Towards usable and reasonable Identity Management in heterogeneous IT infrastructures

Abstract

Identity management (IDM) has driven many IT projects especially in large IT infrastructures. Like other projects that focused on security or authentication, e.g. Public Key Infrastructures (PKI), they do not only reduce complexity and ease administration, but have to be managed themselves. This leads to costs and effort being necessary before gaining the benefit of unified authentication. This is maybe a reason why many projects dealing with IDM failed in the past or didn't reach their initial goals. Nevertheless the trend to use decentralized access to resources e.g. via the Internet or World Wide Web seems unbroken - demanding for solutions to decentrally authenticate users. New techniques like Identity Federations address this requirement and extend Identity Management geographically. This paper shows ways to measure Identity Management efficiency and to enable balance between usability which influences the effort needed to authenticate and the resulting established security levels. This balance is defined as the key to reasonable and efficient Identity Management solutions in the future. Experience is gained from an Identity Management project to unify authentication in heterogeneous scientific IT infrastructures. The presented model and the lessons learned can be adopted for forthcoming Identity Management projects in other organizations or support decisions about future IDM projects. Beyond unveiling drawbacks of classical IDM solutions and showing solutions, the paper gives a concluding outlook on future IDM developments and upcoming challenges for authentication and security or access management.