This document provides an overview of identity and access management (IAM) frameworks. It discusses key business drivers for IAM implementation, including security, compliance with regulations, operational efficiency, and cost containment. The document also outlines some common challenges with IAM, such as managing multiple authentication requirements, inconsistent user provisioning processes, and lack of integration between applications. It argues that governments can help drive further development of IAM through national identity programs that establish trusted digital identities.
Cartesian assesses the current state of identity management, and outlines the opportunity for trusted service providers such as MNOs, financial institutions and governments to act as “digital identity authorities”.
Transformation from Identity Stone Age to Digital IdentityIJNSA Journal
Technological conversion, political interests and Business drivers has triggered a means, to establish individual characterization and personalization. People started raising concerns on multiple identities managed across various zones and hence various solutions were designed. Technological advancement has brought various issues and concerns around Identity assurance, privacy and policy enabled common Authentication framework. A compressive framework is needed to established common identity model to address national needs like standards, regulation and laws, minimum risk, interoperability and to provide user with a consistent context or user experience.
This document focuses on Transformation path of identity stone age to Identity as in state. It defines a digital identity zone model (DIZM) to showcase the Global Identity defined across the ecosystem. Also, provide insight of emerging Technology trend to enable Identity assurance, privacy and policy enabled common Authentication framework.
This paper explains the importance of data security through identity management. Businesses must
do everything practical to protect their data and IT systems from malicious parties. Hackers have many tools
and methods at their disposal, such as phishing, to steal identity data and compromise IT systems for malicious
purposes. Even failures by an organization’s own IT department to protect against malicious use from its own
employees have resulted in significant financial losses. These losses could have been prevented had adequate
identity management steps been taken. Usage of technologies such as a centralized Identity Management
System, Directory Services, or Federated Identity Management protect a user’s private information and
effectively control access to business systems. Many core IT business systems and cloud service providers can
leverage these identity management technologies to provide data security and secure access control.
Cyberspace is rapidly transforming our lives – how we live, interact, govern and create value. With the JAM (Jan Dhan, Aadhaar and Mobile) trinity, India is at the forefront of global digital transformation. “Digital India” is being hailed as the world's largest technology led programme of its kind.
While internet, smartphones and modern information and
communication devices have been great force multipliers, endless connectivity and proliferation of IoT devices is giving rise to vulnerabilities, risks and concerns. Cyber security is today ranked among top threats by governments and corporates. Heightened concerns about data security and privacy have resulted in a spate of regulations in India and across the world. India is in the process of discussing and enacting its own comprehensive data security and privacy regulation, as well as vertical specific ones. Cyber security is an ecosystem where laws, organisations, skills, cooperation and
technical implementation would need to be in harmony to be
effective.
Overall, a robust regulatory framework based on global and
country-specific regulations, development of a holistic cyber
security eco-system (academia and industry as well as
entrepreneurial) and a coordinated global approach through
proactive cyber diplomacy would help to secure cyber space and promote confidence and trust of key stakeholders including
citizens, businesses, political and security leaders.
CII has been actively working in the cyber security space. The CII Task Force on Public Private Partnership for Security of the Cyber Space has been set up to bring about improvements in the legal framework to strengthen and maintain a safe cyberspace ecosystem by capacity building through education and training programmes. We would facilitate collaboration and cooperation between Government and Industry in the area of cyber security in general and protection of critical information infrastructure in particular, covering cyber threats, vulnerabilities, breaches, potential protective measures, and adoption of best practices.
The purpose of this article is to provide an overview of the PKI project initiated part of the UAE national ID card program. It primarily shows the operational model of the PKI implementation that is indented to integrate the federal government identity management infrastructure with e-government initiatives owners in the country. It also explicates the agreed structure of the major components in relation to key stakeholders; represented by federal and local e-government authorities, financial institutions, and other organizations in both public and private sectors. The content of this article is believed to clarify some of the misconceptions about PKI implementation in national ID schemes, and explain how the project is envisaged to encourage the diffusion of e-government services in the United Arab Emirates. The study concludes that governments in the Middle East region have the trust in PKI technology to support their e-government services and expanding outreach and population trust, if of course accompanied by comprehensive digital laws and policies.
Cyber-attacks destroy the trusted relationship with customers and partners, the lifeblood of financial services. The industry is also behind the curve when it comes to adapting to the changes in working practices and consumer behaviour, driven by rapidly evolving smart devices.
Growing Cloud Identity Crisis: Survey Report on Cloud-Based Solutions for Ide...CloudEntr
A research study conducted by Gemalto and the 451 Group finds companies are relying on a growing number of cloud applications, increasing their need to secure this SaaS applications. Check out the report and learn why a large number of companies are now in the process of re-evaluating their Identity and Access Management (IAM) and single sign-on (SSO) solutions to ensure they authenticate, authorize and securely manage access to both in-house and cloud applications.
Cartesian assesses the current state of identity management, and outlines the opportunity for trusted service providers such as MNOs, financial institutions and governments to act as “digital identity authorities”.
Transformation from Identity Stone Age to Digital IdentityIJNSA Journal
Technological conversion, political interests and Business drivers has triggered a means, to establish individual characterization and personalization. People started raising concerns on multiple identities managed across various zones and hence various solutions were designed. Technological advancement has brought various issues and concerns around Identity assurance, privacy and policy enabled common Authentication framework. A compressive framework is needed to established common identity model to address national needs like standards, regulation and laws, minimum risk, interoperability and to provide user with a consistent context or user experience.
This document focuses on Transformation path of identity stone age to Identity as in state. It defines a digital identity zone model (DIZM) to showcase the Global Identity defined across the ecosystem. Also, provide insight of emerging Technology trend to enable Identity assurance, privacy and policy enabled common Authentication framework.
This paper explains the importance of data security through identity management. Businesses must
do everything practical to protect their data and IT systems from malicious parties. Hackers have many tools
and methods at their disposal, such as phishing, to steal identity data and compromise IT systems for malicious
purposes. Even failures by an organization’s own IT department to protect against malicious use from its own
employees have resulted in significant financial losses. These losses could have been prevented had adequate
identity management steps been taken. Usage of technologies such as a centralized Identity Management
System, Directory Services, or Federated Identity Management protect a user’s private information and
effectively control access to business systems. Many core IT business systems and cloud service providers can
leverage these identity management technologies to provide data security and secure access control.
Cyberspace is rapidly transforming our lives – how we live, interact, govern and create value. With the JAM (Jan Dhan, Aadhaar and Mobile) trinity, India is at the forefront of global digital transformation. “Digital India” is being hailed as the world's largest technology led programme of its kind.
While internet, smartphones and modern information and
communication devices have been great force multipliers, endless connectivity and proliferation of IoT devices is giving rise to vulnerabilities, risks and concerns. Cyber security is today ranked among top threats by governments and corporates. Heightened concerns about data security and privacy have resulted in a spate of regulations in India and across the world. India is in the process of discussing and enacting its own comprehensive data security and privacy regulation, as well as vertical specific ones. Cyber security is an ecosystem where laws, organisations, skills, cooperation and
technical implementation would need to be in harmony to be
effective.
Overall, a robust regulatory framework based on global and
country-specific regulations, development of a holistic cyber
security eco-system (academia and industry as well as
entrepreneurial) and a coordinated global approach through
proactive cyber diplomacy would help to secure cyber space and promote confidence and trust of key stakeholders including
citizens, businesses, political and security leaders.
CII has been actively working in the cyber security space. The CII Task Force on Public Private Partnership for Security of the Cyber Space has been set up to bring about improvements in the legal framework to strengthen and maintain a safe cyberspace ecosystem by capacity building through education and training programmes. We would facilitate collaboration and cooperation between Government and Industry in the area of cyber security in general and protection of critical information infrastructure in particular, covering cyber threats, vulnerabilities, breaches, potential protective measures, and adoption of best practices.
The purpose of this article is to provide an overview of the PKI project initiated part of the UAE national ID card program. It primarily shows the operational model of the PKI implementation that is indented to integrate the federal government identity management infrastructure with e-government initiatives owners in the country. It also explicates the agreed structure of the major components in relation to key stakeholders; represented by federal and local e-government authorities, financial institutions, and other organizations in both public and private sectors. The content of this article is believed to clarify some of the misconceptions about PKI implementation in national ID schemes, and explain how the project is envisaged to encourage the diffusion of e-government services in the United Arab Emirates. The study concludes that governments in the Middle East region have the trust in PKI technology to support their e-government services and expanding outreach and population trust, if of course accompanied by comprehensive digital laws and policies.
Cyber-attacks destroy the trusted relationship with customers and partners, the lifeblood of financial services. The industry is also behind the curve when it comes to adapting to the changes in working practices and consumer behaviour, driven by rapidly evolving smart devices.
Growing Cloud Identity Crisis: Survey Report on Cloud-Based Solutions for Ide...CloudEntr
A research study conducted by Gemalto and the 451 Group finds companies are relying on a growing number of cloud applications, increasing their need to secure this SaaS applications. Check out the report and learn why a large number of companies are now in the process of re-evaluating their Identity and Access Management (IAM) and single sign-on (SSO) solutions to ensure they authenticate, authorize and securely manage access to both in-house and cloud applications.
Identity and access management is a vital information security control for organizations to minimize the insider threats and advanced persistent threats that are caused by mismanaged user's identities and access control on sensitive business applications. Unauthorized access to business critical IT applications results in information disclosure and financial loss for many organizations across the world. Deployment of identity and access management as an essential information security control will enable organizations to detect or even prevent security breaches due to unauthorized access. This paper elaborates necessary facts for making decisions towards protecting the organization's assets using IAM controls. The purpose of this paper to compare various Identity and access management tools. Mr. Vinay Jayprakash Pol ""Identity and Access Management Tools"" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-3 | Issue-4 , June 2019, URL: https://www.ijtsrd.com/papers/ijtsrd23935.pdf
Paper URL: https://www.ijtsrd.com/management/other/23935/identity-and-access-management-tools/mr-vinay-jayprakash-pol
A SURVEY ON FEDERATED IDENTITY MANAGEMENT SYSTEMS LIMITATION AND SOLUTIONSIJNSA Journal
An efficient identity management system has become one of the fundamental requirements for ensuring safe, secure, and transparent use of identifiable information and attributes. Federated Identity Management (FIdM) allows users to distribute their identity information across security domains which increases the portability of their digital identities, and it is considered a promising approach to facilitate secure resource sharing among collaborating participants in heterogeneous IT environments. However, it also raises new architectural challenges and significant security and privacy issues that need to be mitigated. In this paper, we provide a comparison between FIdM architectures, presented the limitations and risks in FIdM system, and discuss the results and proposed solutions.
