- This repository contains my work for the IT-GRC class in college. This involves a project paper about identity and access management. You can find this paper under
/seminararbeit/Thema_08_Heim_Maximilian_GRC-03_Seminararbeit.pdf
. Additionally this Readme contains the useful resources used for research on the topic, see #Resources
- https://en.wikipedia.org/wiki/Identity_management
- https://www.ibm.com/topics/identity-access-management
- https://elimity.com/blog/user-access-management-the-fundamentals
- https://learn.microsoft.com/de-de/entra/fundamentals/introduction-identity-access-management
- https://www.microsoft.com/de-de/security/business/security-101/what-is-identity-access-management-iam
- https://github.com/kdeldycke/awesome-iam
- https://www.researchgate.net/profile/U-Hariharan/publication/342215946_Safety_measures_for_EHR_systems/links/626a208105d79a3968a769c4/Safety-measures-for-EHR-systems.pdf#page=84 - [Identity and access management systems]
- https://reposit.haw-hamburg.de/bitstream/20.500.12738/8064/1/Leitfaden_Identity_Access_Management_dConta.pdf - [Leitfaden eines mandantenunabhängigen Identity Access Management] - [Recht]
- https://vsis-www.informatik.uni-hamburg.de/getDoc.php/thesis/130/identitaet.pdf - [Digitale Identität und Identitäts-Management]
- https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7380701 - [Identity and Access Management- A comprehensive Study]
- https://github.com/IDPros/anno-biblio/blob/master/anbib.pdf - [IDPro annotated bibliography ]
- https://www.researchgate.net/profile/Ishaq-Azhar-Mohammed/publication/353887659_SYSTEMATIC_REVIEW_OF_IDENTITY_ACCESS_MANAGEMENT_IN_INFORMATION_SECURITY/links/61169c5d1ca20f6f861e4496/SYSTEMATIC-REVIEW-OF-IDENTITY-ACCESS-MANAGEMENT-IN-INFORMATION-SECURITY.pdf - [SYSTEMATIC REVIEW OF IDENTITY ACCESS MANAGEMENT IN INFORMATION SECURITY]
- https://www.sciencedirect.com/science/article/pii/S2215098617316750#s0010 - [Identity and access management in cloud environment: Mechanisms and challenges]
- https://pdf.sciencedirectassets.com/280203/1-s2.0-S1877050916X00038/1-s2.0-S1877050916002489/main.pdf - [Identity and Access Management as Security-as-a-Service from Clouds]
- https://media.defense.gov/2023/Mar/21/2003183448/-1/-1/0/ESF%20IDENTITY%20AND%20ACCESS%20MANAGEMENT%20RECOMMENDED%20BEST%20PRACTICES%20FOR%20ADMINISTRATORS%20PP-23-0248_508C.PDF - [Recommended best practices for administrators]
- https://www.ijltet.org/journal/148587614339.1290.pdf - [IDENTITY AND ACCESS MANAGEMENT: CONCEPT, CHALLENGES, SOLUTIONS]
- https://www.researchgate.net/profile/Ishaq-Azhar-Mohammed/publication/353889641_Economics_of_Identity_and_Access_Management_Providing_decision_support_for_investments/links/6116a7c11e95fe241acd5514/Economics-of-Identity-and-Access-Management-Providing-decision-support-for-investments.pdf - [Economics of IAM]
- https://www.proquest.com/docview/2775799672?pq-origsite=gscholar&fromopenview=true&sourcetype=Scholarly%20Journals - [Identity and Access Management: High-level Conceptual Framework]
- https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5197377 - [Using Modelling and Simulation for Policy Decision Support in Identity Management]
