Proposing a digital identity management framework: A mixed-method approach

This research aims to study the most critical elements of digital identity management to recognize the pattern and the requirements of their use and implementation. Further, an attempt is made to identify and prioritize the criteria and their relevant indicators of digital identity management in the form of a comprehensive framework. To this end a fuzzy multicriteria decision-making approach was utilized. The framework focuses on a comprehensive perspective to consider digital identity and deals with compiling strategies and operational patterns based on the defined priorities. This applied research with a fundamental approach has a descriptive-explanatory method as well. Through an in depth-review of the extant literature and designing an instrument as well as semi-structure interview the necessary data were collected. The research population consists of 10 experts. By reviewing the theoretical literature of the research, effective factors were identified and screened by the Fuzzy Delphi method leading to six main factors and 31 subfactors. Then, the collected data were analyzed through a hybrid technique known as FDANP (Fuzzy DEMATEL-ANP) to determine the interactions between the factors and the subfactors and to weigh and prioritize them. The obtained results revealed that "strategic planning" is the most influential factor in digital identity management. Also, the subfactors namely "The use of the maturity model of digital identity management," "commitment to the whole organization," "integrity of digital identity management system with other systems," "integrity of digital identity management program," and "integrity of the two dimensions of identity management and access management" were ranked as the most influential subfactors of "strategic planning," respectively. "Access management" was the most permeable factor in digital identity management. It means that this factor is the main problem and could be solved with the help of the influential factors. In addition, subfactors: "Access control to all resources only through the digital identity management system," "Solution for access management of premium accounts," "Multi-factor authentication support," "Access policy to all resources and information," and "Determination of the manner of the user access to resources outside the organization" were ranked as the most permeable subfactors.