Mitigating Cyber-Threat in the Financial Industry of Bangladesh using Biometr...Dr. Amarjeet Singh
Information is such a thing which if misused, leaked or breached can lead to undesirable consequences. Financial institutions have a lot of data of their customers. These data’s are regarding customers’ personal information, transactions and many more which are highly sensitive. The entire system by which financial institutions such as – banks run, are required to be secured from cyber breach. As by breaching these systems’ can lead to financial disaster. The rapid growth of IT infrastructure is not only considered a convenient way for customers in many perspectives but also it point out the lack of skilled manpower in our country. In banking sector, ATM, E-money laundering are the domain where crime occurred most of the time. So, this paper focuses on developing a conceptual framework based on secondary sources which included publications, journal, books etc. regarding the problem of cyber-threat happening in Bangladesh. It describes how a financial institute can make safe transaction using biometric based public key infrastructure with the help of digital certificate.
Presentation given by Dr K Subramanian, Director and Professor, Advance Centre for Informatic and Innovative Learning IGNOU on August 3rd, 2011 at eWorld Forum (www.eworldforum.net) in the session Information Management and Security
Accenture re-organizing-todays-cyber-threatsLapman Lee ✔
Banks are facing an urgent need to bring fraud risk management and IT security—two historic silos—more closely together to combat mounting data security and cyber threats.
Location Based Services in M-Commerce: Customer Trust and Transaction Securit...CSCJournals
It is understood by studies that wireless data services is crucial for users to access locationbased services. As in location-dependent services, the data value for a data item depends on geographical locations. In general, the Location Based Services includes the services to identify the location of a person or object like searching of the nearest Banking, Cash Machine Receiving Alerts, Location Based Advertising etc. With the rapid adoption of mobile devices as a primary interface to network of services, there is a considerable risk with respect to authentication and authorization. To guard against risk, trustworthy authentication and secure communication are essential especially in Location Based Services. The purpose of this study is to identify security risks in mobile transactions specially in location based services like mobile banking. Current mobile banking authentication is challenging and identified as a major security risk. Identify the factors why customer distrusts mobile banking. Furthermore, identifying security issues between mobile devices and mobile banking systems. Finding which approach is more suitable and secure for mobile banking transaction between customer and bank.
This white paper examines the need for strong authentication and explores the return on investment that can be realized in order to help organizations move toward more effective security.
Analyst Report: The Digital Universe in 2020 - ChinaEMC
This IDC Country Brief discusses China, where the amount of data created, replicated, and consumed each year will grow 24-fold between 2012 and 2020, according to the 2012 IDC Digital Universe study, sponsored by EMC.
Identity Access Management(IAM) - Government Market ReportResearchFox
Identity Access Management(IAM) has been widely accepted nowadays across verticals as most of the technologies (Hardware and software) are running different operating systems and applications. Moreover, these applications are hosted by a 3rd party remote vendor and are accessed remotely. Also with the rise in cyber attacks and security breach most of the administrations and IT departments are working in a synchronized way across different organizations. Hence IAM providers need to provide solutions with the right mix of compatibility, accessibility and limited cost. Avail the sample market report by visiting here: https://www.researchfox.com/reports/identity-access-management-iam&market-report
Avail the complete report at discounted price of 500$
Mobile identity management has attracted the attention of both the public and private sectors in the last few years. In the context of service delivery, modern mobile communication networks offer more convenient approaches to developing citizen-centric applications. However, taking into consideration the need for compelling user authentication and identification, secure communication in mobile environments remains a challenging matter. This article explores the potential role of government-issued smart identity cards in leveraging and enabling a more trusted mobile communication base. It delves into the identity management infrastructure program in the United Arab Emirates (UAE) and how the smart identity card and overall system architecture have been designed to enable trusted and secure transactions for both physical and virtual mobile communications.
Identity and access management is a vital information security control for organizations to minimize the insider threats and advanced persistent threats that are caused by mismanaged user's identities and access control on sensitive business applications. Unauthorized access to business critical IT applications results in information disclosure and financial loss for many organizations across the world. Deployment of identity and access management as an essential information security control will enable organizations to detect or even prevent security breaches due to unauthorized access. This paper elaborates necessary facts for making decisions towards protecting the organization's assets using IAM controls. The purpose of this paper to compare various Identity and access management tools. Mr. Vinay Jayprakash Pol ""Identity and Access Management Tools"" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-3 | Issue-4 , June 2019, URL: https://www.ijtsrd.com/papers/ijtsrd23935.pdf
Paper URL: https://www.ijtsrd.com/management/other/23935/identity-and-access-management-tools/mr-vinay-jayprakash-pol
A SURVEY ON FEDERATED IDENTITY MANAGEMENT SYSTEMS LIMITATION AND SOLUTIONSIJNSA Journal
An efficient identity management system has become one of the fundamental requirements for ensuring safe, secure, and transparent use of identifiable information and attributes. Federated Identity Management (FIdM) allows users to distribute their identity information across security domains which increases the portability of their digital identities, and it is considered a promising approach to facilitate secure resource sharing among collaborating participants in heterogeneous IT environments. However, it also raises new architectural challenges and significant security and privacy issues that need to be mitigated. In this paper, we provide a comparison between FIdM architectures, presented the limitations and risks in FIdM system, and discuss the results and proposed solutions.
Mitigating Cyber-Threat in the Financial Industry of Bangladesh using Biometr...Dr. Amarjeet Singh
Information is such a thing which if misused, leaked or breached can lead to undesirable consequences. Financial institutions have a lot of data of their customers. These data’s are regarding customers’ personal information, transactions and many more which are highly sensitive. The entire system by which financial institutions such as – banks run, are required to be secured from cyber breach. As by breaching these systems’ can lead to financial disaster. The rapid growth of IT infrastructure is not only considered a convenient way for customers in many perspectives but also it point out the lack of skilled manpower in our country. In banking sector, ATM, E-money laundering are the domain where crime occurred most of the time. So, this paper focuses on developing a conceptual framework based on secondary sources which included publications, journal, books etc. regarding the problem of cyber-threat happening in Bangladesh. It describes how a financial institute can make safe transaction using biometric based public key infrastructure with the help of digital certificate.
Presentation given by Dr K Subramanian, Director and Professor, Advance Centre for Informatic and Innovative Learning IGNOU on August 3rd, 2011 at eWorld Forum (www.eworldforum.net) in the session Information Management and Security
Accenture re-organizing-todays-cyber-threatsLapman Lee ✔
Banks are facing an urgent need to bring fraud risk management and IT security—two historic silos—more closely together to combat mounting data security and cyber threats.
Location Based Services in M-Commerce: Customer Trust and Transaction Securit...CSCJournals
It is understood by studies that wireless data services is crucial for users to access locationbased services. As in location-dependent services, the data value for a data item depends on geographical locations. In general, the Location Based Services includes the services to identify the location of a person or object like searching of the nearest Banking, Cash Machine Receiving Alerts, Location Based Advertising etc. With the rapid adoption of mobile devices as a primary interface to network of services, there is a considerable risk with respect to authentication and authorization. To guard against risk, trustworthy authentication and secure communication are essential especially in Location Based Services. The purpose of this study is to identify security risks in mobile transactions specially in location based services like mobile banking. Current mobile banking authentication is challenging and identified as a major security risk. Identify the factors why customer distrusts mobile banking. Furthermore, identifying security issues between mobile devices and mobile banking systems. Finding which approach is more suitable and secure for mobile banking transaction between customer and bank.
This white paper examines the need for strong authentication and explores the return on investment that can be realized in order to help organizations move toward more effective security.
Analyst Report: The Digital Universe in 2020 - ChinaEMC
This IDC Country Brief discusses China, where the amount of data created, replicated, and consumed each year will grow 24-fold between 2012 and 2020, according to the 2012 IDC Digital Universe study, sponsored by EMC.
Identity Access Management(IAM) - Government Market ReportResearchFox
Identity Access Management(IAM) has been widely accepted nowadays across verticals as most of the technologies (Hardware and software) are running different operating systems and applications. Moreover, these applications are hosted by a 3rd party remote vendor and are accessed remotely. Also with the rise in cyber attacks and security breach most of the administrations and IT departments are working in a synchronized way across different organizations. Hence IAM providers need to provide solutions with the right mix of compatibility, accessibility and limited cost. Avail the sample market report by visiting here: https://www.researchfox.com/reports/identity-access-management-iam&market-report
Avail the complete report at discounted price of 500$
Mobile identity management has attracted the attention of both the public and private sectors in the last few years. In the context of service delivery, modern mobile communication networks offer more convenient approaches to developing citizen-centric applications. However, taking into consideration the need for compelling user authentication and identification, secure communication in mobile environments remains a challenging matter. This article explores the potential role of government-issued smart identity cards in leveraging and enabling a more trusted mobile communication base. It delves into the identity management infrastructure program in the United Arab Emirates (UAE) and how the smart identity card and overall system architecture have been designed to enable trusted and secure transactions for both physical and virtual mobile communications.
Despite significant investments in eGovernment, reported experiences show limited and struggling success cases. In the last 15 years, Governments’ efforts have been scattered, as agencies were mainly concerned with the development of informational portals and some basic online services resulting from the automation of a few traditional transactions.
In fact, Governments have been cautious in terms of their preferred eGovernment approaches and strategies. A large number of Governments’ services are still provided over the counter and requires the physical presence of citizens. This is in principle due to the fact that existing eGovernment environments lack effective methods through which they can establish trust and avail services over digital networks.
This article discusses the need for trust establishment to advance eGovernment in light of the existing and emerging realities. It looks at the evolving forms of identities, namely digital identities and the role of PKI technology in enabling such requirements.
The key contribution of this article is that it provides an overview of a large scale national PKI program which was deployed as part of a government identity management infrastructure development scheme in the United Arab Emirates. It provides an insight into the architecture and features of the PKI deployment. It presents how the UAE government planned and set up a national identity validation gateway to support both online and traditional transactions. It also includes some reflections on key management considerations and attempts to make reference to some European initiatives to highlight similarities and differences with the UAE and GCC projects.
