Towards Continuous Risk Assessment and Conformance Checking of IdM Deployments

Ensuring effective threat intelligence sharing, continuous risk assessment, and timely response to attacks remains a major challenge in complex Identity Management (IdM) ecosystems and critical infrastructures. Emerging Environmental, Social, and Governance (ESG) platforms are increasingly integrating cybersecurity functions to support transparency, governance, and proactive mitigation workflows. However, incorporating security tools capable of automated conformance checking and continuous risk evaluation introduces challenges related to workflow automation, vulnerability prioritization, and large-scale interoperability.

This paper presents an extended version of Micro-Id-Gym (MIG), an open-source security testing and conformance checking tool for IdM protocols—including OAuth 2.0 and OpenID Connect (OIDC). The enhanced MIG is designed to support continuous risk assessment and mitigation across software supply chains and Zero Trust architectures, focusing on protocol conformance as a critical mechanism for reliability and regulatory compliance in multi-entity deployments. The updated MIG integrates seamlessly into Continuous Integration and Continuous Delivery (CI/CD) pipelines and has been validated on real-world OAuth 2.0 and OIDC deployments, enabling automated security testing, continuous conformance verification, and trustworthy IdM operations.