Hybrid authentication and authorization model for web based applications

Organizations are extensively using Identity and Access Management (IAM) systems to manage and control the employees' identity and access privileges. An IAM system acts as a single trusted source of identity and access information. Securing and safeguarding of this sensitive information from malicious insiders and cyber assaults are essential for the successful operation of an organization. Accordingly, organizations require a well-defined authentication and authorization mechanism which ensure only the right persons at a right time with right privileges access the right applications. Though there are different Identity and Access Management models for authentication and authorization, those models have limitations in the implementation phase. Considering the hindrances and implementation pain points of the existing IAM models, this paper proposes a hybrid authentication and authorization model for secure and user-friendly web-based applications. The paper compares different access control models and their features with the proposed hybrid model.