The concept of federated e-identity is gaining attention worldwide in light of evolving identity management challenges to streamlining access control and providing quality and convenient online services. In a federated system, participant institutions share identity attributes based on agreed-upon standards, facilitating authentication from other members of the federation and granting appropriate access to online resources. The article provides an insight into the ongoing federated e-Identity initiative in GCC countries. The aim of the initiative is to develop a trusted and secure cross-border infrastructure to authenticate and validate citizens' identities across GCC borders. Such an interoperability platform can then be used to facilitate citizens' mobility and stand as the basis for digital economy development. Current literature does not include any information about the work being conducted within GCC countries in relation to the GCC eID platform. This article thus contributes to developing a better understanding of such practices, triggers debate and discussion, opens the door to reflection, and guides international efforts in this eminent domain of practice.
To tell that - IT environment has shifted, and this would be a huge understatement. We just see this happening around us. Yet to say, the transition is not necessarily a bad thing. Like in other technology organizations, Identity governance is in the process of change. We can see that this can be a positive transformation; as the way it allows us to be more flexible and stronger.
Visit : https://techdemocracy.com
CA Technologies and Deloitte: Unleash and Protect your Business with Identity...CA Technologies
Protecting today’s cloud-based, mobile enterprise requires a new approach – one that focuses on secure identity and access management (IAM), while at the same time driving two critical imperatives:
Learn how to enable business growth by:
• Quickly deploying new online services
• Leveraging new advances in cloud computing and virtualization
• Accommodating the needs of demanding, tech-savvy users
(i.e., customers, partners, employees, etc.)
• Driving greater employee productivity and increasing business intelligence
Protect the business by:
• Mitigating the risk of fraud, breaches, insider threats and improper access – from both internal and external sources
• Safeguarding critical systems, applications and data
Download the eBook today to learn more.
Article started one year ago, obtains far more relevancy these days. Its meaning stays the same however: "Without laws and regulations would be chaos affecting our freedom and human nature."
Varied technological environments, increasing cyber-attacks, strict regulatory compliances, and increasing digital identities across organizations, are propelling the need of IAM services for information security.
The future of identity verification predictions and trends in blockchain tech...Techgropse Pvt.Ltd.
As a leading mobile app development company in UAE, we have been closely following the rapid development of blockchain technology and its potential to transform various industries. One area that has caught our attention is identity verification, which plays a crucial role in countless processes - from financial transactions to government services. Dubai, a city at the forefront of technological innovation, is becoming a center for exploring the intersection of blockchain and identity management.
Customer IAM vs Employee IAM (Legacy IAM)Ubisecure
Internal or enterprise IAM solutions are driven by the HR systems and concentrate on provisioning. Customer IAM solutions provide flexibility and features that facilitate the management of external users. CIAM is a tool to increase capture & conversion, reduce cost, improve the customer experience and journey.
MECHANISMS FOR DIGITAL TRANSFORMATION IN THE EDUCATION AND HEALTHCARE SECTORS...IJNSA Journal
This paper argues for the consideration of a decentralized, open, interoperable identity framework as a secure, scalable, user-centered meta-platform capable of leveraging many aggregate network advantages and delivery options for education and healthcare providers. An overview of the shortfalls and vulnerabilities of the current Internet and systems for identity management is first explained, followed by a summary of the status of development and primary proponents of decentralized, blockchain-enabled, self-sovereign identification (SSI). An examination of the Key Event Receipt Infrastructure (KERI) open-source decentralized key management infrastructure (DKMI) and its primary root-of-trust in self-certifying identifiers (SCID) is evaluated. This paper recommends KERI for consideration as a potential meta-platform overlay and solution for both the education and health industries as a means of attaining their primary goal of being more user versus institution-centric in their core interactions and processes. Finally, some pathways for future research are recommended.
Similar to Optimizing Identity and Access Management (IAM) Frameworks (20)
يسلط الكتاب الضوء على دور اقتصاد البيانات في دعم الأنظمة الاقتصادية الوطنية، وإرشاد القرارات والسياسات في مختلف القطاعات. ويقدم مجموعة من التوصيات لتطوير السياسات التنظيمية والبنى التحتية ودعم الابتكار وتشجيع نمو القطاع الخاص وريادة الأعمال.
يسلط الكتاب الضوء على أهم أبعاد التحول الرقمي الحكومي، ويقدم أطر ومفاهيم عامة لتصميم وتطوير المنظومات الخدماتية القائمة على إنشاء القيمة وتحقيق النمو الاجتماعي والاقتصادي
يتناول الكتاب المتغيرات التي فرضتها التكنولوجيات الحديثة على المفاهيم المرتبطة بالنقد، ودور العملات الرقمية في تشكيل مستقبل الأسواق العالمية.
ويتطرق أيضاً إلى التحولات الكبيرة في الاقتصاد العالمي الجديد، ودور العملة في الاقتصاد، والمشكلات التي تواجه العملات بشكل عام والورقية على الأخص، والمدفوعات والعملات الإلكترونية، ومفهوم العملات الرقمية الحكومية والتجارية والافتراضية والمشفرة والمستقرة، هذا بالإضافة إلى مميزات العملات المشفرة ومخاطرها، والقيم المتذبذبة للعملات التجارية، والترويج الذي يتم لها.
كما يستعرض الكتاب التجارب الدولية للعملات الرقمية، والتجارب العربية في هذا المجال، والمواقف الحكومية من العملات المشفرة، وعملة الـفيسبوك، ومستقبل العملات الرقمية والمدفوعات الرقمية، هذا بالإضافة إلى دور تكنولوجيا البلوك تشين في تأمين المعاملات المالية.
ويضع الكتاب النموذج المتوقع لعمل العملات الرقمية الحكومية، وذلك من خلال التطرق إلى 9 خصائص رئيسية مطلوبة لأي منظومة عملة ناجحة من العملات الرقمية، وكذلك 8 مكونات أساسية لنموذج عمل العملات الرقمية الحكومية، مع شرح آلية عمل النموذج.
ومن بين أهم التوصيات التي أوصى بها الكتاب هو ضرورة أن يتوحد العالم العربي لدراسة وتأسيس عملة رقمية وفق منهج علمي مدروس وجماعي، تكون الأولوية الحاكمة فيه هي التوافق والتكامل.
يشير الكتاب على أن التنمية الفكرية في بناء المؤسسات تمثل إحدى أهم الأبعاد المحورية نحو المجتمعات والاقتصادات المستدامة، ويبين أن وصول المؤسسات للقمة والتميز يتطلب منها تكوين فهم دقيق للقيمة المضافة التي تنشئها المؤسسة قبل بحث الكيفية والوسيلة، وأن القدرة على الابتكار والتغيير والتحديث هي السمات التي يمكن من خلالها أن تسهم في توفير قوة دافعة للمؤسسة للتميز والاستدامة.
ويتناول الكتيب عدة محاور ضرورية من شأنها أن تعزز من إسهامات القيادات الشابة في مؤسساتهم، والتي جاء في مقدمتها: مفهوم القمة في العمل المؤسسي، ومجالات وصول المؤسسات للقمة، وأدوات الوصول للقمة والمحافظة عليها؛ وشرح لمفاهيم الإدارة المتميزة، وأساسيات إدارة الموارد البشرية، ومدى الاستفادة من التكنولوجيا، وما يحمله المستقبل من تطورات في مجالات جديدة بالثورة الصناعية الرابعة، وطريقة الوصول للقمة، وكذلك استمرارية البقاء على القمة التي تستدعي التعلم بشكل مستمر، وكيفية استدامة التميز المعتمدة على المنهج المتكامل القابل لتحديد نفسه بصفة دائمة.
يتطرق الكتاب إلى بعض المعطيات التي أصبحت تدفع نحو تحولات كبيرة في النظام الاقتصادي العالمي، ويتناول توقعات المؤسسات الدولية لأداء الاقتصاد العالمي.
كما يضع الكتاب عدد من السمات المفترضة للنظام الاقتصادي الجديد خلال فترة ما بعد (كوفيد 19).
يتناول الكتاب الصادر من مجلس الوحدة الاقتصادية العربية بجامعة الدول العربية بعنوان “الاقتصاد الرقمي ودوره في تعزيز الأمن الوطني”، الفرص التي يمتلكها الاقتصاد الرقمي ويدعو للتركيز على الاقتصاد الرقمي كعنصر تنموي استراتيجي لتطوير مقومات الأمن الاقتصادي.
The study highlights the effects of the revolutions and unrest in Arab countries with an attempt to provide an overview of Arab present and its prospects. It primarily recommends the adoption and employment of advanced technologies in reconstruction efforts and supporting the development of resilient and sustainable economies.
The book is designed to promote understanding of conflicts in organisations, and establish how they can be handled effectively, and make them work as opportunities for improvement and constructive change.
دراسة موجزة لمجلس الوحدة الاقتصادية العربية بجامعة الدول العربية حول آثار أزمة جائحة كورونا على الدول العربية وتقدم توصيات لمتخذي القرار وراسمي السياسات للتعامل مع تداعيات الأزمة.
The book pinpoints that the digital future is exposed to the danger of chaotic, unregulated growth, which constitutes a challenge for countries that still operate according to traditional economic models, and that public thinking in the Arab region in facing challenges still follows the "reaction methodology" and temporary solutions with short-term prospects, and that this is confirmed by the current international indicators of its competitiveness. The book proposes that in order to address this, visions and efforts should be based on strategies driven by scientific methods, and with it the Arab countries must develop a clear understanding of the main challenges before jumping to seize opportunities.
The book shows that it is fundamental for policymakers and decision-makers to have precise and accurate understanding of the intricate details in digital transformation initiatives and the role that modern technologies can play in changing the rules and systems of current practices, and in how to develop digitized, more innovative business models with which to build resilient and sustainable social economies and systems.
The book also draws on the current data and indicators of the global economy and that they are pushing to form a worrying picture of weaknesses in Arab countries, which in turn may threaten the stability of the entire region, especially with regard to the "cognitive decline" and “increasing unemployment rates” and “poor economic performance"; and that these challenges call for dealing with it as key strategic indicators that require urgent action plans; with emphasis that these plans need to be designed to reflect different ways of thinking and adapted to the nature of the requirements and challenges of the 21st century and treat them as forces and positive factors.
The book highlights the importance of accelerating the implementation of a set of initial reform projects to encourage the development of more dynamic and developed digital business environments in the Arab region, in parallel with the development of educational systems and healthcare, and strengthening agricultural capabilities to achieve food security targets, and focus on economies based on industry and production, and promoting the development of Arab digital platforms to support e-commerce practices.
يتطرق الكتاب إلى تحليل الوضع الراهن لمشاريع التحول الرقمي في الحكومات العربية، والمراحل الأربعة للتحول في المنظومة الحكومية، وأهم العوائق والتحديات التي تعطل مسيرة التطور والتقدم ويقدم الكتاب بعض الحلول الموجزة والمقترحة في هذا السياق.
