International Journal of Open Information Technologies

Nowadays different processes for the users are provided with usage of digital services. Digitalization of the existing processes requires development of the user information processing systems. The system must provide user identification and authentication using registered identity data. For this task identity and access management systems are used. During the digital systems development, several models for user identity and access management systems were created. Starting from an isolated model where the service (sometimes called the registrar) generates a separate user account during the registration himself, ending with sovereign model, where after identity provider generates and gives the user his identity data, the user can register in the system himself and perform an authentication using registered data without identity provider. In some models used there exists a threat of the user authentication data theft by an adversary in order to achieve a service on behalf of the user. The problem is complicated by the fact that the switchover the digital services should not exclude their physical counterpart where an adversary also must not have an ability to use the user authentication data on behalf of the user. The paper considers identification and authentication systems according to the existing models and compares these models in terms of security properties, authentication process performance and the ease of use from each participant perspective.

Government standard GOST R 59583-2021 Information technology. Set of standards for automated systems. Automated systems. Terms and definitions.

Government standard GOST R 51275-2006 Protection of information. Object of informatisation. Factors influencing the information. General.

Government standard GOST R 58833-2020 Information protection. Identification and authentication. General.

Government standard GOST R 54581-2011/ISO/IEC/TR15443-1:2005 Information technology. Security techniques. A framework for IT security assurance. Part 1. Overview and framework.

Walden D. C., Van Vleck T. The compatible time sharing system (1961 1973): Fiftieth anniversary commemorative overview. — IEEE Computer Society, 2011.

Government standard GOST R ISO/IEC TO 10171-98 Information technology. Telecommunication and information exchange between system. List of standard data link layer protocols that utilize high-level data link control (HDLC) classes of procedures and list of standardized XID format identifiers and private parameter set identification values.

Postel J. Internet protocol ― DARPA internet program protocol specification, RFC 791 // (No Title). — 1981.

Dierks T., Rescorla E. RFC 5246: The transport layer security (TLS) protocol version 1.2. — 2008.

Kaufman C., Hoffman P., Nir Y. et al. RFC 7296: Internet Key Exchange Protocol Version 2 (IKEv2). — 2014.

Openid connect core 1.0 / N. Sakimura, J. Bradley, M. Jones et al. // The OpenID Foundation. — 2014. — P. S3.

Abadi M., Fournet C. Private authentication // Theoretical Computer Science. — 2004. — Vol. 322, no. 3. — P. 427–476.

Randomizing RFID private authentication / Q. Yao, Y. Qi, J. Han et al. // 2009 IEEE International Conference on Pervasive Computing and Communications / IEEE. — 2009. — P. 1–10.

ISO/IEC 9798-1:2010 Information technology. Security techniques. Entity authentication. — 2010.

ISO/IEC 10181-2:1996 Information technology. Open Systems Interconnection. Security frameworks for open systems: Authentication framework. — 1996.

ISO/IEC 29115:2013 Information technology. Security techniques. Entity authentication assurance framework. — 2013.

Lloyd B., Simpson W. RFC1334: PPP Authentication Protocols. –– 1992.

Neuman C., Yu T., Hartman S., Raeburn K. RFC 4120: The Kerberos network authentication service (V5). — 2005.

Personal data exchange protocol: X / Belsky V. S., Gerasimov I. Y., Tsaregorodtsev K. D., Chizhov I. V. // International Journal of Open Information Technologies. — 2020. — Vol. 8, no. 6. — P. 1–23.

Identity-based authentication for cloud computing / H. Li, Y. Dai, L. Tian, H. Yang // Cloud Computing: First International Conference, CloudCom 2009, Beijing, China, December 1-4, 2009. Proceedings 1 / Springer. — 2009. — P. 157–166.

Decentralized identifiers (dids) v1. 0 / D. Reed, M. Sporny, D. Longley et al. // Draft Community Group Report. — 2020.

Digital identities and verifiable credentials / J. Sedlmeir, R. Smethurst, A. Rieger, G. Fridgen // Business & Information Systems Engineering. — 2021. — Vol. 63, no. 5. — P. 603–613.

A study of the effectiveness of usage examples in rest api documentation / S. M. Sohan, F. Maurer, C. Anslow, M. P. Robillard // 2017 IEEE symposium on visual languages and human-centric computing (VL/HCC) / IEEE. — 2017. — P. 53–61.