Choice of suitable Identity and Access Management standards for mobile computing and communication

Nitin Naik*, Paul Jenkins, David Newell

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference publication

Abstract

Enterprises have recognised the importance of personal mobile devices for business and official use. Employees and consumers have been freely accessing resources and services from their principal organisation and partners' businesses on their mobile devices, to improve the efficiency and productivity of their businesses. This mobile computing-based business model has one major challenge, that of ascertaining and linking users' identities and access rights across business partners. The parent organisation owns all the confidential information about users but the collaborative organisation has to verify users' identities and access rights to allow access to their services and resources. This challenge involves resolving how to communicate users' identities to collaborative organisations without sending their confidential information. Several generic Identity and Access Management (IAM) standards have been proposed, and three have become established standards: Security Assertion Markup Language (SAML), Open Authentication (OAuth), and OpenID Connect (OIDC). Mobile computing and communication have some specific requirements and limitations; therefore, this paper evaluates these IAM standards to ascertain suitable IAM to protect mobile computing and communication. This evaluation is based on the three types of analyses: Comparative analysis, suitability analysis and security vulnerability analysis of SAML, OAuth and OIDC.

Original languageEnglish
Title of host publicationProceedings of the 24th International Conference on Telecommunications
Subtitle of host publicationIntelligence in Every Form, ICT 2017
PublisherIEEE
ISBN (Electronic)9781538606421, 978-1-5386-0643-8
ISBN (Print)978-1-5386-0644-5
DOIs
Publication statusPublished - 3 Aug 2017
Event24th International Conference on Telecommunications, ICT 2017 - Limassol, Cyprus
Duration: 3 May 20175 May 2017

Publication series

NameProceedings of the 24th International Conference on Telecommunications: Intelligence in Every Form, ICT 2017

Conference

Conference24th International Conference on Telecommunications, ICT 2017
CountryCyprus
CityLimassol
Period3/05/175/05/17

Bibliographical note

© 2017 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.

Keywords

  • IAM
  • Identity and Access Management
  • Mobile Computing and Communication
  • OAuth
  • OpenID Connect
  • SAML
  • SSO

Fingerprint Dive into the research topics of 'Choice of suitable Identity and Access Management standards for mobile computing and communication'. Together they form a unique fingerprint.

Cite this