- https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7086972 - [User Identity and Access Management Trends in IT Infrastructure- An Overview] - [Definitions]
- https://www.iaras.org/iaras/filedownloads/ijems/2022/007-0036(2022).pdf - [Customer Identity and Access Management (CIAM): An overview of the main technology vendors]
- https://www.theseus.fi/bitstream/handle/10024/505780/Anand_Niharika.pdf?sequence=2&isAllowed=y - [Role of IAM in an Organization]
- https://link.springer.com/article/10.1007/s11623-006-0139-9 - [Digitale Identitäten - Überblick und aktuelle Trends]
- https://aisel.aisnet.org/cgi/viewcontent.cgi?article=1691&context=amcis2009 - [Information Security in an Identity Management Lifecycle: Mitigating Identity CrimesMitigating Identit]
- http://www.cpd.iit.edu/netsecure08/KEVIN_WANG.pdf - [Identity and Access Management, non scientific presentation]
- https://epub.uni-regensburg.de/33180/7/ICISS_44_FINAL_CAMERA_READY.pdf - [Introducing Dynamic Identity and Access Management in Organizations]
- https://www.digitale-technologien.de/DT/Redaktion/DE/Downloads/Publikation/2018_10_18_Smart_Data_Identit%C3%A4tsmanagement.pdf?__blob=publicationFile&v=2 - [Identitätsmanagement Fachgruppen „Wirtschaftliche Potenziale und gesellschaftliche Akzeptanz“ und „Sicherheit“]
- https://epub.uni-regensburg.de/32143/1/SHCIS_MK.pdf - [Towards an Economic Approach to Identity and Access Management Systems Using Decision Theory]
- https://www.researchgate.net/profile/Marco-Spruit/publication/294510961_Selecting_and_Implementing_Identity_and_Access_Management_Technologies_The_IAM_Services_Assessment_Model/links/56dfe54608ae9b93f79aeaa4/Selecting-and-Implementing-Identity-and-Access-Management-Technologies-The-IAM-Services-Assessment-Model.pdf - [Selecting and implementing Identity and Access Management technologies: The IAM Services Assessment Model] - [economic, security, compliance]
- https://books.google.de/books?hl=de&lr=&id=rAjoyoTv6qcC&oi=fnd&pg=PR1&dq=digital+identity+iam&ots=oKszgw31h6&sig=Qk_nSyB6S-x0Y1qm_QAX6onp3pQ&redir_esc=y#v=onepage&q=digital%20identity%20iam&f=false - [Digital Identity and Access Management: Technologies and Frameworks]
- https://www.ej-eng.org/index.php/ejeng/article/view/3074/1425 - [IAM Identity Access Management—Importancein Maintaining Security Systems withinOrganizations] - [Diagram, Organzation, Definitions]
- https://www.researchgate.net/profile/Ishaq-Azhar-Mohammed/publication/353889576_Intelligent_authentication_for_identity_and_access_management_a_review_paper/links/6116a8b51ca20f6f861e4afd/Intelligent-authentication-for-identity-and-access-management-a-review-paper.pdf - [Intelligent authentication for identity and access management: a review paper]
- https://www.sciencedirect.com/science/article/pii/S2215098617316750 - [Identity and access management in cloud environment: Mechanisms and challenges]
- https://citeseerx.ist.psu.edu/document?repid=rep1&type=pdf&doi=7cedc9204cc2eec7a891996cd88eae9da87d7fe5 - [Identity & Access Management Get in control: IT Governance, people, permission and technical challenges.]