ويوضح الكتاب بأن مفاهيم الصناعة باتت تدفع بتطبيقات ممكّنة للآلات للتواصل فيما بينها من خلال الشبكات الإلكترونية واتخاذ القرارات اللامركزية بمستويات تفوق القدرات البشرية. كما أن ذلك أصبح يدفع أيضاً إلى ظهور نماذج عمل للمؤسسات أشبه بـ «المصانع الذكية» تتميز بقدراتها الآلية على التطوير الذاتي والتعامل مع المتغيرات والتعلم المستدام، والقدرة على تطوير المنظومات الخدمية والإنتاجية بمستويات كفاءة وفاعلية ومستويات أداء غير مسبوقة؛ وأن المؤسسات في المنطقة العربية لم يعد أمامها خيار سوى الاستمرار ومواكبة التقدم في تنفيذ مشاريع التحول الرقمي.
وجدير بالذكر أن المنطقة العربية وكثير من دول العالم شهدت في العقدين الماضيين آلاف المبادرات والمشاريع في مجال التحول الرقمي، مستهدفة دعم قدراتها كحكومة مسئولة عن صناعة العديد من القرارات وتقديم الخدمات، وانطلاقاً من رؤية القيادات في هذه الدول لتحويل الخدمات الحكومية إلى خدمات إلكترونية وذكية.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Leading Change strategies and insights for effective change management pdf 1.pdf
Optimizing Identity and Access Management (IAM) Frameworks
1. Ali M. Al-Khouri / International Journal of Engineering Research and Applications (IJERA)
ISSN: 2248-9622 www.ijera.com
Vol. 1, Issue 3, pp.461-477
Optimizing Identity and Access Management (IAM)
Frameworks
Ali M. Al-Khouri
Emirates Identity Authority, Abu Dhabi, United Arab Emirates
Email: ali.alkhouri@emiratesid.ae
ABSTRACT
Organizations in both public and private sectors are strategy [2]. Due to this, many outsiders have now become
realizing the value of identity and access management
an integral part of organizations’ ICT definitions [3].On the
technology to address mission-critical needs and to ensure
appropriate access to resources across heterogeneous other hand, governments are enormously investing in ICT to
technology environments, and to meet rigorous compliance transform the way they deliver services to their citizens,
requirements. A well-designed identity management system residents and businesses. Convenience of transacting
is fundamental to enabling better information sharing, directly with the government and the attempts to reduce the
enhancing privacy protection, and connecting the diverse red tape in government services has driven public sector to
web of public and private sector agencies involved in the
adapt to a more productive business processes. To many of
delivery of today's public service. This article provides an
overview of identity and access management literature. It us today, gone are the days when citizens had to visit a
attempts to analyze the business drivers, trends, issues and government office for a service. Our expectations of public
challenges associated with the implementation of such services have risen to an extent where we expect now
systems. It then presents a strategic framework and an services to be delivered at our doorsteps. ICT is envisaged to
overall ecosystem for the implementation of identity and transform government business and services to meet
access management system in different contexts of citizens' expectations for better services, and to create a
applications. It also introduces possible strategies and
more open government. These developments necessitate the
solutions for the development of a federated national
identity infrastructure. It finally sheds light on a recent ability to establish and confirm the identity of remote
government implementation in the United Arab Emirates entities, provide identity assurance and ensure authorized
that was launched to develop a modern identity access. Though the priorities and principal drivers of
management infrastructure to enable digital identities and identity management differ from one sector to another, there
support their application in e-government and e-commerce exists a common foundation for identity and access
context. management that is gradually converging based on trust
establishment.
Keywords - identity and access management; federated The intent of this article is to provide an overview of the
identity; national identity card. literature surrounding the application of identity and access
management. It also aims to establish a link between
1. INTRODUCTION identity and access management technologies and the role of
The rapid globalization of world commerce, converted governments in establishing and managing the identity
conventional businesses that were used to be based on lifecycle of their citizen and resident population. Such
handshakes, into new electronic forms of commerce governments' take up, is expected to momentously drive
enabling remote impersonal transactions. This identity and access management developments to higher
transformation of the way commerce is handled has largely levels.
been due to the explosive growth in Information and
This article is structured as follows. First, a short overview
Communication Technology (ICT). Today’s businesses rely
of the literature on identity and access management is
solidly on ICT systems for their day-to-day operations.
provided. Associated business drivers, trends, issues and
Business challenges that necessitate reaching out to far flung
challenges, and opportunities are identified. The value
customers are forcing organizations to open up their internal
pyramid of identity and access management is explained in
systems to outsiders such as suppliers, customers and
the context of an ecosystem. Next, the role of governments'
partners [1]. This has literally broken down the virtual
national identity programs and underpinning technologies
perimeter conceived as part of the organizations’ security
such as smart cards and PKI technologies in the
461 | P a g e
2. Ali M. Al-Khouri / International Journal of Engineering Research and Applications (IJERA)
ISSN: 2248-9622 www.ijera.com
Vol. 1, Issue 3, pp.461-477
optimization of identity and access management systems is protection and information sharing. Access control is then
outlined. Finally, we delineate on a UAE government built on a set of authorizations which are given as directives
program that was launched to set up a national identity through the security policy. With the growing needs of
infrastructure and enable digital identities to support e- security, compliance and newer infrastructure models like
government transformation and e-commerce initiatives. cloud platforms, identity and access management has
become the corner stone for today’s ICT enabled business
2. IDENTITY MANAGEMENT: AN models [6].
EMBRYONIC DISCIPLINE
Identity and access management system is considered as a
There is an old say we used to hear about trust: “Only a man framework for business processes that facilitates the
you trust can breach your trust”. This is the irony of trust. management of electronic identities [8]. The framework
Identity has become a new focal point in today’s global includes the technology needed to support identity
economy. It forms the basis of social and commercial management. IAM technology is used to establish, record
interactions. As illustrated in Table 1, trust is defined and and manage user identities and their related access
interpreted differently in various study domains such as permissions in an automated approach. This ensures that
computer science, psychology and sociology. Trust involves access privileges are granted according to corporate policy
providing reliable identity assertion of the relevant parties. and that all individuals and services are properly
Achieving such goal requires building a “Trust Framework” authenticated, authorized and audited. Let us look at some
for each identity system that addresses both the operational surveys related to the domain of trust and access
requirements and the legal rules necessary to define a management, which should clarify the seriousness of the
trustworthy identity system [4]. topic being discussed here.
Table 1: interpretation of Trust in different study domains
2.1 RECENT SURVEYS
Trust A 2009 Data Breach Investigations Report by the Verizon
Desc.
Domain Business RISK shows that almost one third of data breaches
related to security engineering and
trusted
encompasses areas such as risk management,
were linked to trusted business partners, such as suppliers
systems: and contractors [8]. In addition, and according to findings of
surveillance, auditing and communications.
another recent study conducted by Deloitte and the National
"web of related to cryptography and focuses on
trust" technologies like public key infrastructure. Association of State Chief Information Officers
systems: (NASCIO), surveyed organizations reported that the
considered within the areas of psychology majority (55 percent) of internal information breaches were
and sociology and proposes a measure of how traced to either the malicious or inadvertent behavior of
trust metric:
a member of a group is trusted by other employees [9]. See also Fig. 1.
members.
Source: Choi et al., 2006.
Ever since computing technologies have been applied for
business operations, identities were managed in one form or
another. Over time, identity management evolved as a
separate discipline in line with the growing importance that
this technology has gained over the years. There have been
endless attempts by researchers and practitioners to
construct community-aware identity management systems
and for establishing higher trust levels between users of
different digital networks [5]. However, the critical issue
lies in the fact that there are few implemented systems in
practice that provide strong user authentication capabilities
Fig.1: Source of breaches
and new levels of trust and confidence to how identities are
established and verified. According to a study conducted to better understand
Thus, the industry and governments alike are beginning to activities affecting information systems and data in critical
realize that trust management is intricately integrated with infrastructure sectors, it was stated that the incidents studied
identity management. This is to say that trusted identity were caused mainly by “Insiders” [10,11]. The study which
information is a key foundation element to privacy was collaboratively developed by United States Secret
462 | P a g e
3. Ali M. Al-Khouri / International Journal of Engineering Research and Applications (IJERA)
ISSN: 2248-9622 www.ijera.com
Vol. 1, Issue 3, pp.461-477
Service’s National Threat Assessment Center (NTAC) and 2.2 IDENTITY AND ACCESS MANAGEMENT
the CERT® Program (CERT) and the Carnegie Mellon EVOLUTION
University (CMU), revealed that:
• The majority (58%) of insiders were current
employees in administrative and support positions
that required limited technical skills.
• Financial gain was the motive (54%) for most
insiders’ illicit cyber activities.
• Most (85%) of the insiders had authorized access at
the time of their malicious activity.
• Access control gaps facilitated most (69%) of the
insider incidents.
• Half (50%) of the insiders exploited weaknesses in
established business processes or controls such as Fig. 2. IAM evolution
inadequate or poorly enforced policies and
procedures for separation of duties (22%). Identity and access management technologies arose from the
necessity to satisfy basic business needs of improving
• Insider actions affected federal, state, and local security and cost savings. At this early stage, IAM existed in
government agencies with the major impact to standalone identity silos. As businesses began to turn to
organizations being fraud resulting from damage to automation in an effort to cope with market speed and
information or data (86%). enhance business results, the need to secure transactions
became more important, which paved the way for networked
These are indeed very disturbing facts. Today, it does not access models to appear. As the time went on, IAM
take a technical wizard to commit frauds in technology technologies were further developed to simplify resource
oriented systems. There are always opportunities for various access related processes and as a tool to meet increasing
technical and non-technical employees to use legitimate and compliance issues surrounding client privacy, data integrity,
authorized access channels to engage in insider attacks. The and security (e.g., LDAP concept, centralized access
insiders involved in the cases studied in the above survey models).
did not share a common profile, and showed considerable
variability in their range of technical knowledge. So we Larger networks and interconnected systems in a
argue here that it is the breach of trust that is the root cause geographically diverse environments resulted in IAM
for such illicit activities. federated identity access models. This approach enables
organizations to optimally pursue business automation goals
In the following sub sections, we will look at how IAM and higher operational efficiencies and market penetration
technology have evolved, and outline key business drivers, through aligning together their business models, IT policies,
trends, issues, challenges, and business opportunities of security and privacy goals and requirements. In other words,
IAM across the globe that contributed to the maturity of this identity federation is referred to the set of business and
technology. This would give us an overview of the evolving technology agreements between multiple organizations to
capabilities of IAM solutions that help organizations to allow users to use the same identification data to access
address today's challenges. privileged information across many disparate network
domains. Obviously, identity federation offers economic
savings, security and privacy as well as convenience, to both
enterprises and their network users. However, and in order
for a federated identity to be effective (i.e., developing an
integrated service model in the supply chain), organizations
must have a sense of mutual trust. This will be elaborated in
more detail in the next section.
