An Ontology-Based Identity and Access Management Metamodel for Secure Adaptive Enterprise Architecture

Publication Type:
Issue Date:
Full metadata record
Security, driven by the need of securing digital assets, is an indispensable component of a modern digital enterprise. An identity and access management (IAM) system is a vital element of secure digital enterprise architecture (EA). IAM is a combination of identity management (IDM) and an access management system (ACM) where IDM ensures secure access to enterprise resources by verifying an entity's identity. On the other hand, ACM grants appropriate access to protected resources. Developing an adaptive IAM system that fulfils business requirements and can grow over time with the continually evolving business environment is challenging. This demands an ontology-based IAM metamodel, which is adaptive and can be instantiated for different situations. Ontologies are useful to unambiguously conceptualise various constructs of a domain and the interrelations among them. On the other hand, a metamodel defines the semantics of a modelling language. It offers a set of elements that can be utilised to create a model. An IAM metamodel that is founded on an IAM ontology can be semantically expressed, communicated, and managed. This IAM metamodel can be used to create a domain-specific IAM model. This research addresses this need and develops an ontology-based integrated IAM metamodel for secure digital EA using the well-known design science research (DSR) method. The integrated IAM metamodel has four main components: IAM ontology, IDM metamodel, ACM metamodel, and the integrated IAM metamodel. The IAM ontology provides detailed, unambiguous meaning to the necessary IAM-related entities and their relationships. The IDM metamodel offers the set of elements, based on ontology, required to model an IDM system for a particular context. Similarly, the ACM metamodel provides the necessary elements to create domain-specific models for ACM systems. Finally, the integrated IAM metamodel is developed by combining the IDM and ACM metamodels, allowing an enterprise to model their IDM system and ACM system in an integrated manner. The proposed IAM metamodel is evaluated using the demonstration method from DSR. An IAM pattern system has been instantiated using the metamodel for evaluation purposes, consisting of eight patterns. Each pattern focuses on a specific IAM-related problem. Furthermore, a case study has been performed to evaluate the applicability of the developed metamodel. The result of this research indicates that the proposed ontology, metamodel and patterns can be used by academic and architects to design and implement situation-specific IDM and ACM architectures and solutions within the overall context of a secure digital enterprise architecture.
Please use this identifier to cite or link to this item: