Article (Scientific journals)
A systematic review of identity and access management requirements in enterprises and potential contributions of self-sovereign identity
Glöckler, Jana; SEDLMEIR, Johannes; FRANK, Muriel-Larissa et al.
2023In Business and Information Systems Engineering
Peer reviewed
 

Files


Full Text
s12599-023-00830-x.pdf
Publisher postprint (1.08 MB)
Download
Annexes
12599_2023_830_MOESM1_ESM.pdf
(2.75 MB)
Supplementary file
Download

All documents in ORBilu are protected by a user license.

Send to



Details



Keywords :
Authentication; Digital wallet; IAM; Security; SSI; Verifiable credential
Abstract :
[en] Digital identity and access management (IAM) poses significant challenges for companies. Cyberattacks and resulting data breaches frequently have their root cause in enterprises' IAM systems. During the COVID-19 pandemic, issues with the remote authentication of employees working from home highlighted the need for better IAM solutions. Using a design science research approach, the paper reviews the requirements for IAM systems from an enterprise perspective and identifies the potential benefits of self-sovereign identity (SSI) – an emerging, passwordless paradigm in identity management that provides end users with cryptographic attestations stored in digital wallet apps. To do so, this paper first conducts a systematic literature review followed by an interview study and categorizes IAM system requirements according to security and compliance, operability, technology, and user aspects. In a second step, it presents an SSI-based prototype for IAM, whose suitability for addressing IAM challenges was assessed by twelve domain experts. The results suggest that the SSI-based authentication of employees can address requirements in each of the four IAM requirement categories. SSI can specifically improve manageability and usability aspects and help implement acknowledged best practices such as the principle of least privilege. Nonetheless, the findings also reveal that SSI is not a silver bullet for all of the challenges that today’s complex IAM systems face.
Research center :
Interdisciplinary Centre for Security, Reliability and Trust (SnT) > FINATRAX - Digital Financial Services and Cross-organizational Digital Transformations
NCER-FT - FinTech National Centre of Excellence in Research [LU]
Disciplines :
Management information systems
Computer science
Author, co-author :
Glöckler, Jana
SEDLMEIR, Johannes  ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > FINATRAX
FRANK, Muriel-Larissa ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > FINATRAX
FRIDGEN, Gilbert  ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > FINATRAX
External co-authors :
yes
Language :
English
Title :
A systematic review of identity and access management requirements in enterprises and potential contributions of self-sovereign identity
Publication date :
12 September 2023
Journal title :
Business and Information Systems Engineering
ISSN :
2363-7005
eISSN :
1867-0202
Publisher :
Springer, Wiesbaden, Germany
Peer reviewed :
Peer reviewed
Focus Area :
Security, Reliability and Trust
FnR Project :
FNR16326754 - Privacy-preserving Tokenisation Of Artworks, 2021 (01/06/2022-31/05/2025) - Gilbert Fridgen
FNR13342933 - Paypal-fnr Pearl Chair In Digital Financial Services, 2019 (01/01/2020-31/12/2024) - Gilbert Fridgen
Name of the research project :
Fraunhofer Blockchain Center (20-3066-2-6-14)
Funders :
Bavarian Ministry of Economic Affairs, Regional Development and Energy
Available on ORBilu :
since 17 September 2023

Statistics


Number of views
145 (18 by Unilu)
Number of downloads
142 (9 by Unilu)

Scopus citations®
 
6
Scopus citations®
without self-citations
5

Bibliography


Similar publications



Contact ORBilu