Different Approaches to In-House Identity Management - Justification of an Assumption

The use of roles in identity management infrastructures (IdMI) has proven to be a solution for reorganising and securing access structures of employees. The definition of enterprise-wide roles is one of the most challenging and costly tasks during role development projects. It needs to be carried out on the basis of a predefined role development methodology (RDM). In this paper we present existing methodologies and show their respective pros and cons. Lately some researchers have informally stated that hybrid role development is the most promising way to define roles, however, there hasnpsilat been given a well-defined justification for this decision. The main contribution of this paper is hence the deduction of evaluation criteria based on information gathered from literature, practical experiences, and shortcomings of existing role development approaches. The evaluation criteria form the basis for a comparison framework verifying the assumption that hybrid RDMs are superior to role engineering and role mining methodologies.