Exploring Identity & Access Management in Application Security

Verified

Added on 2023/06/09

AI Summary

This report delves into the critical role of identity management and access control in application security, emphasizing the protection of applications from external threats. It discusses how identity management handles user credentials and identity information, while access management ensures strong authentication and authorization. The paper reviews existing literature, highlighting the challenges of balancing privacy, security, and usability in identity management systems. It further explores the importance of mutual authentication, the risks associated with unauthorized access, and the need for systems to differentiate between the lifespan of identities and claims. The conclusion underscores the importance of secure, user-friendly, and privacy-conscious identity management systems in ensuring that users only access the resources they need, such as applications and data.

Running head: APPLICATION SECURITY
Application Security
Name of the Student:
Name of the University:
Author Note:

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Application Security 1
Abstract:-
Application security aims to protect applications from external threats through use of software,
hardware. One concern of such security is managing identity and access. Identity management
manages user credentials along with their identity information to users. Similarly, access
management deals with provision of strong authentication and authorization solution. The paper
presents a study regarding the role of identity management and the access management in
managing the user privacy and security along with the risks or challenges in secure system
implementation. This paper explores the identity crisis that arises due to the privacy, security
and usability limitations confronted in existing identity management systems.

Application Security 2
Table of Contents
Introduction:-...................................................................................................................................2
Review of the Literature:-................................................................................................................3
Discussion:-.....................................................................................................................................3
Conclusion:-.....................................................................................................................................3
References:-.....................................................................................................................................3

Application Security 3
Introduction:-
Identity management comprises of creating a remote user’s or system’s identity,
managing user access to services through access control and keeping user’s identity details
(Mahalle et al., 2013). Proper implementation of such system is complex, as it has some
drawbacks that must be addressed before considering the system as privacy friendly, secure and
usable. This paper provides a literature review about identity management and access control
systems, followed by the discussion on tackling the potential issues that arises in systems and
finally in concludes mention the purpose of such systems.
Review of the Literature:-
Several studies have given significance to the usability, security and privacy issues of
system of identity management, each focusing on particular issues. One important challenging
research tasks is building a secured and privacy friendly identity management system with good
usability properties.
Traditional privacy-preserving identity management system has user consent mechanism
for end users personal data management for accessing services, by providing user consent
mechanisms. Technical research recommends usable privacy enhancing solutions. According to
Klevjer, Varmedal & Jøsang, 2013), there is a proposed scheme in which a personal
authentication device claims to provide security in single log-on method and safeguard against
phishing attacks. During implementing the identity management system, organizations should
agree on what are the requirement for business needs and the review should include hardwares,
softwares, data sources, workflows, policies, procedures and it must include all departments.
In order to handle security information, identity management systems enforce different
kinds of access rights through different techniques and methods. However, there remain several

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Application Security 4
vulnerabilities. These access rights are associated with different risks and threats and hence
presume different trust relationships among end-users, relying parties and identity providers
(Connelly et al., 2014). However, both system designers and users are ignorant of this difference
in access rights, which lead to impermissible risks.
Although several identity management systems are being designed from the user
perspective, still most of such systems have important usability issues. The identity system must
let a user to independently generate, use and manage his or her identity, regardless of user’s
current site as well as current device in use.
Discussion:-
Current research in identity management have several challenges relating the balance
among privacy, security, usability factors. The solution for mutual authentication is still to be
developed where users have to provide credentials and there will be provision such that identity
providers and relying parties are also authenticated to the users (Torres, Nogueira & Pujolle,
2013). Clearly, identity management has a role in delivering effective application security.
Identity management systems should be able to differentiate between the lifespan of an identity
with that of claims obtained from the same identity. These systems should have provision to
remove full or a part of outdated identities and to refute the outdated claims.
All the contemporary identity management systems have provision for user
authentication still there is no way for the user to authenticate the identity party or the relying
party. However, by authenticating the identity party or the relying party users will have the
provision to prevent phishing attacks (Sicari et al., 2015). Hence, identity management systems
must incorporate mutual authentication, in such a manner that the user does not have to install
any special software or to use one and the same device each of the time. In addition, one use of

Application Security 5
identity management systems is enforcing ownership of a resource. One key example of this is
online banking system, and to a marginal extent chat and email accounts, social network and
blog accounts. Illegitmate access of user’s bank account will result in direct financial loss. While
access to user’s electronic mail and chat account or other systems can allow a criminal to take
user’s identity, which may hurt users in many ways (Mahmoud et al., 2015). Here, the risk
associated with identity management rests totally with the user.
It is notable here that access permission to business applications along with their
associated data bears greater risk in particular since besides having revenue loss, there is
possibility of enormous financial damage as the data that is often confidential becomes public.
Similarly, different risk level are associated regarding access permission to an email account and
permitting access to a bank account.
Conclusion:-
Thus, we find that identity management deals with the policies and techniques related to
identification along with authentication process through access management and user profile
management. The primary requirement for both relying parties and end-users and is that identity
management systems that are spread across various organisations must be completely secure,
user friendly and maintain privacy. However, any modern system of identity management have
not been able to fulfil this completely. Finally, it draws conclusion that the objective of identity
management and access control is to ensure that users can access only the resources such as
applications and data they need.

Application Security 6
References:-
Connelly, M., Kanchinadham, S., Maharana, B., Rubin, L., Cook, M. J., Tobin, J., ... &
Subramaniam, B. (2014). U.S. Patent No. 8,842,815. Washington, DC: U.S. Patent and
Trademark Office.
Klevjer, H., Varmedal, K. A., & Jøsang, A. (2013, April). Extended HTTP digest access
authentication. In IFIP Working Conference on Policies and Research in Identity
Management(pp. 83-96). Springer, Berlin, Heidelberg.
Mahalle, P. N., Anggorojati, B., Prasad, N. R., & Prasad, R. (2013). Identity authentication and
capability based access control (iacac) for the internet of things. Journal of Cyber
Security and Mobility, 1(4), 309-348.
Mahmoud, R., Yousuf, T., Aloul, F., & Zualkernan, I. (2015, December). Internet of things (IoT)
security: Current status, challenges and prospective measures. In Internet Technology and
Secured Transactions (ICITST), 2015 10th International Conference for (pp. 336-341).
IEEE.
Sicari, S., Rizzardi, A., Grieco, L. A., & Coen-Porisini, A. (2015). Security, privacy and trust in
Internet of Things: The road ahead. Computer networks, 76, 146-164.
Torres, J., Nogueira, M., & Pujolle, G. (2013). A survey on identity management for the future
network. IEEE Communications Surveys & Tutorials, 15(2), 787-802.