John writes:
“Digital Identity Management – Challenges and Benefits
Amir Hadziahmetovic has published his MSc in IT thesis, which he made under my supervision. It is in English and is called Digital Identity Management – Challenges and Benefits (Download PDF). Besides giving a nice introduction to and analysis of Identity Management, Amir makes some interesting observations about the identity management situation in Denmark. I recommend everyone to read this good thesis.
I’ve extracted a few central paragraphs introducing the project:
The main research problem is how to find the optimal model that will solve Digital Identity (DI) management and the data interchange for electronic business in new network economy. The problem lies in unknown path of how to make choices for interoperable DI, and how to find the optimal strategy to implement chosen model. The research will commence with exploring the area of general Digital Identity Management, continue with analyzing platform for interoperable management and exchange of DIs, including implementation challenges, and end with listing the benefits of having such a platform implemented.
Imagine the sewerage management of a bigger city where each building block has a container for waste waters instead of a city-wide sewerage system. Without drain-pipes connecting the containers, every now and then a container would fill up, and for emptying a pump-trucks would be needed. They would pump out the content from a container, and spill it out at some depot outside the town. This would be very complex system of containers and trucks, difficult to control and manage. Some of the containers would certainly get overfilled, causing flooding and bad smell. With the growth of the city, the system would get even more unreliable. Therefore the majority of today’s cities have outspread sewerage system, which connects the depots, automating the spill of waste waters.
The similar problem modern business has with today’s DI management: Identity data in containers, filling up quickly; the system unable to exchange data with other systems; difficult to maintain and automate the spill of data. To enable development of electronic business, more reliable system for DI management is required.
Business trends today push organizations toward strengthening of cooperation and linking of business processes between them. Many companies and governments are tending to expand their activities by integrating online services and systems, and letting external users access internal data. Individual users want comfortable Web experience, and minimal effort in getting tailor-made products and services. Inability of today’s IT systems to match these trends is choking present development of business. Strengthening of cooperation and linking of business processes is putting pressure on IT systems and belonging infrastructure, requiring that Digital Identity data is created in unified fashion, and safely exchanged between organizations.
Digital Identity Management (IM) is a fundamental part of integrated company systems and online services. It defines who has access to what in some cases, and identifies customers and users of the services in other cases. IM architecture of today has to evolve from predominantly silo to common, interoperable architecture, based on open standards. This kind of architecture is a fundament for Federated IM, where identities are safely exchanged.
This project will try to look at Digital Identity Management, technology and architecture in relation to business goals and strategies. The main concepts of Digital Identity Management will be addressed i.a. concepts like Federated Identity, Single Sign-On (SSO), and Open Standards. The report will present a study of business and technical implications of Federating Identity, where Identity management is the central issue.
An analysis of the practical as well as architectural aspects of Federated Identity will be covered. An analysis of open standards for interoperability will be covered, especially those advised by Danish National IT and Telecom Agency and their Reference Model for Identity. The report will focus on standards from the Model such as Role-Based Access Control (RBAC), Security Assertion Markup Language (SAML), Lightweight Directory Access Protocol (LDAP) and Public certificates for electronic services – OCES Digital Signature, but also will discuss alternatives. Finally privacy issues will be considered.
The fundamental objective of any enterprise IT system must be full support to business flexibility and agility in ever-changing business environment. The ultimate goal of this project is to perceive the challenges of the IM evolution path, and to show how Identity Management supports connection between the systems and the processes, providing users with better web experience.
Method: The project will list general theoretical issues, comparing different views on these issues, and presenting own reasoning.
The obstacles in relation to acceptance of Reference Model for Identity will be analyzed. The analysis will be based on empirical research including feedback from involved organizations, interviews with individuals from selected organizations, conferences, and forums.
Again: Download Amir’s thesis (PDF).
ABAC Denmark digital identity digital identity management eCitizens public sector RBAC SAML thesis Web services “
Identity Management 