- https://aisel.aisnet.org/cgi/viewcontent.cgi?article=3493&context=cais
- https://www.semanticscholar.org/paper/Optimizing-Identity-and-Access-Management-(-IAM-)-Al-Khouri/33646f2c2013a9740a34f3de8cf2208e0f87bf68 - [Optimizing Identity and Access Management ( IAM ) Frameworks]
- https://pdf.sciencedirectassets.com/305941/1-s2.0-S2215098618X00068/1-s2.0-S2215098617316750/main.pdf - [Identity and access management in cloud environment: Mechanisms and challenges]
- https://dspace.bracu.ac.bd/xmlui/bitstream/handle/10361/17566/22141060%2c%2022141064%2c%2022141049_CSE.pdf?sequence=1&isAllowed=y - [A Multi-Layer Security System for Data Access Control, Authentication, and Authorization] - [Definitions, IDaaS]
- https://www.proquest.com/docview/2775799672?pq-origsite=gscholar&fromopenview=true&sourcetype=Scholarly%20Journals - [Identity and Access Management: High-level Conceptual Framework] - [Concept, Definitions, Framework]
- https://d1wqtxts1xzle7.cloudfront.net/33445363/023_2011-08_Optimizing_IAM_Frameworks-libre.pdf?1397215360=&response-content-disposition=inline%3B+filename%3DOptimizing_Identity_and_Access_Managemen.pdf&Expires=1716989785&Signature=R9NdhRsapLKJOAvJQ1Csd6yrAB9l7dLgy9DL~vDA4ZQCpfZXFJPi7S27EoHVA7DKDs2fpzS-sHwxydcJOd3M5jybgBuugTGWE4A1BwkZaE~VTfOjOOC-67t89af6u9KAFD~Ou5kheqbTrTsZjce4PR~yyIfGWD4i2W0MtFJvOAoJN7ODI7Ya2wHhqqOvKtv34GJ-ZbHB5rLArFjPtAzwt5bz1rqcwuYHt2mr-xLG8NKjsJGnhaZ-5TxUUqUCKVTNbeIQ6dfc2EX10X-eyii5uELIzn7P-LE7-0lNpjheNs-THK7oOqSeW-059qA3d0RTTjVOITh4G24eNP0njq61fg__&Key-Pair-Id=APKAJLOHF5GGSLRBV4ZA - [Optimizing IAM Frameworks]
- https://www.jacn.net/vol3/158-IS009.pdf - [Systematic Review of Identity Access Management in Information Security] - [Taxonomy]
- https://link.springer.com/chapter/10.1007/978-3-642-03829-7_3 - [Federate Identity Management] - [Definition, Identity, IdM]
- https://pdf.sciencedirectassets.com/305941/1-s2.0-S2215098618X00068/1-s2.0-S2215098617316750/main.pdf - [Good source]
- https://www.researchgate.net/profile/U-Hariharan/publication/342215946_Safety_measures_for_EHR_systems/links/626a208105d79a3968a769c4/Safety-measures-for-EHR-systems.pdf#page=84
- https://citeseerx.ist.psu.edu/document?repid=rep1&type=pdf&doi=b556abe34f19d5df5ce551ce023ffecda6f76429 - [Economics of Identity and Access Management: a Case Study on Enterprise Business Services]
- https://www.iso.org/standard/57914.html
- https://iso-docs.com/blogs/iso-27001-standard/iso-27001-annex-a-9-access-control
-
https://fg-secmgt.gi.de/fileadmin/FG/SECMGT/2012/6_Rannenberg_framework_for_identity_management.pdf
-
https://cloudsecurityalliance.org/research/guidance - [CSA Guidance: IAM in DOMAIN 12]
- https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Grundschutz/Umsetzungshinweise/Umsetzungshinweise_2021/Umsetzungshinweis_zum_Baustein_ORP_4_Identitaets_und_Berechtigungsmanagement.pdf?__blob=publicationFile&v=1 - [Umsetzungshinweise ORP.4]
- https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Grundschutz/Kompendium_Einzel_PDFs/02_ORP_Organisation_und_Personal/ORP_4_Identitaets_und_Berechtigungsmanagement_Editon_2020.pdf?__blob=publicationFile&v=1 - [ORP.4]
- https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Grundschutz/Kompendium/Zuordnung_ISO_und_IT_Grundschutz.pdf?__blob=publicationFile&v=5 - [Zuordnung ISO 27001]
- https://www.cio.bund.de/Webs/CIO/DE/digitale-loesungen/it-konsolidierung/dienstekonsolidierung/it-massnahmen/iam/iam-node.html - [IAM als IT-Maßnahme]