463 | P a g e
4. Ali M. Al-Khouri / International Journal of Engineering Research and Applications (IJERA)
ISSN: 2248-9622 www.ijera.com
Vol. 1, Issue 3, pp.461-477
2.3 BUSINESS DRIVERS AND TRENDS Attributes role based access control in
production systems
• Government regulations (e.g. SOX,
HIPAA/HITECH), will continue to
Regulation
expand, both on national and
international levels
• Personalization can enhance the
Personalization & value of online user experience.
Context Both identity and context are
essential for personalization
• Advanced data analytics will bring
value to many identity-based
activities such as Authentication,
Context/Purpose and Auditing
Identity Analytics
• Analytics brings tremendous value
in monitoring the key usage patterns
and statistics
•
Fig. 3. IAM business drivers
• User-centric or user-managed
According to a recent Forrester Research [12] identity and Identity technologies such as
Internet Identity Infocard/Cardspace and OpenID,
access management was identified as a top security issue for are trying to address the security
2011 that needed to be considered as a critical component of and ease-of-use requirements
corporate security strategies [see also 13-15]. Forrester • Identity as a Service (IDaaS) is a
Identity in the
predicted that IT administration efficiency and business critical foundation for Cloud
Cloud
Computing
agility will become the main drivers for using identity and
access management. It also indicated that there will be
tighter integration between data security and the identity The ability to on-board different external and internal
lifecycle. Along with the requirement to secure mobile resources on one integration seamless environment results in
devices with second factor authentication, this is expected to high business agility. The need for identity management and
drive both on-premises and cloud-based IAM access control and authorization cannot be understated in
implementations. this case. Government and audit regulations stipulate proper
Apart from security needs, there are various other factors controls for audit trail. Without a proper identity
that influence the adoption of identity and access management, no audit trail can be established. Security and
management. In a survey conducted by KPMG [16] in 2008, risk management dictate the use of identity management.
it found that the primary reasons to implement IAM Loss of data results in loss of business. The cost
solutions were related to business agility, cost containment, containment due to adoption of IAM technology drives the
operational efficiency, IT risk management and regulatory IAM strategy and architecture to be adopted. Last but not
compliance. Fig. 3 below captures the essence of the least, is the improvement in operational efficiencies sought
business drivers for IAM. to be provided due to identity management. These define the
key drivers for IAM.
Table 2: IAM Trends
The KPMG report [16] referred to above indicated that
• There is a greater level of improving compliance was among the main drivers of IAM
Convergence of convergence between physical and projects to comply with the increasingly stringent regulatory
Physical & Logical access management,
through centralization of Identities,
requirements, posed by laws and legislation. The survey
Logical Access
Management policies and credentials respondents indicated that some of the more prominent
management benefits that their organizations expected were related to
• Demand for strong authentication is quicker handling of accounts, of authorization of employee,
Authentication &
growing as enterprises and
Identity employee lifecycle management, as well as of the
government agencies seek to deter
Federation automation of associated repetitive manual activities. Such
cybercrime
• Fine grained authorization is process improvement was envisaged to enhance consumer
increasingly in demand experience and federate with partners in an efficient, secure
Authorization • SAML is a broadly used standard
protocol and successful business business processes that lead to operational efficiency and
models have been implemented cost containment.
Identity • National ID initiatives enhances
Assurance Identity Assurance When IAM is used as a preventive mechanism to enforce
Roles & • There is a growing acceptance of polices by automated controls, it is viewed to ensure an
464 | P a g e
5. Ali M. Al-Khouri / International Journal of Engineering Research and Applications (IJERA)
ISSN: 2248-9622 www.ijera.com
Vol. 1, Issue 3, pp.461-477
organization wide secure access control infrastructure. and external suppliers. password resets.
Table 2 depicts further trends identified by identity and • Multiple authentication • Terminating employee
requirements for applications accounts is a manual
access management vendors as shaping the market in the
• Account creation/deletion in process
next five to seven years.
repositories is performed by • The process for business
multiple groups unit managers and
2.4 ISSUES AND CHALLENGES • Many systems and applications application owners to sign
The implementation of identity and access management have different business owners, off on the privileges of the
platforms, administrative tools, users is cumbersome and
possess its own challenges and risks, as it potentially
and system administrators, time consuming.
requires capital investment and changes in personnel and
leading to slow performance, • Proliferation of directories
existing business operations [17,18]. The introduction of delayed or unreliable and identities: diverse
identity and access management processes into an terminations and higher infrastructure has evolved
organization can expose it to new risks while mitigating administration costs. over time
existing ones [19-21]. For instance, as organizations open up • Account creation process • Redundant identity
their systems to allow more external entities to access requires great coordination, information
involves many steps, and • Information inaccuracies
sensitive internal data, the risk of breaches from external
involves multiple clients which • Users wait longer than
sources (partner-facing risk) would continue to be a must remain segregated from necessary to obtain IDs
threatening factor. each other • Managers spend time
• Support staff requires advanced chasing a sequence of
In practice, identity and access management as a technology
training to administer accounts events to ensure proper
must scale to match the need of the heterogeneous ICT on so many varying systems. approvals.
environments found in most organizations [22]. As more • Employees and customers • Authorizations needed to
systems come online and new partnerships are formed, and require timely access to process a request often
with systems in numerous locations, the task becomes more applications and systems to slow the process of
and more resource intensive without it [23]. What is more, perform their jobs. account creation or update
and leads to errors and
in recent years regulatory requirements have added
mistakes.
complexity and increased external scrutiny of access
Lack of Long Term
management processes. Organizations need to develop an Poor Compliance
Strategy
understanding of such risks as they implement new or • Untimely response to • Managing for the moment,
modified identity and access management processes. Table regulations but not positioned for the
3 provides an overview of these risks. future
Table 3: Identity and access management risks
2.5 FEDERATED IDENTITY MANAGEMENT
Administration Overhead Security Risks A government organization previously managing access
• No centralized user • Potential security risks only for its employees now needs to manage access for
administration process. • Accounts are created with millions of citizens and a wide range of other agencies
• Multiple teams are involved in unauthorized system accessing information and seeking online services.
the user administration access rights.
Federated identity management provides capabilities such as
activities. • Security risks occur when
• Increasing overhead in frustrated or overburdened government-to-citizen self-service and federated single sign-
administration of identities admin staffs may take on (SSO) support. It allows organizations to centralize fine-
• Administrators spend a lot of shortcuts, terminations grained security policy management to enforce access
time performing routine admin may not be done as soon as control across applications, databases, portals and business
tasks that can be automated required or permissions services. The need for federated identity is thus driven by
• Different administrators often granted may be in excess
four major drivers; security, compliance, business agility
assign different IDs to the same of what is really needed.
person. This makes it difficult
and operational efficiencies. See also Fig. 4.
to track activity back to a single
source and confuses the
customer.
Complexity Inefficiency
• The users of the system are • A high number of calls are
located worldwide and can be made to the support center
customers, employees, for user provisioning
temporary workers, contractors activities including
465 | P a g e
6. Ali M. Al-Khouri / International Journal of Engineering Research and Applications (IJERA)
ISSN: 2248-9622 www.ijera.com
Vol. 1, Issue 3, pp.461-477
guidelines, enabling, at the same time, organizations to
achieve their business objectives. It is desirable to have a
governance and policy control framework at the heart of the
ecosystem that orchestrates the way the whole ecosystem
work.
Fig. 4: Drivers for federated identity management
Federated identity is the big move forward in providing an
integrated environment for the citizens, service providers
and the different government agencies. While a service is
delivered to a citizen online, there would be different
stakeholders that would be involved in the service delivery Fig.5. Identity and access management ecosystem
cycle. Federated identity provides a very effective solution
In a step to develop more cohesive identity and access
that obviates the need of repeated authentications and
management working models, there is a trend in the industry
verifications each time a new stakeholder joins the service
that is pushing for the convergence of physical and logical
delivery cycle.
access systems. This is likely to enhance the ecosystem as
A single credible source of verification can be shared by the we discuss next.
different entities which rely on the trust created by the
source. This verified identity is then federated to different 3.1 CONVERGENCE OF PHYSICAL AND LOGICAL
entities. This leads to uniform security policy enforcement, ACCESS
greater compliance to regulations related to Identification, Organizations have long operated, and still many do operate
provides better scalability and responsiveness from different physical and logical access systems as two independent
stakeholders ultimately ensuring operational efficiencies and structures, and are typically run by completely separate
reducing operational costs. departments. This is very much evident in current
Having said this, the next section looks at the IAM organization structures in the Middle East for example. This
ecosystem that attempts to explain how an integrated is to say that logical access to corporate ICT resources such
architecture can be developed to unify siloed security as e-mail, database permissions, web access,
technologies into a comprehensive, standards-based identity intranet/internet connectivity and database applications are
management framework. granted and remain the responsibility of ICT departments.
The service or facilities departments are responsible to
3. IDENTITY MANAGEMENT ECOSYSTEM control physical access systems such building doors access,
life support systems, etc.
Identity and access management like many other enterprise
solutions cannot add value in a stand-alone mode. The Nonetheless, boundaries between physical access and
overall value of identity and access management entirely logical access systems are melting in the current digital
depends on the level and easiness with which it integrates world due to several economical and efficiency factors. In
with other enterprise systems. Fig.7 depicts a typical identity fact, identity and access management technology is bringing
and access management ecosystem. On one side, we have in a transformation in the way the industry categorizes
different kinds of users like employees, partners, suppliers security and in the development of the primary capabilities
and customers. On the other side, we have diverse kind of of authentication, authorization and administration [24].
enterprise resources like directories, databases, servers, This transformation is expected to revolutionize e-business,
network resources etc. There exists a complex relation allowing organizations to use digital identities to contribute
between the users and enterprise resources in terms of real value to their business (ibid).
identity lifecycle management and access controls. This in
From one standpoint, combining logical and physical
turn has to comply with various security standards and
security systems gives a more comprehensive view of
466 | P a g e
7. Ali M. Al-Khouri / International Journal of Engineering Research and Applications (IJERA)
ISSN: 2248-9622 www.ijera.com
Vol. 1, Issue 3, pp.461-477
potential intrusions across the physical and IT environments. 3.2 MODERN DIGITAL IDENTIFICATION SYSTEMS:
From another perspective, it is likely to result in significant ENABLERS OF TRANSFORMATION
improvement of the user experience both from Critical Infrastructures have long relied on biometric
administration and end-user perspectives, e.g., cost savings verification and authentication of individuals to provide
and improving efficiency and enforcing policies throughout stricter access to secure locations. Only authorized
the organization. This should provide multilayered security personnel verified by the biometric data could gain access to
across company networks, systems, facilities, data, secure areas. The file access and network access depends
intellectual property and information assets. largely on provisioning of users on IT systems like LDAP.
