216

M. Polychronaki et al.

Fig. 4 Attribute-based access control system

rules are applied by the access control mechanism (ACM). The ACM is essentially

the point of the system where the decisions are made based on the policies configured

by access control rules.

However, both of these models are designed to work under specific scenarios,

thus producing disadvantages in some implementations [16]. For example, RBAC

was designed for the case of only one administrator for IAM and problems arise

when the administration is to be handled by multiple users. ABAC models heavily

depend on the fine-grained design of the policy’s architecture. This model cannot

be efficiently applied when there are cross-interfering attributes for subjects causing

errors in the access management functionality.

To solve the latter problem of the ABAC model, there have been efforts for

designing further mechanisms for attribute quality management [16]. This means that

subject and object attributes which are handled exclusively by the IAM system are

contextually analyzed and evaluated for preventing logical failures due to conflicting

attributes.

2.2

Responsibilities of IAM

The obligation of any IAM system is two-fold with the first to be identity management

and the second is access management [8]. The first one is about all the processes

which have an effect on the digital equivalent of an entity, which is its identity. Thus,

identity management includes but is not limited to services for:

• Creation of an entity’s identity

• Assignment of attributes to identities

• Management of login credentials