Design and Development of an Identity Management System: The Minnesota State College-Southeast Technical Case Study

Elhindi, Mohamed A.

01 January 2010

Historically, managing access to information systems (ISs) required direct interaction with a limited number of users. Increasingly, managing access involves handling an increased numbers of internal and external students, faculty, and staff as well as partners such as workforce development centers, the U.S. Department of Education, and the Council on Higher Education Accreditation. At Minnesota State Colleges and Universities (MnSCU), the approach to identity management (IdM) required the distribution of a username and password to authenticate MnSCU employees and students. Authentication enables authorized users to access campus-supported ISs and Office of the Chancellor (OOC) supported ISs such as the Integrated Statewide Record System (ISRS). In some cases, an MnSCU employee or student will receive as many as 7 usernames and passwords. When a new employee or student joins MnSCU, the campus IT group creates a general log-on to campus-supported ISs. This log-on consists of a username and password and provides the new employee or student with access to a local area network (LAN) hosted application such as e-mail and campus directory services. The author used Minnesota State College-Southeast Technical (MSC-ST) as the unit of analysis. In this inquiry, the following propositions guided and shaped the case study data collection: (a) system development processes (SDPs), (b) single access sign-on credentials through all MSC-ST ISs, (c) electronic data assurances, and (d) implementation across public and private security zones. The findings from this case study were used to develop a paradigm supporting the design and development of an IdM system model at MSC-ST. This model contributed to the establishment of a uniform IdM system for use by MSC-ST students, staff, and faculty regardless of time and location. Based on findings from this case study, key processes involved in establishing this IdM system based on uniform identities and authentication processes were documented. Key steps involved in facilitating secure IS access to MSC-ST resources by students, staff, and faculty accessing OOC-supported ISs as well as MSC-ST campus-specific applications were described. The author contributed to advancements in the IS space through the use of a replicable approach for implementing an IdM paradigm at MSC-ST.

access management

Identity Management System

identity management system model

information systems

Computer Sciences

Designing for user awareness and usability : An evaluation of authorization dialogs on a mobile device

Lindegren, Daniel

January 2017

Personal data is often disclosed with every registration, sharing, or request of an online service. With the increased usage of things connected to the Internet, users' information being collected and stored, the risks related to unknowingly sharing personal data increases. Sharing of personal information is a sensitive subject and can hurt people’s assets, dignity, personal integrity and other social aspects. In general, users’ concerns have grown regarding protecting their personal information which has led to the development of multiple privacy-oriented systems. In scenarios where users are logging onto a website or system, they rarely notice, understand or have desire to read the conditions to which they are implicitly agreeing. These systems are often referred to as identity management systems or single sign-on systems. Recent studies have shown that users are not aware of what data transactions take place by using various authentication solutions. It is critical for these types of system dealing with privacy that researchers examine users' understanding of the concepts through interface design. The purpose of this study is to investigate the usability and user awareness of data transactions for identity management systems on mobile devices by constructing and evaluating different design concepts. Therefore, four different mobile prototypes were designed (called CREDENTIAL Wallet) and explored to measure the usability and also the user awareness of users’ disclosures. 20 usability tests were conducted per prototype. Multiple conclusions can be drawn from this study. The findings showed that the drag-and-drop prototype scored a high user awareness score in terms of participants remembering their shared data and having a good idea of them not sharing more data than they had actually shared. Consequently, the drag-and-drop prototype achieved the highest usability result. A prototype that utilized swiping was created to fit the mobile medium. The prototype showed the highest user awareness score in the context of participants stating what data they had shared. However, people using the swiping prototype thought they were sharing more data than they actually were. Data show that users have an incorrect mental model of the sharing of their fingerprint pattern. Finally, the writing concerns recommendations and challenges of identity management systems – e.g. the importance of tutorial screens. Future studies within the CREDENTIAL project are already underway concerning users' incorrect mental model of sharing fingerprint to the service provider side. / CREDENTIAL

User awareness

data transaction

usability

usable privacy

privacy enhancing technology

identity management system

CREDENTIAL

mobile

Human Computer Interaction

Systém správy identit pro malé a střední firmy / Identity Management Solution for Small and Medium Businesses

MAXA, Karel

January 2014

The topic of this master's thesis is development of identity management solution for small and medium business. The thesis is divided into four major parts. The first part contains theoretical background as description of RBAC model or model with relationships between practically used objects (user identity, role, position, permission, account...). Analysis of functioning and needs of targeted organizations was carried out in the second part. The third part describes the design of the developed application. The fourth part discusses actual implementation of the application. The main outcome of the thesis is implemented application that can be deployed at thesis defined organizations. The application includes all the functionality required in the first phase of the project.