Introducing Dynamic Identity and Access Management in Organizations

Efficient and secure management of access to resources is a crucial challenge ini¾źtoday's corporate IT environments. During the last years, introducing company-wide Identity and Access Management IAM infrastructures building on the Role-based Access Control RBAC paradigm has become the de facto standard for granting and revoking access to resources. Due to its static nature, the management of role-based IAM structures, however, leads to increased administrative efforts and is not able to model dynamic business structures. As a result, introducing dynamic attribute-based access privilege provisioning and revocation is currently seen as the next maturity level of IAM. Nevertheless, upi¾źto now no structured process for incorporating Attribute-based Access Control ABAC policies into static IAM has been proposed. This paper closes the existing research gap by introducing a novel migration guide for extending static IAM systems with dynamic ABAC policies. By means of conducting structured and tool-supported attribute and policy management activities, the migration guide supports organizations to distribute privilege assignments in an application-independent and flexible manner. In order to show its feasibility, we provide a naturalistic evaluation based on two real-world industry use cases.