Affiliation:
1. University of Piraeus, Greece
Abstract
Identity and Access Management (IAM) systems are considered as one of the core elements of any sound security electronic framework for electronic business processes. Their ability to quickly and reliably verify who is trying to access what service, and what they are authorized to do, is both a business enabler and a core requirement for meeting regulatory demands. However, IAM systems are difficult to implement since they touch virtually every end-user, numerous business processes, as well as every IT application and infrastructure component of an enterprise, and therefore most of the times IAM implementations fall short of expectations. This chapter proposes an effective way of approaching, designing, and implementing a constructive, user-centric, standards-based, centralized, and federated IAM system, with which a trust relationship among the involved entities is established in a secure and interoperable way, enabling end-users to easily gain electronic and/or mobile (e/m) access to advanced business services, and Service Providers (SPs) to effectively enhance their infrastructures by easily adopting it in their systems. In addition, a collective knowledge of IAM systems’ implementation best practices is presented.