Brewing a User-Centric Electronic Identity Solution
نویسنده
چکیده
The growing popularity of mobile apps, the “bring your own device” (BYOD) phenomenon, cloud computing, and big data, seem to have created the perfect storm for traditional identity technologies and solutions. Service providers and certain users too are increasingly aware that the features and benefits offered by an identity solution are worth nothing if a crafty attacker breaks through critical design elements, exposes secrets and private information, and thereby facilitates user impersonation and fraudulent transactions. This paper provides a synopsis of the identity problem (as I see it), discusses essential weaknesses of certain traditional solutions, and proposes what I believe to be critical design requirements for next generation identity solutions. I also highlight the role of software quality engineering in the development of such solutions.
منابع مشابه
A Smart Card Based Solution for User-Centric Identity Management
This paper presents a prototype of a previously proposed user-centric identity management system using trusted modules. The trusted module, implemented using a smart card, can retrieve user attributes from identity providers and offer them to service providers, after authentication. This paper allows an evaluation of the practical feasibility of the identity management architecture and provides...
متن کاملUser-Centric Identity Using ePassports
The worldwide introduction of ePassports presents a unique opportunity for the online identity community to implement trustworthy identity providers. The ePassport provides citizens with a strong authentication token within a global Public Key Infrastructure backed by government administrations. This paper studies the possibilities for leveraging the ePassport for usercentric identity and repor...
متن کاملTutorial: Identity Management Systems and Secured Access Control
This material is brought to you by the Journals at AIS Electronic Library (AISeL). It has been accepted for inclusion in Communications of the Association for Information Systems by an authorized administrator of AIS Electronic Library (AISeL). For more information, please contact [email protected]. Identity Management has been a serious problem since the establishment of the Internet. Yet li...
متن کاملSelf-service Privacy: User-Centric Privacy for Network-Centric Identity
User privacy has become a hot topic within the identity management arena. However, the field still lacks comprehensive frameworks even though most identity management solutions include built-in privacy features. This study explores how best to set up a single control point for users to manage privacy policies for their personal information, which may be distributed (scattered) across a set of n...
متن کاملEnhancing User Privacy in Information Card-Based Identity Management Systems
Information Card-based Identity Management (ICIM) is one of the most prominent user-centric schemes. In this paper we identify two security flaws in ICIM systems that may lead to a serious privacy violation. The first is the reliance on Internet user judgements of the authenticity of service providers, and the second is the reliance of the system on a single layer of authentication. We also pro...
متن کامل