of assurance (LoA) measures the level of confidence that can be placed in a user’s digital identity. It represents the degree to which identity has been verified and its associated risk. Implementing LoA solutions in federated environments is often complex and challenging for SPs since each organization maintains its own identity and access management (IAM) practice and authorization policies. There have been various proposals from international standardization bodies and federation operators for LoA solutions in the form of blueprints, assurance frameworks, or IAM modules for providing, evaluating, and exchanging user assurance information. However, there is no universal agreement on what these standards should be or how they should be implemented. SPs often find it challenging to adopt and implement the current solutions because of the high cost of deployment, complexity, limited authority to define customizable requirements and lack of compatibility between standards and frameworks in different administrative domains. This research proposes an assurance framework that can be added as a module to an organization’s IAM solution to address the LoA challenges. This framework aims to give service owners the flexibility to define their LoA requirements based on their service’s specific needs and risk assessments. Using the proposed framework, service owners can also define custom mapping ...