- https://www.sap.com/germany/products/financial-management/cloud-iam.html
- https://www.solarwinds.com/de/access-rights-manager
- https://www.pingidentity.com/de/solutions.html
- https://www.cisco.com/site/us/en/products/security/identity-services-engine/index.html
- https://azure.microsoft.com/files/leadership-compass.pdf
- https://citeseerx.ist.psu.edu/document?repid=rep1&type=pdf&doi=30439b6e5dd36d390a7f2e78b7812a1d39d066ce - [Identity Management Systems A Comparison of Current Solutions]
- https://trust.okta.com/compliance/
- https://www.okta.com/sites/default/files/2023-04/Workforce-Identity-Cloud-Security-Privacy.pdf
- https://books.google.de/books?hl=de&lr=&id=dpjsXA5SPPwC&oi=fnd&pg=PA1&dq=identity+and+access+management&ots=VMAXxn9h2B&sig=Z7PmIJw4Feaza7IMe6R-vnau528#v=onepage&q=identity%20and%20access%20management&f=false - [Access control systems]
- https://link.springer.com/chapter/10.1007/978-3-658-17987-8_7 - [Identity- und Access-Management im Unternehmen]
- https://books.google.de/books?hl=de&lr=&id=o8mHSbDHgPsC&oi=fnd&pg=PT5&dq=identity+management+architecture&ots=UUgsnhsH6o&sig=GbkoPZCwuK2cR2IjwlrxXUAooho&redir_esc=y#v=onepage&q=identity%20management%20architecture&f=false - [Digital Identity: Unmasking Identity Management Architecture (IMA)]
- https://books.google.de/books?hl=de&lr=&id=UrmD-Gxt-8IC&oi=fnd&pg=PA5&dq=identity+management+audit&ots=jpMzBzW3tR&sig=r6dBZ8xZN5noybmJtNHNk0H9MWo&redir_esc=y#v=onepage&q=identity%20management%20audit&f=false - [Identity Management: Concepts, Technologies, and Systems]
- https://books.google.de/books?hl=de&lr=&id=BHazecOuDLYC&oi=fnd&pg=PR7&dq=iam+compliance&ots=FC0bJ8pWGe&sig=6XNT5YyU66jKYr0W19SK6Q4drgg&redir_esc=y#v=onepage&q=iam%20compliance&f=false - [Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance] - [good description of iam management and iam lifecycle]
- https://ieeexplore.ieee.org/abstract/document/5689468 - [A Survey of Identity Management Technology] - [Definitions, models, paradigms]
- https://docs.evolveum.com/book/practical-identity-management-with-midpoint.pdf - [Practical Identity Managent with Midpoint]
- https://dl.acm.org/doi/pdf/10.1145/234313.234412
- https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7042715
- https://shazkhan.wordpress.com/wp-content/uploads/2010/10/access-control-systems.pdf
- https://pdf.sciencedirectassets.com/271161/1-s2.0-S1386505606X00746/1-s2.0-S1386505605001747/main.pdf - [Modelling privilege management and access control]
- https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=1206966 - [Organizations Access Control]
- https://www.okta.com/identity-101/whats-the-difference-between-oauth-openid-connect-and-saml/ - [What’s the Difference Between OAuth, OpenID Connect, and SAML?]
- https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7998280 - [SAML, OAuth, OIDC]
- https://link.springer.com/article/10.1186/s40294-014-0005-9 - [SAML, OAuth, OIDC]
- https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7956534 - [SAML, OAuth, OIDC]
- https://www.sciencedirect.com/science/article/pii/S2212017312002988 - [A Survey on Single Sing-On Techniques]
- https://www.iaras.org/iaras/filedownloads/ijems/2022/007-0036(2022).pdf - [Customer Identity and Access Management (CIAM): An overview of the main technology vendors]
- https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7395570 - [Federated Identity Management (FIM): Challenges and Opportunities]