Fig. 6 shows the convergence of some physical and logical Single factor authentication limited the verification of the
access systems. Physical facilities like office complexes, authorized users by means of passwords. Stronger
warehouses, production facilities need to be protected from authentication systems based on biometrics advancements
unauthorized access. Once inside the premises, a person made the biometric data to be available on smart cards
would need access to the network resources like ERP enabling what-so-called digital IDs. The same biometric
applications, files etc that are stored on a central database. systems that provided physical access could now be utilized
Conventionally these two systems were separate, even for network access. This has made the identity management
though the access and authorization for access were similar, administration move from facilities management to IT
if not the same. administration.
As authentication remains the mechanism through which
access is granted to any corporate resource either physical or
logical, identity management systems are forming a primary
building block and enabler for such convergence. In other
words, modern digital identification systems are facilitating
this convergence and unification of identification systems
and authorization for access, as they provide identities in
digital forms. Smart card technologies are considered to be a
key player in this regard. Smart cards use a unique serial
number and a Personal Identification Number (PIN) to
identify a user, prove identity and grant network access.
This 'unified access' token can provide several security-level
Fig. 6. Convergence of physical and logical access options ranging from simple access control to complex data
encryption. See also Fig. 7.
It is important to refer here that traditional identity and
At the core of all access control is policies, roles and
access management architectures focus more on the user
provisioning of users to their roles. Identity establishment is
provisioning and access management. Today's identities
based on the digital credentials backed by strong
comprise not only of human entities, but also numerous
authentication mechanisms (multi factor authentication) and
kinds of endpoints such as desktops, laptops, PDAs, smart
secure verification of the credentials thus presented. Trust is
phone etc. Hence a comprehensive credential management
established by the secure identification that provides
system capable of managing the lifecycle of credentials of
assurance to the identity seeker of the genuineness of the
these diverse types of entities is a fundamental requirement
identity. The application of identity and access management
for today's world. The next subsection looks at how modern
could vary from one domain to another. Hence it is
identification systems are enabling more robust identity
important to look at the IAM in the context of different
establishment and lifecycle management.
domains and their applications, as we outline next.
467 | P a g e
8. Ali M. Al-Khouri / International Journal of Engineering Research and Applications (IJERA)
ISSN: 2248-9622 www.ijera.com
Vol. 1, Issue 3, pp.461-477
Fig. 7. De-perimeterization of identity and access management (Source: Jerichofurm)
3.3. ENTERPRISE CONTEXT and corporate compliance with applicable laws and
regulations.
The second layer deals with identity credentials and access
integration. This layer is a result of the identity management
polices and the laid down requirements for establishing and
verifying an identity. This is a crucial component of the
enterprise IAM. Identity can be established by providing an
ID number to an individual. To strengthen the identity,
digital credentials can be provided as verifiable metadata of
the ID. Typically the credentials are issued in the form of a
digital certificate from a PKI system and biometric minutiae.
A directory service (e.g., LDAP) provides the ability to list
and provision an individual’s identity for access
management. A policy repository with role definition and
Fig. 8: Layers of identity and access management in an
provisioning of users provides the last component of this
enterprise context
layer; i.e., the access management system.
There are typically 5 layers of identity and access The third layer deals with access governance. This governs
management in an enterprise context as depicted in Fig. 8. the mechanism of defining policies, administration of the
Using a top-down approach, the first layer integrates identity management system, audit trails, reporting, etc. The
business intelligence, process management, and automated remaining two layers are access management component
controls enforcement to enable sustainable risk and and the application of identity administration and
compliance management. It encompasses activities such as governance components. The Web Tier access management
corporate governance, enterprise risk management (ERM) layers allows secure web single sign-on solution that
connects remote users to corporate web applications and
468 | P a g e
9. Ali M. Al-Khouri / International Journal of Engineering Research and Applications (IJERA)
ISSN: 2248-9622 www.ijera.com
Vol. 1, Issue 3, pp.461-477
systems through a secure portal. The Web based remotely or over the counter. Identity needs to be
applications can be tied together with the Web SSO enabling established at every node – i.e., in G2G, G2B, G2C, B2B,
centralization of access control and policy enforcement. C2C and B2C transactions.
The last layer of access control employs multiple factor
authentication mechanism to grant access to enterprise
systems, platforms and applications. This layer is used for
according authorized access to protected resources and
prompts strong authentication capabilities. Both access
control layers are truly integrated. The same single
password (or token) works in both layers as user credentials
are managed from a centralized SSO.
Apparently, identity management architecture in enterprises
is driven by security needs. There is a colossal difference
when we talk about identity management in a government
context, as the next subsection outlines.
Fig. 9. IAM value pyramid in government context
3.4. GOVERNMENT CONTEXT
The identity and access management platform here is very
A governmental initiative for identity management is
akin in functionality to the one in the enterprise context. The
typically driven by various factors as in the enterprise
difference is in the application. Herein, the government
context, but the drivers are slightly different. Major drivers
facilitates the identity issue and provides assurance to the
for identity management in the government sector are:
identity by means of strong authentication mechanisms. So
• compliance with federal laws, regulations, standards, at the core of the IAM value pyramid is the "identity issue
and governance relevant to identity management; system". This system allows the government to enroll its
citizen and resident population and provide them with
• facilitate e-government by streamlining access to identity baselines "proof of identity" that will be used as
services; credible credentials for identity provisioning and strong
• improve security posture across the federal enterprise; authentication.
• enable trust and interoperability; Management of identities is carried out by means of
dynamically updating the identity repository for new
• reduce costs and increase efficiency associated with additions and revocations. As the provider of the identity,
identities. the government provides a third party service for reliable
Identity management is largely citizen centric in the identity verification to the seekers of this service. To
government context. Citizens transact with their understand how this pyramid works in practice, let us look
governments in many ways - to seek information, rightful at the role of national identity cards and PKI technology in
benefits, business services, legal recourse etc. The the optimisation of identity and access management
interactions of the citizens with their governments are varied systems.
and very dynamic. In a federal context, IAM provides
tremendous value in the interactions between the 4. ROLE OF NATIONAL ID CARD & PKI IN
IAM OPTIMIZATION
government, citizens and businesses. A robust identity
management system seeks to make the service delivery Governments and enterprises have always been engaged in
more convenient. Consequently, for the government, the providing an Identity to their stakeholders for benefit
core element in providing right content and personalized deliveries and services. Conventionally, identity documents
services is to ensure its citizens are provided with credible were all paper based (e.g. passports, birth certificate, etc.)
and verifiable credentials. which have very limited use in online transactions and incur
cumbersome processes to verify the authenticity of these
Reliable identification and authentication of entities in an documents. The role of optimization thus gets defined.
online or over the counter environment is a critical requisite Identity management optimization includes a re-look at the
[25]. Fig. 9 below depicts the typical value pyramid for the identity infrastructure, processes involved in determining the
IAM in government context. Trusted entities can reliably authenticity of an identity, parameters to establish the
transact in seeking and availing of services delivered identity and processes for trust establishment and, providing
469 | P a g e
10. Ali M. Al-Khouri / International Journal of Engineering Research and Applications (IJERA)
ISSN: 2248-9622 www.ijera.com
Vol. 1, Issue 3, pp.461-477
assurance to the service seekers and service providers of the biometric fingerprint to individuals in the form a digital
identity established in the process. Identity management certificate which is a unique signature that is provided to
optimization seeks to reduce the time involved in individuals. This certificate can then be used as credentials
completing the processes of identity and trust establishment from the secure store in the card to establish further trust in
between two entities. the transactions carried out electronically by the individuals.
The following diagram provides an overview of key PKI
In a national context, many governments around the world
benefits.
are issuing national identity cards as a vehicle that carries
digital identity credentials. Many of the modern national
identity cards are based on smart card technology. It enables
faster identification and authentication of citizens and
residents. Thus we view a national identity card as an
enabler and a means to optimize the identity and access
processes across various organizations by eliminating
redundant identity infrastructure and providing higher levels
of assurance.
Smart cards are an exceptional means to store identification
metadata of the card owner securely. The security accorded
by the smart cards, backed by a strong and solid multi factor
authentication methods allow secure communications with
the card. The smart cards provide tamper proof mechanism Fig. 10. Key benefits of PKI
to store identity data. Table 4 provides an overview of the
Establishing the identity of a person is not sufficient to
features provided by smart cards.
conduct a transaction. Enhanced mutual trust is needed to
Table 4: Smart card capabilities be established that assures the stakeholders of the
transaction that:
Security Protection
1. the transaction indeed did take place;
• Match on card biometric • Tamper proof protection 2. the stakeholders in the transaction did indeed take
• Support for RSA (PKI), against forgery part in the transaction and have accepted the
DES and Hash algorithms • Self locking on brute force transaction as completed;
• PIN protection to access attacks 3. there is irrefutable evidence on the time at which
card information • Applications can be the transaction has taken place;
protected through SAM
4. confidentiality of the transaction is maintained; and
On Card Processing
5. in case of a dispute, the transaction can be legally
• On card cryptographic processing chip upheld.
