A Consolidated Process Model for Identity Management

A Consolidated Process Model for Identity Management

Alex Ng (University of Ballarat, Australia), Paul Watters (University of Ballarat, Australia) and Shiping Chen (CSIRO ICT Centre, Australia)
Copyright: © 2012 |Pages: 29
DOI: 10.4018/irmj.2012070101
OnDemand PDF Download:
$30.00
List Price: $37.50

Abstract

Recently, identity management has gained increasing attention from both enterprises and government organisations, in terms of security, privacy, and trust. A considerable number of theories and techniques have been developed to deal with identity management issues within and between organisations. In this paper, the authors reviewed, assessed, and consolidated the research and development activities of identity management in 14 privately and publicly funded organisations. Furthermore, the authors developed a taxonomy to characterise and classify these identity management frameworks into two categories: processes and technologies. The authors then studied these frameworks by systematically reviewing the whole lifecycle of an identity management framework, including actors, roles, security, privacy, trust, interoperability, and federation. This paper aims to provide the reader with the state of art of existing identity management frameworks and a good understanding of the research issues and progress in this area.
Article Preview

1. Introduction

Identity theft is a crime which involves stealing money or gaining a benefit by pretending to be someone else. While the Internet has improved communications and the ease of doing business, an inevitable side-effect is that criminals now have more opportunities than before to obtain personal details about a large community of unknowing victims. By stealing a person’s identity, a fraudster may access the victim’s bank account, obtain credit cards or loans in the victim’s name, and potentially ruin the victim’s credit rating. Recently, we have witnessed the uprising number of cases in identity fraud around the globe. The figures obtained from the Australian Bureau of Statistics' first survey of personal fraud (Pink, 2008) indicate that around 3.1% (499,500) of the Australian population aged 15 years and over were victims of at least one incident of identity fraud within the 12 months prior to the survey. Furthermore, 2.4% (383,300) were the victims of bank or credit card identity fraud, and 0.8% (124,000) were victims of identity theft. A similar situation has occurred in the US - identity theft was the most common type of consumer fraud between 2000 to 2008, comprising an average 37% of the total number of fraud incidents each year. Alarmingly, the trend shows that the number of identity theft incidents has increased more than 10 fold from 31,140 in 2000 to 313,982 in 2008 (Finklea, 2010). Loss of personal data in the government and private sector is rampant (see Watters, 2009, for a UK survey).

At the same time, we have seen a low adoption rate of identity management systems in enterprises, with only 3 in 10 IT professionals reporting that their companies have identity access management solutions (Deeds, 2011). Conversely, identity management has become a critical issue in enterprises and public government agencies, as reflected in a survey conducted by Gartner in 2010 that ranked identity management as the first of the top five priorities for security in enterprises (Messmer, 2010).

The key assertion in our paper is that identity management frameworks – while dealing with internal issues relating to the management of data types representing abstractions of identity – must be applicable for all types of identity theft. This would make identity management more appealing to businesses for adoption, even accounting for the complexity in their implementation. One of the key benefits of identity management can be realised when issues that arise from the mis-management of identity are prevented.

Complete Article List

Search this Journal:
Reset
Open Access Articles: Forthcoming
Volume 31: 4 Issues (2018): 1 Released, 3 Forthcoming
Volume 30: 4 Issues (2017)
Volume 29: 4 Issues (2016)
Volume 28: 4 Issues (2015)
Volume 27: 4 Issues (2014)
Volume 26: 4 Issues (2013)
Volume 25: 4 Issues (2012)
Volume 24: 4 Issues (2011)
Volume 23: 4 Issues (2010)
Volume 22: 4 Issues (2009)
Volume 21: 4 Issues (2008)
Volume 20: 4 Issues (2007)
Volume 19: 4 Issues (2006)
Volume 18: 4 Issues (2005)
Volume 17: 4 Issues (2004)
Volume 16: 4 Issues (2003)
Volume 15: 4 Issues (2002)
Volume 14: 4 Issues (2001)
Volume 13: 4 Issues (2000)
Volume 12: 4 Issues (1999)
Volume 11: 4 Issues (1998)
Volume 10: 4 Issues (1997)
Volume 9: 4 Issues (1996)
Volume 8: 4 Issues (1995)
Volume 7: 4 Issues (1994)
Volume 6: 4 Issues (1993)
Volume 5: 4 Issues (1992)
Volume 4: 4 Issues (1991)
Volume 3: 4 Issues (1990)
Volume 2: 4 Issues (1989)
Volume 1: 1 Issue (1988)
View Complete Journal Contents Listing