- Enrollment processes represent the entry point to the identity management lifecycle: applicants provide a service with information and evidence to be properly identified, finally obtaining a credential that can be used for authentication from that moment on. Given the recent worldwide events, remote enrollment processes have been widely adopted to allow for identification from home. While this evolution contributes to increasing the level of usability, it yields many security concerns, considering that a violation of an enrollment process can lead to impersonation attacks and identity thefts. In this context, we present and formalize an approach to evaluate enrollment processes and provide comprehensive information on their security, risk and compliance. The evaluation can be finely tuned by providing details on the context (e.g., a set of security controls to consider), in order to obtain more realistic data and enable what-if analyses. By providing the formal bases of the approach, we aim at reducing implementation barriers and fostering a seamless adoption in automated tools.
0 commit comments