The prevention of unauthorized access to information and abuse of information and communication technology (ICT) resources is fundamental to cybersecurity. An extensive effort had been made towards the standardization of identity and access management. However, the access environment is continuously changing and traditional mechanisms are unable to deal with the challenges of evolving security threats. This is firstly because traditional data centre infrastructure is moving to the cloud, and consequently the perimeter security devices for traditional data centres are not applicable to cloud-based data centres. Secondly, internal threats are becoming more and more serious, e.g., authorized users trying to perform dangerous operations caused by negligence, or internal users being attacked by social engineering which may lead to impersonation risks. Thirdly, the status of user devices or resources may become insecure during the access process, e.g., operating system (OS) or software in user devices and resource platforms being compromised by exploitation of misconfigurations, or access requests being intercepted, etc.

The service access process is the process during the interval between a subject (i.e., user and user device) initiating access request(s) and receiving response(s) from a service, which may involve a variety of the above-mentioned security threats.

In order to deal with these challenges, it is crucial to continuously analyse related security status, verify the rationality of access activity, protect the security of access processes and prevent unsecure access. Recommendation ITU-T X.1011 defines a reference framework for keeping continuous protection of the service access process.