Building User Authentication in An Inter-Organisational Information System
Full text | |||
Source | Journal of Information Systems Security Volume 2, Number 3 (2006)
Pages 49–68
ISSN 1551-0123 (Print)ISSN 1551-0808 (Online) |
||
Authors | Raija Halonen — University of Oulu, Finland | ||
Publisher | Information Institute Publishing, Washington DC, USA |
Abstract
This paper explores how user authentication was built in an interorganisational web-based information system that was designed to support the management of student mobility between universities. The study serves forth-coming implementations giving information from a completed information system implementation. So far there is not much literature concentrating on building security in inter-organisational systems. Because the users of the joint information system came from different universities, the user management had to be properly and confidently managed. This was catered using an architecture called Shibboleth. The need for the information system came from the student affairs officials who had to do a lot of manual checking and paper work when they managed student mobility in their universities. In addition to the student affairs officials, also the students who wanted to study elsewhere than their home university used this information system. The research method used was case study. The research material consisted of memorandums, emails and personal observations made by the researcher.
Keywords
Inter-Organisational Information System, User Authentication, Implementation, Strategic Alliance
References
Act 523 (1999), Personal Data Act. http://www.finlex.fi/english/ laws/index.php (Accessed April 15, 2005).
Act 516 (2004), Act on Electronic Communication. http://www.finlex.fi/pdf/sk/04 vihko080.pdf (Accessed April 15, 2005) In Finnish.
Baskerville, R. (1992), “The Developmental Duality of Information Systems Security”, Journal of Management System, 4 (1): 1-22.
Blonk, van der H. (2003), “Writing case studies in information systems research”, Journal of Information Technology, 18 (1): 45-52.
Bologna (2003), http://www.bologna-berlin2003.de/ (15 April 2005).
Daniel, E.M., and White, A. (2005), “The future of inter-organisational system linkages: findings of an international Delphi study”, European Journal of Information Systems, 14 (2): 188-203.
Das, T.K., and Teng, B.-S. (1998), “Between trust and control: Developing confidence in partner cooperation in alliances”, Academy of Management Review, 23 (3): 491-512.
Davis, G. B., and Olson, M. H. (1985), Management information systems: Conceptual foundations, structure and development, 561-601, Mc-Graw-Hill Book Company, New York.
DeLone, W. H., and McLean, E. R. (1992), “Information Systems Success: The Quest for the Dependent Variable”, Information Systems Research, 3 (1): 60-95.
Frankl, V.E. (1963), Man’s search for meaning, Beacon Press, Boston.
Halonen, R. (2004), ‘Many faces of collaboration in an information system project’, in Concurrent Engineering. The Worldwide Engineering Grid, eds. M. Sobolewski and J. Cha, Tsinghua University Press, Beijing, 449-454.
Halonen R. (2005), ‘Virtual community with information system’, in Next Generation Concurrent Engineering: Smart and Concurrent Integration of Product Data, Services, and Control Strategies, eds. M. Sobolewski and P. Ghodous, ISPE Inc., New York, 261-266.
Håkansson, H. (1992), Corporate Technological Behaviour. Cooperation and Networks, Routledge, London, 108-118.
Johnston, H.R. and Vitale, M.R. (1988), “Creating Competitive Advantage with Interorganizational Information Systems”, Mis Quarterly, 12 (2): 153-165.
Klein, K., and Myers, M. (1999), “A set of principles for conducting and evaluating interpretative field studies in information systems”, MIS Quarterly, 23 (1): 67-94.
Kotlarsky, J., and Oshri, I. (2005), “Social ties, knowledge sharing and successful collaboration in globally distributed system development projects”, European Journal of Information Systems, 14 (1): 37-48.
Kumar, K., van Dissel, H. G., and Bielle, P. (1998), “The merchant of Prato – revisited: Toward a third rationality of information systems”, MIS Quarterly, 22 (2): 199-225.
Laudon, K.C, and Laudon, J.P. (1998), Management information systems, 5th ed. Prentice-Hall Int, New Jersey. 506-537.
Lorenzi, N. M., and Riley, R. T. (2003), “Organizational issues = change”, International Journal of Medical Informatics, 69: 97-203.
Lucas Jr, H. C. (1981), Implementation, the Key to Successful Information Systems, Columbia University Press, New York.
Lyytinen, K., Mathiassen, L., and Ropponen, J. (1998), “Attention Shaping and Software Risk - A Categorical Analysis of Four Classical Risk Management Approaches”, Information System Research, 9 (3): 233-255.
Van Maanen, J. (1988), Tales of the Field: On Writing Ethnography, University of Chicago Press, Chicago.
Markus, M. L. (1983), “Power, politics and MIS implementation”, Communications of the ACM, 26 (6): 430-444.
McEvily, B., Perrone, V., and Zaheer, A. (2003), “Trust as an Organizing Principle”, Organizational Science, 14 (1): 91-103.
Munkvold, B.E. (1999), “Challenges of IT implementation for supporting collaboration in distributed organizations”, European Journal of Information Systems, 8: 260-272.
Newbury, D. (2001), “Diaries and Fieldnotes in the Research Process”, Research Issues In Art Design and Media No 1. http://www.biad.uce.ac.uk/research/riadm/issueOne/ default.asp (15 April 2005).
Schultze, U. & Boland, Jr. R.J. (2000), “Knowledge management technology and the reproduction of knowledge work practices”, Journal of Strategic Information Systems 9 (2-3): 193-212.
Sherer, S.A. and Alter, S. (2004), “Information system risks and risk factors: Are they mostly about information systems?”, Communications of the Association for Information Systems, 14: 29-64.
Shibboleth. (2005), http://shibboleth.internet2.edu/. (20 April 2005) Siponen, M. (2002), ‘Designing secure information systems and software’. Acta Universitatis Ouluensis A387. University of Oulu, Oulu.
Stake, R. (2000), ‘Case studies’, in: Handbook of Qualitative Research, eds. N.K. Denzin & Y.S. Lincoln, SAGE Publications Inc., Thousand Oaks, California, 435-454.
Stewart, K. J. (2003), “Trust Transfer on the World Wide Web”, Organization Science, 14 (1): 5-17.
Vaast, E. and Walsham, G. (2005), “Representations and actions: the transformation of work practices with IT use”, Information and Organization, 15: 65-89.
Walsham, G. (1993), Interpreting information systems in organizations, Wiley, Chichester UK.
Whitworth, B., and de Moor, A. (2003), “Legitimate by design: towards trusted socio-technical systems”, Behaviour & Information Technology, 22 (1): 31-51.
Wikipedia. (2005), http://en.wikipedia.org/wiki/Shibboleth (15 April 2005).
Williams, T. (1997), “Interorganisational Information Systems: issues affecting interorganisational cooperation”, Journal of Strategic Information Systems, 6: 231-250.
Yin, R. K. (2003), Case Study Research. Design and Methods. Third Edition. SAGE Publications Inc., London.