TopChallenges Of Contemporary Identity And Access Management Frameworks
Chapter 1 has discussed the different challenges that contemporary IAM solutions are currently facing. This chapter will recap some of the issues which are related to the design of contemporary IAM systems.
Identity today has increased in complexity and challenges are in place in every aspect that is related to identity management: Identity Capture, Uniqueness, Universality, Interoperability, Secure Storage, Secure Communication, Scalability, Flexibility, Business & Work Flow, Interface, Privacy, User Acceptance, Overall TCO, Assurance, Distributed Deployment, System Integrity, Performance, Advocacy, etc., just to name a few.
Contemporary trend is that Business-to-Employee (B2E) identities are still managed by enterprise, but more distributed and influenced by the Cloud. Business-to-Customer (B2C), Business-to-Business (B2B), Government-to-Citizen (G2C), Government-to-Government (G2G) and Peer-to-Peer (P2P) identity management evolved into a state that trust between user and application are no longer a given relationship.
Furthermore, mobility adds to the identity complexity. People access applications through multiple access points simultaneously with each access point using different security policies and identity stores. This leads to the scenario that the same identity management policy may need to be developed and deployed multiple times. At the moment, there is lack of common access experience across devices which lead to fragmented user experience and control access. There is also lack of common user credentials across different access points. The governance and auditing requirements differ between channels which also caused fragmentation issues.
The concept of eGoverment has been proposed by different countries. The Digital Agenda for Europe is one of the examples in setting a goal that 50% of EU citizens to use eGovernment by 2015 (EU_Commission, 2014). However, there is still lacking in a unified eGovernment that can be relied as the sole online verifier. The basic fact is that not all governments have the same capabilities and not all countries are agreeable on a common model.
The concept of global e-iD is more than technologies alone can provide the solution because it requires negotiations amongst different countries on conditions and terms how a country may accept and process the e-iDs issued by another country and vice versa. It is difficult to find an open and flexible solution acceptable to all countries as the perceived risk of government monitoring online behaviour can inhibit adoption. Furthermore, private sector has the required skills and expertise and the flexibility to form non-government alliances to provide choices for consumers. Another practical problem is that there are more than 200 million individuals in the world have dual citizenship (The Economist, 2012).
According to empirical studies (Zimmerman, 2012; Pooe & Labuschagne, 2011), one of the major challenges facing the enterprise is adopting biometric technology by modernising legacy systems using updated standards. Technology transitions can become one of the key enablers for evolutionary acquisition of interoperable biometric and biographical data as well as any associated requirements, policy, and national laws.