• Protection of PKI private keys on Smartcard
• Capability to generate PKI key pairs on card
• On-card digital signing and encryption
PKI technology enhances the trust between the parties
involved in the transaction. PKI allows digital signing,
allowing transactions to be carried out electronically without
These features provide an unshakeable trust in the data held geographic barriers, providing tremendous ease in the
in the card [26]. Therefore, any data read from such secure transactions across the globe. Such a transaction obviates the
cards provides the means for instant verification of identity. need of paper. And, if the PKI is provided as a service by
The smart card can store biometric information that can be the identity provider, it provides a third party assurances
checked with a biometric device to match the data in the leading to enhanced accountability in the transaction.
card. Further, any communication with the card itself is With smart cards, multi factor authentication is possible i.e.,
encrypted and is carried out only using authorized protocols. biometric, PIN and password can be used since the card can
Such authorized protocols provide a control on who gets to provide such capabilities. Typically two of these three
read the data and use for verification. factors can be used by service providers for identity
In addition to the personal information that can be stored, verification. The security on the card ensures strong privacy
the smart card can store securely the set of private and since unauthorized users cannot read any data from the card.
public keys that constitute an electronic signature of an This leads to less fraud since identity is securely established
individual. The PKI system provides the equivalent of a and business can then authorize the authenticated users to
470 | P a g e
11. Ali M. Al-Khouri / International Journal of Engineering Research and Applications (IJERA)
ISSN: 2248-9622 www.ijera.com
Vol. 1, Issue 3, pp.461-477
complete the transaction. Being digital, all the transactions, become the sole identity provider in the country. The
services, verification, etc are audit trailed for a back track organization introduced lately a "4E Strategy" to promote
check providing very high accountability. No one can deny the application of digital identities. This strategy is
the usage of the card, if the card has been used in a envisaged to support and play a key role in the
transaction. Such secure features backed by the ease of transformation of service delivery infrastructure and in
implementation allow quick adoption of the card and PKI enabling e-government and e-commerce initiatives in the
for rendering services electronically. Such identity systems country.
provide a win-win platform for businesses to enable lower
turn-around times in their go-to-market strategies. The
following diagram summarizes the benefits accorded by
these complementary technologies.
Fig. 12. UAE "4E Strategy" implementation framework
As depicted in Fig. 12, the first phase of the strategy relates
to the setup of a national identity infrastructure to (enable)
and empower citizen and the resident population digitally by
Fig. 11. Smart card and PKI benefits
enrolling them in a state of art and technologically
The next section looks at one of the pioneering government sophisticated population register. The registration process
implementation programs in the Middle East to setup and includes the capturing of biographical data, personal portrait
provide reliable identification and verification mechanisms and ten rolled fingerprints. A robust identity verification
to enable digital identities with the aim to support e- process takes place to perform biographical and biometrics
government and e-commerce initiatives. checks against the population register and other forensic
systems, to ensure that the person has not been enrolled
5. IDENTITY INITIATIVE: THE CASE OF THE previously and/or is needed by the legal authorities for
UNITED ARAB EMIRATES criminal charges.
Globally there are a few countries that have successfully After passing through this stage, each individual is then
adopted digital identity systems. Belgium, France, Finland, assigned a unique identification number, which is linked to
Malaysia, South Korea, Singapore remain some of the his or her biometrics. A smart card is issued to each
successful examples. In the Gulf region, there are appealing individual that contains multiple credentials including
initiatives in the digital identity front. United Arab unique RFID, MRZ barcode, photo ID, two best fingerprints
Emirates, Oman, Bahrain and the Kingdom of Saudi Arabia for authentication purposes. The ten prints taken at the
have launched in the last five years modern identity enrolment stage is stored in the population register database.
management programs. Due to the current role of the author The UAE smart card, which is considered the highest in
in the UAE program, and lack of information about other specification worldwide in government application to-date,
governments' practices, the discussion in this section will be is a combi- microprocessor-card, with both contact and
limited to only the UAE project. contactless capabilities. To enable digital identities, the card
United Arab Emirates has taken the lead in the Middle East also contains crypto keys and digital certificates.
to implement a modern national identity management The UAE government invested heavily in PKI technology to
infrastructure with smart card, PKI and biometric support e-government and e-commerce initiatives. PKI is
technologies and in promoting digital identities to its citizen seen as an important trust anchor, as it will determine
and resident population – estimated around 9 million people compliance to defined criteria of trustworthiness of online
in 2011. The government established an independent federal identities. The government is working on crafting a legal
agency named Emirates Identity Authority in 2004, to framework and policy structure to provide the legal grounds
471 | P a g e
12. Ali M. Al-Khouri / International Journal of Engineering Research and Applications (IJERA)
ISSN: 2248-9622 www.ijera.com
Vol. 1, Issue 3, pp.461-477
and promote the adoption of digital identities in all walks of infrastructure is envisaged to greatly support national and
life in the country. individual security, as well as building the country's new
digital economy [28]. So to clarify how the national identity
The government has shown particular effort to further
framework adopted in the UAE government is designed and
enhance the digital identity infrastructure through the
implemented, we attempt to outline in the following
development and setting up of a federated identity
subsections its primary components and how they work.
management system and a national authentication gateway.
The government aims to integrate multiple authentication
5.1. UAE NATIONAL IDENTITY FRAMEWORK
capabilities provided by the new smart ID card and access
channels to diverse resource interfaces in e-government and The national identity and access management in government
e-commerce environments. In an attempt to demystify the context as we explained earlier differ vastly in the objectives
application of smart cards, a tool kit has been developed to and the expected outcomes of identity management from
allow service providers to seamlessly integrate the digital enterprise perspectives. Identity management in enterprises
identification solution with their service delivery chain is driven by their security needs. And in this context,
systems [27]. enterprise investment in identity management is dictated by
the criticality of their internal data and the exposure they
Managing the lifecycle of a digital identity presents need to service their clients. At a national (government)
significant business challenge i.e., the processes and level, identity management takes a different connotation
technology used to create and delete accounts, manage altogether. The UAE government is assuming the role of an
account and entitlement changes and track policy identity service provider to provide identity credentials to
compliance, etc. From this perspective, the government is entities.
working on establishing and providing managed identity
services to both government and private sector
organizations. This will provide a service level-based
identity lifecycle management solution that is designed to
offer authorization services only to individuals with valid ID
cards. Indeed, a government based certification authority
that issues and manages the lifecycle of digital identities is
likely to acquire higher levels of trust.
The government is currently working to develop an
integration platform to integrate the population register
database with multiple government organizations involved
in the identity lifecycle management related processes i.e.,
ministries of interior, health, justice, labour, and education
Figure 13: Government identity and management layers
who are responsible for civil incidents of the individuals
related to (residency details, birth, marriage, divorce, death, As depicted in Figure 13, the adopted national identity
education and health register). This will support framework in the UAE consists of many layers to enhance
organizations to better define and automate the processes its reach and to improve the identity assurance levels. It
and policies related to the authorization of digital identities assumes the role of providing the necessary credentials to
and associated entitlements. provide baselines for provisioning and authenticating
identities. The credentials are packaged in a secure system
The integration platform and the national authentication
and delivered to the citizen. At this stage, smart cards act as
gateway being designed and implemented are expected to
the vehicle for such credentials to be delivered to the
completely transform the nature of business and government
citizens.
transactions in the country. The government expansion plans
focus to provide the foundation for secure government An identity infrastructure is currently being setup in the
communications and transactions and identity business UAE to contain various identity repositories along with the
intelligence for e-government transformation. This verification mechanisms to enable identity establishment
infrastructure provides a key building block to defend and verification on demand. This then should form a
against security threats and identity fraud and at the same credible identity service provided by the government that
time enhancing resource utilization, improve productivity, can be used by the different service seekers and service
and maximize ROI. Expansion of the online identity providers alike. Let us take few examples.
services and continual improvement to the identity
472 | P a g e
13. Ali M. Al-Khouri / International Journal of Engineering Research and Applications (IJERA)
ISSN: 2248-9622 www.ijera.com
Vol. 1, Issue 3, pp.461-477
Banks and financial institutions are classic examples of As the national identity provider, the UAE government
service providers. Banks invest heavily in securing their relies primarily on the digital identity it issues in the form of
financial systems. Conventionally, customers need to carry a smart card as a vehicle for authenticating physical or
out their financial transaction with their banks by physically virtual users. All requests for verification of an identity
visiting one of the bank branches, where a teller agent would have to be ported through an electronic system that
verifies the customer in a "face-to-face" approach. With the acts much like a gatekeeper for the requests. Valid requests
increase in online banking facilities and in attempt to are entertained and sent to the identity verification systems
provide convenience, banks currently resort various identity managed by the identity provider. These are web based
establishment mechanisms ranging from interactive tokens systems that provide the front end access to submit a request
with one time passwords (OTP), virtual keyboards, PIN for identification and identity verification using defined
verification and biometric verification. Now, with the industry standard protocols.
government stepping in, to securely verify the credentials
The requests are redirected to the gateway which in turn
and to stand to guarantee online identities, electronic
communicates with the identity management system. PKI
banking and e-business models are expected to flourish and
systems provide the ability for transactions in real time
support the country's economy.
using online certificate status protocol (OCSP). In
Let us consider another scenario where a government transaction terms, a citizen is served by a service provider
agency needs to deliver a service to a citizen. As part of the remotely. The citizen tries to access the services through a
service delivery, the government employee needs to verify secure web site. The service provider needs to identify the
the credentials of the citizen. During the process of service citizen. The citizen submits his identity card with his
delivery, the government employee needs to access different credentials. The service provider’s application on the web
applications, databases – sometimes cutting across different reads the cards, collects the credentials from the card and
departments and different government agencies. Current refers the data with a verification request to the identity
conventional processes depend on time consuming manual service provider. The identity provider validates the request
tasks that necessitate communication going back and forth coming from the service provider as a valid request and
to access data, verify identity, seek and get approvals and so allows the request to be processed. The identity provider
on. verifies two main components of the ID data submitted by
the service provider:
The new government federated identity architecture
provides online credentials to both employees and citizens. 1. the Card itself to check the genuineness of the card;
This allows employees' identities to be established and and
trusted to accord access across different systems in the 2. the Certificate data in the card.
government. The same identity management system would
ensure verification of the citizen’s identity and allow the Optionally, the service provider could also request for the
right services to be delivered to the right entities in the right verification of the biometrics. Secure communication is
time. This is expected to supporting the government's established between the card and the service provider’s
strategy to revolutionizing public services and e-government application. This is provided by an Active X control
transformation. Let us see how the national identity component running on the browser or by the authentication
authentication is architected in the next subsection. gateway. The architecture is designed to handle millions of
identity validation requests on daily basis and is expected to
5.2. NATIONAL AUTHENTICATION GATEWAY scale based on requirements. Having said this, the following
section summarizes and concludes the article.
Fig. 14 provides an overview of the national authentication
architecture in the UAE and its key components. At the
heart of the architecture is the identity gateway.
