Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Economic issues of federated identity management

An estimation of the costs of identity lifecycle management in inter-organisational information exchange using transaction cost theory
: Kurowski, Sebastian

Hühnlein, Detlef (Ed.); Roßnagel, Heiko (Ed.); Kuhlisch, Raik (Ed.); Ziesing, Jan (Ed.) ; Gesellschaft für Informatik -GI-, Bonn:
Open Identity Summit 2015 : 10. - 11.11.2015, Berlin, Germany
Bonn: Gesellschaft für Informatik, 2015 (GI-Edition : lecture notes in informatics - proceedings 251)
ISBN: 978-3-88579-645-9
Open Identity Summit <2015, Berlin>
Bundesministerium für Bildung und Forschung BMBF
13N13102; VERTRAG
Vertrauenswürdiger Austausch Geistigen Eigentums
Fraunhofer IAO ()

Inter-organisational data-exchange is common in inter-organisational value-chains. Currently information providing organizations enrol users of suppliers, in order to enable them to access their services and information. This leaves some users with the issue of handling multiple credentials, introducing risks of password-reuse [Iv04] and weak-passwords [Ne94]. Federated identity management eases this scenario, by enabling users to authenticate against their organizations’ identity [Hü10]. However, the costs involved in managing the underlying identity and rights lifecycle have hardly been considered. This paper addresses this gap, by using the principal-agent theory, and transaction cost theory, structuring the identity lifecycle using [BS08] [IS05] [IS10], and estimating the management costs. We finally analyse the economic benefits of federated identity management in inter-organizational information exchange. We find that while process costs for executing the identity lifecycle are reduced for the information provider, by introducing federated identity management, the control costs reduce, and in one case even diminish this cost benefit. We briefly discuss our findings, and conclude that further mechanisms and research is required to reduce the efforts in auditing, in order to fully unlock the security and economic benefits of federated identity management.