Enforcement of Entailment Constraints in Distributed Service-Based Business Processes

Hummer, Waldemar, Gaubatz, Patrick, Strembeck, Mark, Zdun, Uwe, Dustdar, Schahram

10 May 2013

A distributed business process is executed in a distributed computing environment. The service-oriented architecture (SOA) paradigm is a popular option for the integration of software services and execution of distributed business processes. Entailment constraints, such as mutual exclusion and binding constraints, are important means to control process execution. Mutually exclusive tasks result from the division of powerful rights and responsibilities to prevent fraud and abuse. In contrast, binding constraints define that a subject who performed one task must also perform the corresponding bound task(s). (authors' abstract)

Řízení identit v organizacích / Identity Management

Fryaufová, Lucie

January 2012

The topic of this thesis is focused on the issues of the Identity Management. The author of the work describes the possibilities using this concept and application Identity Management in organizations. This issue is not oriented just from the point of Information security where this area belongs. The goal of this work is to create a framework of the process Identity Management by using best practises and standards. The context of the work should describe new trends and using special tools for safety work with process of Identity Management and the risk in area of the Identity Management. To achieve these goals which are mentioned above is ensured by using analysis of information sources and consulting with professionals from organization. The benefit of this work is provide comparison of teoretical knowledges with practical usage in organization and its recommendation to improve the process Identity Management.

Enhancing Zero Trust models in the financial industry through blockchain integration: A proposed framework

Daah, Clement, Qureshi, Amna, Awan, Irfan, Konur, Savas

16 August 2024

Yes / As financial institutions navigate an increasingly complex cyber threat landscape and regulatory ecosystem, there is a pressing need for a robust and adaptive security architecture. This paper introduces a comprehensive, Zero Trust model-based framework specifically tailored for the finance industry. It encompasses identity and access management (IAM), data protection, and device and network security and introduces trust through blockchain technology. This study provides a literature review of existing Zero Trust paradigms and contrasts them with cybersecurity solutions currently relevant to financial settings. The research adopts a mixed methods approach, combining extensive qualitative analysis through a literature review and assessment of security assumptions, threat modelling, and implementation strategies with quantitative evaluation using a prototype banking application for vulnerability scanning, security testing, and performance testing. The IAM component ensures robust authentication and authorisation processes, while device and network security measures protect against both internal and external threats. Data protection mechanisms maintain the confidentiality and integrity of sensitive information. Additionally, the blockchain-based trust component serves as an innovative layer to enhance security measures, offering both tamper-proof verification and increased integrity. Through analysis of potential threats and experimental evaluation of the Zero Trust model’s performance, the proposed framework offers financial institutions a comprehensive security architecture capable of effectively mitigating cyber threats and fostering enhanced consumer trust.

Zero Trust

Identity and access management

Device and network security

Data protection

Blockchain

Decision Support framework: Reliable Federated Single Sign-on

Toufanpanah, Monir

January 2017

Identity management is a critical concept for enterprises, and it has turned to more challenging issue since businesses are significantly moving towards service oriented architecture (SOA) with the aim to provide seamless service delivery to their customers, partners and employees. The organizational domains are expanded to blur the virtual borders, simplify the business collaboration and maximize opportunities in the competitive market place, which explicitly shows the essentiality for federating the identities. Real-world identity comprises of different dimensions such as Law, Business, Policy, Technology and Society, therefore reliable digital identity management and successful federation are required to take these dimensions and complexity into consideration. Considering variety of academic and industrial researches that report on remarkable demands for identity federation adoption by enterprises, this study has approached federated Identity Management from technological point of view. Technologies provide tools and mechanisms to satisfy the business requirements and enable single sign-on capability in reliable federated platform. Different authentication technologies and standards have emerged to enable federated single sign-on (FSSO) implementation as a core service of the FIdM, each with different features and capabilities. This brings more complexity and confusion for experts and decision makers for FIdM adoption and development. To overcome this obstacle and accelerate the data collection and analysis process for decision makers, this research contributes to the filed by providing a conceptual framework to simplify the analysis of underlying technology for decision making process. In this framework 1) a list of state-of-the-art requirements and mechanisms for successful identity federation and reliable SSO is elaborated, 2) Six most prevalent standard authentication technologies along with latest specifications are analysed, explained and assessed against the defined criteria, and 3) several security and privacy consideration are gathered. The usage of framework is monitored and the efficiency of it is evaluated in 2 real business case scenarios by five IT experts and the result is reported.

Identity and Access Management

Decision Support Framework

Single Sign-on

Identity Federation

Authentication Technology

SAML

Shibboleth

OAuth

PRIME

OpenID

Computer Systems

Datorsystem

Communication Systems

Kommunikationssystem