BIdM:A Blockchain-Enabled Cross-Domain Identity Management System

Reliable identity management and authentication are significant for network security.In recent years,as traditional centralized identity management systems suffer from security and scalability problems,decentralized identity management has received considerable attention in academia and industry.However,with the increasing sharing interaction among each domain,management and authentication of decentralized identity has raised higher requirements for cross-domain trust and faced implementation challenges galore.To solve these problems,we propose BIdM,a decentralized crossdomain identity management system based on blockchain.We design a decentralized identifier(DID)for naming identities based on the consortium blockchain technique.Since the identity subject fully controls the life cycle and ownership of the proposed DID,it can be signed and issued without a central authentication node’s intervention.Simultaneously,every node in the system can participate in identity authentication and trust establishment,thereby solving the centralized mechanism’s single point of failure problem.To further improve authentication efficiency and protect users’privacy,BIdM introduces a one-way accumulator as an identity data structure,which guarantees the validity of entity identity.We theoretically analyze the feasibility and performance of BIdM and conduct evaluations on a prototype implementation.The experimental results demonstrate that BIdM achieves excellent optimization on cross-domain authentication compared with existing identity management systems.

Blockchain-enabled decentralized identity management:The case of self-sovereign identity in public transportation

Identity management has been ripe for disruption over the past few years due to recurring incidents of data breaches that have led to personal information leaks and identity theft.The rise of blockchain technology has paved the way for the development of self-sovereign identity(SSI)—a new class of user-controlled resilient identity management systems that are enabled by distributed ledger technology.This paper examines how SSI management can be used in a public transportation sector that spans different operators in multiple countries.Specifically,the paper explores how a blockchain-based decentralized identity management system can draw on the SSI framework to provide high-level security and transparency for all involved parties in public transportation ecosystems.Accordingly,building on analyses of the existing public transportation ticketing solutions,we elicited requirements of a comparable system based on the SSI principles.Next,we developed a low-fidelity prototype to showcase how passengers can utilize standardized travel credentials that are valid across different transportation networks in Europe.The proposed system eliminates the need for multiple travel cards(i.e.,one for each transportation provider)and empowers individuals to have better control over the use of their identities while they utilize interoperable ticketing systems across Europe.Overall,building on the public transportation case,we offer a proof-of-concept that shows how individuals can better manage their identity credentials via the SSI framework.

Advanced Authentication Mechanisms for Identity and Access Management inCloud Computing

Identity management is based on the creation and management of useridentities for granting access to the cloud resources based on the user attributes.The cloud identity and access management (IAM) grants the authorization tothe end-users to perform different actions on the specified cloud resources. Theauthorizations in the IAM are grouped into roles instead of granting them directlyto the end-users. Due to the multiplicity of cloud locations where data resides anddue to the lack of a centralized user authority for granting or denying cloud userrequests, there must be several security strategies and models to overcome theseissues. Another major concern in IAM services is the excessive or the lack ofaccess level to different users with previously granted authorizations. This paperproposes a comprehensive review of security services and threats. Based on thepresented services and threats, advanced frameworks for IAM that provideauthentication mechanisms in public and private cloud platforms. A threat modelhas been applied to validate the proposed authentication frameworks with different security threats. The proposed models proved high efficiency in protectingcloud platforms from insider attacks, single sign-on failure, brute force attacks,denial of service, user privacy threats, and data privacy threats.

Identity Governance Framework for Privileged Users

Information technology companies have grown in size and recognized the need to protect their valuable assets.As a result,each IT application has its authentication mechanism,and an employee needs a username and password.As the number of applications increased,as a result,it became increasingly complex to manage all identities like the number of usernames and passwords of an employee.All identities had to be retrieved by users.Both the identities and the access rights associated with those identities had to be protected by an administrator.Management couldn’t even capture such access rights because they couldn’t verify things like privacy and security.Identity management can help solve this problem.The concept behind identity management is to centralize identity management and manage access identity centrally rather than multiple applications with their authentication and authorization mechanisms.In this research work,we develop governance and an identity management framework for information and technology infrastructures with privileged access management,consisting of cybersecurity policies and strategies.The results show the efficiency of the framework compared to the existing information security components.The integrated identity and access management and privileged access management enable organizations to respond to incidents and facilitate compliance.It can automate use cases that manage privileged accounts in the real world.

