Identity Management - KeyRock

Chapter:
Security
Version:
5.1
Updated:
2016-10-21
Contact Person:
Joaquín Salvachúa / Álvaro Alonso
jsalvachua@dit.upm.es aalonsog@dit.upm.es
Feedback:
criteria value label
The overall label is the average of all individual labels assessed by Sep 2016
Documentation completeness Good A+
Documentation soundness Good A+
APIs Failure Rate 0,04 tests failed/executed A+++
Detected defects by Priority 1,75 average bugs priority A+
Time to respond issues 9,9 days B
Time to fix issues 2,6 days A++
Scalability 1,03 response time/thread number A+++
Performance 324 authorization/authentication requests per second B
Stability Memory/CPU are progressively increasing but no leak A

What you Get

Identity Management covers a number of aspects involving users' access to networks, services and applications, including secure and private authentication from users to devices, networks and services, authorization & trust management, user profile management, privacy-preserving disposition of personal data, Single Sign-On (SSO) to service domains and Identity Federation towards applications. The Identity Manager is the central component that provides a bridge between IdM systems at connectivity-level and application-level. Furthermore, Identity Management is used for authorising foreign services to access personal data stored in a secure environment. Hereby usually the owner of the data must give consent to access the data; the consent-giving procedure also implies certain user authentication.

Why to Get it

Identity Management is key on any architecture. IdM offers tools for administrators to support the handling of user life-cycle functions. It reduces the effort for account creation and management, as it supports the enforcement of policies and procedures for user registration, user profile management and the modification of user accounts. Administrators can quickly configure customized pages for the inclusion of different authentication providers, registration of tenant applications with access to user profile data and the handling of error notifications. For end users, the IdM provides a convenient solution for registering with applications since it gives them a means to re-use attributes like address, email or others, thus allowing an easy and convenient management of profile information. Users and administrators can rely on standardised solutions to allow user self-service features. As it is possible to configure several applications that shall be linked to his IdM, the main benefit for users is a single sign-on (SSO) to all these applications. The IdM offers hosted user profile storage with specific user profile attributes. Applications do not have to run and manage their own persistent user data storages, but instead, can use the IdM user profile storage as a Software as a Service (SaaS) offering.

Open Specification

Keyrock is an implementation of the FIWARE Identity Management Generic Enabler. More specifically, Keyrock implements the following APIs and Open Specifications:
Label: 
A+
Efficency Description: 
criteria value label
The overall label is the average of all individual labels assessed by Sep 2016
Documentation completeness Good A+
Documentation soundness Good A+
APIs Failure Rate 0,04 tests failed/executed A+++
Detected defects by Priority 1,75 average bugs priority A+
Time to respond issues 9,9 days B
Time to fix issues 2,6 days A++
Scalability 1,03 response time/thread number A+++
Performance 324 authorization/authentication requests per second B
Stability Memory/CPU are progressively increasing but no leak A