473 | P a g e
14. Ali M. Al-Khouri / International Journal of Engineering Research and Applications (IJERA)
ISSN: 2248-9622 www.ijera.com
Vol. 1, Issue 3, pp.461-477
Fig. 14. National authentication gateway architecture
474 | P a g e
15. Ali M. Al-Khouri / International Journal of Engineering Research and Applications (IJERA)
ISSN: 2248-9622 www.ijera.com
Vol. 1, Issue 3, pp.461-477
coming few years to address identity assurance
6. CONCLUSION requirements i.e., complete identity services
We presented in this article how identity and access from identity issuance, credentials management,
management technology can provide a framework for verification services and identity assurance;
(1) simplifying the management of access to services,
• National identity frameworks are characterized
(2) implementing policy, (3) increasing transparency, and
by a national authentication gateway will
(4) enabling scalability in operations to integrate identity
provide standards based, reliable identification
management infrastructure with services provided by
and verification requirements of e-government
both central and distributed ICT systems.
service providers and businesses;
We believe that the scope of identity management is
• Enterprise IAM implementations are growing
becoming much larger in today's organizational context,
towards maturity and we will see federated
and its application more critical. They indeed provide
identity management integrating government,
new levels of trust and confidence to identification
businesses and citizens at a national level; and
systems. The role of the government is seen to play a
major role in setting up a trusted identity management • Smart cards and PKI technologies will play a
system and addressing the entire identity lifecycle of central role in optimizing the identity services,
establishment, management and usage. The case of the being the enablers and the vehicles of identity
UAE government is worth to be further examined and management.
evaluated to measure its success, and most probably other
cases from other countries. REFERENCES
It was not in the scope of this article to discuss the case of [1] Williamson, G., Yip, D., Sharoni, I., and Spaulding,
K. (2009) Identity Management: A Primer.
the UAE government in detail. The author just presented
McPress.
it for the purpose of referring to one of the very ambitious
government initiatives in the field. The existing literature [2] Whitman, M.E. and Mattord, H.J. (2011) Principles
lacks such references from government implementations of Information Security (4th edition). Course
as it merely focuses on private sector and commercial Technology.
cases.
[3] Stamp, M. (2011) Information Security: Principles
In summary, the following key points discussed in this and Practice (2nd edition). Wiley.
article, are likely to have a high impact on governments
and public services in the near future: [4] ABA Report (2011) Trust Framework, ABA
Federated Identity Management Legal Task Force
• With the growing needs of Identification and [Online]. Retrieved from:
rapid growth in information technology, the http://www.fips201.com/resources/audio/iab_0211/
manner in which physical access and logical Draft_Trust_Framework-6.pdf. Accessed: 13 June
2011.
access requirements are met show a high degree
of convergence. A digital identity issued to a [5] Choi, H., Kruk, S.R., Grzonkowski, S., Stankiewicz,
person serves to provide access control to K., Davis, B. and Breslin, J.G. (2006) Trust Models
physical areas controlled for secure access as for Community-Aware Identity Management
well as access to secure logical information. [Online]. Retrieved from:
http://www.ibiblio.org/hhalpin/irw2006/skruk.html.
• As the needs of remote (online) transactions Accessed: 2 July 2011.
grow, the identity and trust management
between stakeholders becomes a key issue. Trust [6] Aberdeen Group (2007) Identity and Access
is accorded in identities by the assurance of the Management Critical to Operations and Security.
Identity provider. This makes the government, as Communication News. Retrieved from:
http://www.comnews.com/WhitePaper_Library/Ma
indicated above, a key player in identity
naged_services/pdfs/Quest_Software_Aberdeen_IA
management by becoming the de-facto Identity M_Critical_to_Operations_and_Security.pdf.
provider to the citizens of the nation. System Accessed: 1 June 2011.
deployed by governments to provide identity
assurance services are likely to evolve in the
475 | P a g e
16. Ali M. Al-Khouri / International Journal of Engineering Research and Applications (IJERA)
ISSN: 2248-9622 www.ijera.com
Vol. 1, Issue 3, pp.461-477
[7] Benantar, M. (2005) Access Control Systems: Retrieved from: http://www.fidis.net. Accessed: 1
Security, Identity Management and Trust Models. June 2011.
Springer.
[16] KPMG (2008) KPMG’s 2008 European Identity &
[8] Baker, W.H., Hutton, A., Hylender, C.D., Novak, Access Management Survey - Status and maturity of
C., Porter, C., Sartin, B., Tippett, P. Valentine, J.A. identity and access management projects in
(2009) Data Breach Investigations Report - Verizon European organizations [Online]. Retrieved from:
Business [Online]. Retrieved from: http://www.kpmg.com/Global/en/IssuesAndInsights
www.verizonbusiness.com/resources/.../reports/200 /ArticlesPublications/Documents/European-identity-
9_databreach_rp.pdf. Accessed: 2 July 2011. access-management-survey.pdf. Accessed: 23 May
2011.
[9] Deloitte-NASCIO (2010) State governments at risk:
A call to secure citizen data and inspire public trust. [17] Aldhizer III, G., Juras, P., & Martin, D. (2008)
The 2010 Deloitte-NASCIO Cybersecurity Study. A Using Automated Identity and Access Management
publication of Deloitte and the National Association Controls. CPA Journal, 78(9), 66-71. Retrieved
of State Chief Information Officers [Online]. from Business Source Complete database: http://0-
Retrieved from: search.ebscohost.com.maurice.bgsu.edu/login.aspx?
http://www.deloitte.com/assets/Dcom- direct=true&db=bth&AN=35654420&loginpage=lo
UnitedStates/Local%20Assets/Documents/us_state_ gin.asp&site=ehost-live&scope=site. Accessed: 1
2010DeloitteNASCIOCybersecurityStudy_110910. June 2011.
pdf. Accessed: 4 August 2011.
[18] Reymann, P. (2008) Aligning People, Processes,
[10] Keeney, M., Cappelli, D., Kowalski, E. and Moore, and Technology for Effective Risk Management
A. (2005) Insider Threat Study: Computer System [Online] Retrieved from:
Sabotage in Critical Infrastructure Sectors [Online]. http://www.theiia.org/intAuditor/itaudit/archives/20
Retrieved from: 08/january/aligning-people-processes-and-
http://www.secretservice.gov/ntac/its_report_05051 technology-for-effective-risk-management.
6.pdf. Accessed: 23 May 2011. Accessed: 13 June 2011.
[11] Randazzo, M.R., Cappelli, D., Keeney, M. Moore, [19] Rai, S., Bresz, F., Renshaw, T., Rozek, J., and
A. and Kowalski, E. (2004) Illicit Cyber Activity in White, T. (2007). Global Technology Audit Guide:
the Banking and Finance Sector [Online]. Retrieved Identity and Access Management. The Institute of
from: Internal Auditors. Retrieved from
http://www.secretservice.gov/ntac/its_report_04082 infotech.aicpa.org/NR/rdonlyres/...9CE1.../GTAG9I
0.pdf. Accessed: 13 June 2011. dentAccessMgmt.pdf. Accessed: 2 July 2011.
[12] Forrester Report, “Twelve Recommendations For [20] Engelbert, P. (2009) 5 Keys to a Successful Identity
Your 2011 Security Strategy.” Forrester Research and Access Management Implementation [Online].
[Online]. Retrieved from: http://www.forrester.com. Retrieved from:
Accessed 18 June 2011. http://www.ca.com/files/whitepapers/iam_services_i
mplementation_whitepaper.pdf. Accessed: 8 April
[13] Cser, A. and Penn, J. (2008) Identity Management 2011.
Market Forecast: 2007 to 2014. Forrester. Retrieved
from: [21] Links, C.H. (2008) IAM Success Tips: Identity And
http://www.securelyyoursllc.com/files/Identity%20 Access Management Success Strategies.
Management%20Market%20Forecast%202007%20
To%202014.pdf. Accessed: 1 June 2011. [22] IDG (2009) As hyper-extended enterprises grow, so
do security risks. IDG Research [Online]. Retrieved
[14] Trigoso, C. (2010) Thinking of the Future: Identity from:
and Access Management. Retrieved from: http://www.rsa.com/innovation/docs/IDGResearch
http://carlos-trigoso.com/2010/12/22/thinking-of- WhitePaper_Final_060409.pdf. Accessed: 23 May
the-future-identity-and-access-management. 2011.
Accessed: 13 June 2011.
[23] Egan, M. and Mather, T. (2004) The Executive
[15] FIDIS (2006) D5.2b: ID-related crime: Towards a Guide to Information Security: Threats, Challenges,
common ground for interdisciplinary research. and Solutions. Addison-Wesley Professional.
476 | P a g e
17. Ali M. Al-Khouri / International Journal of Engineering Research and Applications (IJERA)
ISSN: 2248-9622 www.ijera.com
Vol. 1, Issue 3, pp.461-477
[24] McQuaide, B. (2003) Identity and Access
Management: Transforming E-security into a
Catalyst for Competitive Advantage. Information
Systems Audit and Control Association [online].
Retrieved from:
http://kuainasi.ciens.ucv.ve/cisa/articles/v4-03p35-
37.pdf. Accessed: 13 June 2011.
[25] Al-Khouri, A.M. (2010) Supporting e-government,
Journal of E-Government Studies and Best
Practices, Vol. 2010. pp.1-9.
[26] Al-Khouri, A.M. (2007) Digital Identities and the
Promise of the Technology Trio: PKI, Smart Cards,
and Biometrics. Journal of Computer Science,
Vol.3, No. 5, pp.361-367.
[27] Al-Khouri, A.M. (2011) PKI in Government
Identity Management Systems, International Journal
of Network Security & Its Applications, Vol.3,
No.3, pp. 69-96.
[28] Emirates Identity Authority's 2010-2013 Strategy
[Online]. Retrieved from:
http://www.emiratesid.ae/en/eida/eida-strategy.aspx.
Accessed: 1 June 2011.
ABOUT THE AUTHOR
Dr. Ali M. Al-Khouri is a senior government official in
the United Arab Emirates. He is currently holding the
position of a Director General at Emirates Identity
Authority; a federal government organization established
in 2004 to develop and implement a national identity
management infrastructure in the country. This multi-
billion dollar government program is expected to
revolutionize public services and e-government
initiatives. He holds an engineering doctorate in the field
of "large scale and strategic government programs
management" from Warwick University in UK, M.Sc. in
Information management from Lancaster University, UK,
and B.Sc.(Hons.) in Business IT Management from
Manchester University, UK. He has been an active
research in the field of e-government and identity
management for the past 12 years. He has published more
than 40 articles in the past 5 years in different knowledge
domains.
477 | P a g e