Integrated Security Administration in a Global Information System

Jeffy Mwakalinga, Louise Yngström

ABSTRACT

This paper describes an integrated security administration that can be used for global organizations and electronic government systems. It integrates certification systems, authorization systems, registration systems and smart card systems. Many organizations today are having departments all over the world. Employees, employers and customers have to access information located in different countries. This complicates management of security systems for the organizations. The challenges that the organization face include providing authentication, authorization, protection of information, non-repudiation, integrity, privacy and other security services in the global environment. Today, certification, authorization, smart card and registration systems are usually installed and used separately without sharing common data and without any common security administration procedures. Thus a new employee or citizen, who needs registration services, a smart card, a public key certificate, and authorization attributes must usually identify her multiple times and must perform registration procedure at four different administration stations. In this research, an integrated security administration procedure for all four security systems has been designed, where users are registered once and all relevant security data and procedures are shared among the four security systems. Therefore, the new integrated security administration is not only more efficient than existing procedures, but it is also simpler to manage and saves administration costs. This system is based on the Security Assertion Markup Language (SAML). SAML is an XML-based framework for exchanging security information. The research has achieved two goals: functional integration of data and security administration procedures and visual integration through a common security administration interface. These results are of high interest and importance when managing different components of an integrated security system.