Toward Secure and Trustworthy Identity Management Systems: A Knowledge-base Driven Approach

Identity Management systems (IdMs) provide digital identities to billions of internet users. They are the foundation of modern information systems and key enablers of access control, security, and privacy. However, IdMs are complex socio-technical systems that require the orchestration of technical, organizational, legal, and human factors to ensure their security, privacy, and resilience. Achieving this is easier said than done, since IdM designers need to navigate the multitude of possible system designs, analyzing their trade-offs and shortcomings. In this context, the lack of a comprehensive body of knowledge on IdMs constitutes a key challenge for IdM design and analysis. We address this issue with a systematic review of the literature to build a comprehensive knowledge base that encompasses technical, organizational, and legal aspects of IdMs. The knowledge base is built on an ontology representing information systems with a focus on entities relevant for threat modeling. We propose a prototype tool that enables the exploration of the knowledge base to help IdM designers analyze their solutions and visualize possible alternative design choices. By connecting design goals and requirements to mitigations and threats, the tool provides practitioners with actionable solutions to harden the system and achieve their security and privacy goals through a threat modeling workflow. This research paper provides academia and industry with a significant contribution through an IdM Knowledge Base to support policymakers, IdM designers, and researchers in creating secure, robust, and privacy-preserving IdMs.