IAM Excellence: Exploring Saviynt’s Role in Modern Information Technology

Organizations may increase data security and operational efficiency by connecting Salesforce with Identity and Access Management (IAM) systems like Saviynt. This study delves deeply into the details of this revolution that is being encouraged to shift towards IAM software and potential drawbacks such as excessive provisioning and implementation issues. The study illuminated excellent practices and emphasized the importance of constant monitoring by using secondary theme analysis and qualitative research as proof. The findings indicate Saviynt as a viable solution and provide detailed information for firms seeking a smooth and secure integration path.

Saviynt Meets GCP: A Deep Dive into Integrated IAM for Modern Cloud Security

The Google Cloud Platform (GCP) is a popular choice for companies seeking a comprehensive cloud computing solution because it provides everything from essential computing resources to powerful data analytics and machine learning capabilities. Saviynt is a cloud-based Identity and Access Management (IAM) system that integrates with Google Cloud Platform (GCP) and other services for additional functionality. However, other problems are associated with the transition, such as the requirement to correctly integrate IAM Saviynt into current IT infrastructures and provide comprehensive training to users on the new system. The paper will give a detailed review of the advantages, disadvantages, and best practices related to this transition.

Passwords Management via Split-Key

This paper proposes a scheme for password management by storing password encryptions on a server. The method involves having the encryption key split into a share for the user and one for the server. The user’s share shall be based solely on a selected passphrase. The server’s share shall be generated from the user’s share and the encryption key. The security and trust are achieved by performing both encryption and decryption on the client side. We also address the issue of countering dictionary attack by providing a further enhancement of the scheme.

Capability-based IoT access control using blockchain

Internet of Things(IoT)devices facilitate intelligent service delivery in a broad range of settings,such as smart offices,homes and cities.However,the existing IoT access control solutions are mainly based on conventional identity management schemes and use centralized architectures.There are knowm security and privacy limitations with such schemes and architectures,such as the single-point failure or surveillance(e.g.,device tracking).Hence,in this paper,we present an architecture for capability-based IoT access control utilizing the blockchain and decentralized identifiers to manage the identity and access control for IoT devices.Then,we propose a protocol to provide a systematic view of system interactions,to improve security.We also implement a proof-of-concept prototype of the proposed approach and evaluate the prototype using a real-world use case.Our evaluation results show that the proposed solution is feasible,secure,and scalable.

The Social Identity Approach to Effective Leadership： An Overview and Some Ideas on Cross-Cultural Generalizability

When employees identify with the groups and organizations they work for, this typically has positive implications for work-related attitudes and behaviors. The present paper provides a focused overview of the social identity approach to leadership and some ideas on its cross-cultural generalizability. To this end, we will first outline the basic tenets of the social identity approach and summarize the relations of organizational identification with work-related variables. Then, we will discuss the role of social identity-related concepts for effective leadership. In particular, we will present empirical studies on the following three aspects： （1） the transfer of leader identification onto their followers, （2） the role of leader prototypicality, and （3） the ways for leaders to actively manage the identities of the groups they lead. Finally, we will provide some suggestions on how to implement the principles of identity management into practice and offer suggestions for future research, with a special focus on China.

Cloud authorization： exploring techniques and approach towards effective access control framework

Despite the various attractive features that Cloud has to offer, the rate of Cloud migration is rather slow, pri- marily due to the serious security and privacy issues that exist in the paradigm. One of the main problems in this regard is that of authorization in the Cloud environment, which is the focus of our research. In this paper, we present a systematic analysis of the existing authorization solutions in Cloud and evaluate their effectiveness against well-established industrial standards that conform to the unique access control require- ments in the domain. Our analysis can benefit organizations by helping them decide the best authorization technique for deployment in Cloud; a case study along with simulation re- sults is also presented to illustrate the procedure of using our qualitative analysis for the selection of an appropriate tech- nique, as per Cloud consumer requirements. From the results of this evaluation, we derive the general shortcomings of the extant access control techniques that are keeping them from providing successful authorization and, therefore, widely adopted by the Cloud community. To that end, we enumer- ate the features an ideal access control mechanisms for the Cloud should have, and combine them to suggest the ultimate solution to this major security challenge - access control as a service （ACaaS） for the software as a service （SaaS） layer. We conclude that a meticulous research is needed to incorpo- rate the identified authorization features into a generic ACaaS framework that should be adequate for providing high level of extensibility and security by integrating multiple accesscontrol models.