TY - GEN
T1 - Choice of suitable Identity and Access Management standards for mobile computing and communication
AU - Naik, Nitin
AU - Jenkins, Paul
AU - Newell, David
N1 - Publisher Copyright:
© 2017 IEEE.
PY - 2017/8/3
Y1 - 2017/8/3
N2 - Enterprises have recognised the importance of personal mobile devices for business and official use. Employees and consumers have been freely accessing resources and services from their principal organisation and partners' businesses on their mobile devices, to improve the efficiency and productivity of their businesses. This mobile computing-based business model has one major challenge, that of ascertaining and linking users' identities and access rights across business partners. The parent organisation owns all the confidential information about users but the collaborative organisation has to verify users' identities and access rights to allow access to their services and resources. This challenge involves resolving how to communicate users' identities to collaborative organisations without sending their confidential information. Several generic Identity and Access Management (IAM) standards have been proposed, and three have become established standards: Security Assertion Markup Language (SAML), Open Authentication (OAuth), and OpenID Connect (OIDC). Mobile computing and communication have some specific requirements and limitations; therefore, this paper evaluates these IAM standards to ascertain suitable IAM to protect mobile computing and communication. This evaluation is based on the three types of analyses: Comparative analysis, suitability analysis and security vulnerability analysis of SAML, OAuth and OIDC.
AB - Enterprises have recognised the importance of personal mobile devices for business and official use. Employees and consumers have been freely accessing resources and services from their principal organisation and partners' businesses on their mobile devices, to improve the efficiency and productivity of their businesses. This mobile computing-based business model has one major challenge, that of ascertaining and linking users' identities and access rights across business partners. The parent organisation owns all the confidential information about users but the collaborative organisation has to verify users' identities and access rights to allow access to their services and resources. This challenge involves resolving how to communicate users' identities to collaborative organisations without sending their confidential information. Several generic Identity and Access Management (IAM) standards have been proposed, and three have become established standards: Security Assertion Markup Language (SAML), Open Authentication (OAuth), and OpenID Connect (OIDC). Mobile computing and communication have some specific requirements and limitations; therefore, this paper evaluates these IAM standards to ascertain suitable IAM to protect mobile computing and communication. This evaluation is based on the three types of analyses: Comparative analysis, suitability analysis and security vulnerability analysis of SAML, OAuth and OIDC.
KW - IAM
KW - Identity and Access Management
KW - Mobile Computing and Communication
KW - OAuth
KW - OpenID Connect
KW - SAML
KW - SSO
UR - http://www.scopus.com/inward/record.url?scp=85028533582&partnerID=8YFLogxK
U2 - 10.1109/ICT.2017.7998280
DO - 10.1109/ICT.2017.7998280
M3 - Conference contribution
AN - SCOPUS:85028533582
T3 - Proceedings of the 24th International Conference on Telecommunications: Intelligence in Every Form, ICT 2017
BT - Proceedings of the 24th International Conference on Telecommunications
A2 - Aghvami, Hamid
A2 - Verikoukis, Christos
A2 - Ellinas, Georgios
A2 - Vassiliou, Vasos
A2 - Kamel, George
A2 - Bellavista, Paolo
A2 - Kolios, Panayiotis
A2 - Chatzinotas, Symeon
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 24th International Conference on Telecommunications, ICT 2017
Y2 - 3 May 2017 through 5 May 2017
ER -