Reference : A Systematic Review of Identity and Access Management Requirements in Enterprises and...
Scientific journals : Article
Engineering, computing & technology : Computer science
Business & economic sciences : Management information systems
Security, Reliability and Trust
http://hdl.handle.net/10993/55994
A Systematic Review of Identity and Access Management Requirements in Enterprises and Potential Contributions of Self-Sovereign Identity
English
Glöckler, Jana []
Sedlmeir, Johannes mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > FINATRAX >]
Frank, Muriel-Larissa mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > FINATRAX >]
Fridgen, Gilbert mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > FINATRAX >]
12-Sep-2023
Business and Information Systems Engineering
Springer
Yes
International
2363-7005
1867-0202
Wiesbaden
Germany
[en] Authentication ; Digital wallet ; IAM ; Security ; SSI ; Verifiable credential
[en] Digital identity and access management (IAM) poses significant challenges for companies. Cyberattacks and resulting data breaches frequently have their root cause in enterprises' IAM systems. During the COVID-19 pandemic, issues with the remote authentication of employees working from home highlighted the need for better IAM solutions. Using a design science research approach, the paper reviews the requirements for IAM systems from an enterprise perspective and identifies the potential benefits of self-sovereign identity (SSI) – an emerging, passwordless paradigm in identity management that provides end users with cryptographic attestations stored in digital wallet apps. To do so, this paper first conducts a systematic literature review followed by an interview study and categorizes IAM system requirements according to security and compliance, operability, technology, and user aspects. In a second step, it presents an SSI-based prototype for IAM, whose suitability for addressing IAM challenges was assessed by twelve domain experts. The results suggest that the SSI-based authentication of employees can address requirements in each of the four IAM requirement categories. SSI can specifically improve manageability and usability aspects and help implement acknowledged best practices such as the principle of least privilege. Nonetheless, the findings also reveal that SSI is not a silver bullet for all of the challenges that today’s complex IAM systems face.
Bavarian Ministry of Economic Affairs, Regional Development and Energy
Fraunhofer Blockchain Center (20-3066-2-6-14)
Researchers ; Professionals
http://hdl.handle.net/10993/55994
10.1007/s12599-023-00830-x
For the purpose of open access, the authors have applied a Creative Commons Attribution 4.0 International (CC BY 4.0) license to any Author Accepted Manuscript version arising from this submission.
FnR ; FNR16326754 > Gilbert Fridgen > PABLO > Privacy-preserving Tokenisation Of Artworks > 01/01/2022 > 31/12/2024 > 2021

File(s) associated to this reference

Fulltext file(s):

FileCommentaryVersionSizeAccess
Open access
s12599-023-00830-x.pdfPublisher postprint1.06 MBView/Open

Additional material(s):

File Commentary Size Access
Open access
 12599_2023_830_MOESM1_ESM.pdfSupplementary file2.68 MBView/Open

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.