Who is Guarding the Doors

Internet banking has become the preferred channel for conducting banking activities across globe and amongst all social demographics. Only a few other technological adoptions can compare with the recent trend of use of Internet banking facilities. Given the cost advantages and benefits it has to offer, it is widely touted as a win-win strategy for both banks and customers. However, with the growth in E-banking services and reliance on a public channel–Internet–to conduct business, it has been challenging for banks to ensure integrity and confidentiality of highly sensitive information. This chapter presents an overview of authentication issues and challenges in the online banking area with analysis on some of the better approaches. The chapter compares different authentication methods and discusses ensuing issues. The chapter will be invaluable for managers and professionals in understanding the current authentication landscape.

Developing Proactive Security Dimensions for SOA

Security is one of the largest challenges facing the development of a Service-Oriented Architecture (SOA). This is due to the fact that SOA security is the responsibility of both the service consumer and service provider. In recent years, many solutions have been implemented, such as the Web Services Security Standards, including WS-Security and WS-SecurityPolicy. However, those standards are insufficient for the promising new generations of Web 2.0 applications. In this research, we describe an Intelligent SOA Security (ISOAS) framework and introduce four of its services: Authentication and Security Service (NSS), the Authorization Service (AS), the Privacy Service (PS) and the Service of Quality of Security Service (SQoSS). Furthermore, a case study is presented to examine the behavior of the described security services inside a market SOA environment.

Identity and Access Management Architectures with a Focus on User Initiative

We have developed a “Privacy Policy Matching Engine” as a component of the Identity and Access Management Architectures. This engine enables the matching of a user’s intention to provide his/her identity-related data with an entity’s own privacy policy. Also, it automatically analyzes the policies with a focus on the types and handling method for identity-related data.

Separating Private and Business Identities

As various information technologies are penetrating everyday life, private and business matters inevitably mingle. Separating private and business past records, public information, actions or identities may, however, be crucial for an employee in certain situations. In this chapter we review the interrelated areas of employee privacy, and analyze in detail two areas of special importance from the viewpoint of the separation: web and social network privacy. In relation to these areas we discuss threats and solutions in parallel, and besides surveying the relevant literature, we also present current Privacy Enhancing Technologies applicable in each area. Additionally, we briefly review other means of workplace surveillance, providing some insight into the world of smartphones, where we expect the rise of new privacy-protecting technologies as these devices are getting capable of taking over the functions of personal computers.

IAM Risks during Organizational Change and Other Forms of Major Upheaval

Managing digital identities and computer and network access rights is difficult at the best of times. But today’s rapidly changing organizational structures and technology dependencies make for even greater challenges. In this chapter, we review the various stages in the identity and access management (IAM) lifecycle from the particular perspective of organizations undergoing substantial change from mergers and acquisitions, business expansions and contractions, as well as internal structural and technological changes. We also look at the impact on IAM of incidents originating from outside organizations, such as natural disasters (earthquakes, hurricanes, volcanic eruptions, etc.) and manmade catastrophes (terrorist bombings, major oil spills, etc.). We address the question of how one might prepare for and respond to such events by managing and controlling identification and authorization in fast-moving, difficult-to-control situations.

Privacy in Identity and Access Management Systems

This chapter surveys the approaches for addressing privacy in open identity and access management systems that have been taken by a number of current systems. The chapter begins by listing important privacy requirements and discusses how three systems that are being incrementally deployed in the Internet, namely SAML 2.0, CardSpace, and eID, address these requirements. Subsequently, the findings of recent European research projects in the area of privacy for I&AM systems are discussed. Finally, the approach taken to address the identified privacy requirements by ongoing projects is described at a high level. The overall goal of this chapter is to provide the reader with an overview of the diversity of privacy issues and techniques in the context of I&AM.

From Domain-Based Identity Management Systems to Open Identity Management Models

One of the main reasons is the problem of establishing trust relationships between independent parties—a problem inherent to open environments with multiple trust domains. In open environments, participants often do not know each other, but nevertheless require an existing trust relationship to perform critical transactions. Governments, commercial organizations, and academia alike have addressed this issue by providing better assurance guidelines for identity management. The outcome is a number of identity assurance frameworks that identify and cluster certain security criteria into levels of trust or levels of assurance (LoA). These approaches are described, compared, and assessed with regard to their role towards a reliable identity management across the Internet. Limitations are identified and trust levels for attributes are proposed as potential fields for further research.

Selecting and Implementing Identity and Access Management Technologies

This chapter investigates how organizations can be supported in selecting and implementing Identity and Access Management (IAM) services. Due to the ever growing number of applications that are being used in organizations, stricter regulations and changing relationships between organizations, a new approach towards login- and password administration, security, and compliance is needed. IAM services claim to provide this new approach. Unfortunately, IAM selection projects have not been very successful in the recent past. Therefore, this chapter presents the IAM Services Assessment Model which provides a useful and usable tool to support organizations in the selection and implementation of IAM services.

Feasibility and Sustainability Model for Identity Management

National identity projects in various countries around the globe, which manage unique identification of citizens, have captured attention of late. Although the perceived benefits in terms of public administration are numerous, the challenges and bottlenecks for a successful rollout are also many. The objective of this chapter is to identify the drivers and inhibitors for adopting a common identity management system across various organizations for public administration and to suggest a model for determining the feasibility and sustainability of such a system. We reveal the various factors affecting successful implementation of the system and the probable impact of these factors. The model suggested would allow public organizations and policy makers to determine the critical factors for the implementation of an identity management system on a large scale.

Identity Management Systems

Next, we discuss the practicality of identity management systems, and consider how their practicality can be enhanced by developing reliable integration and delegation schemes. We also provide overviews of the Project Concordia integration framework, and the Shibboleth and OAuth delegation frameworks, as well as reviewing the related literature.