Web-services
research and protocol applications have been around and in use for
quite some time now. With the potential Capex and Opex savings
enterprises can potentially realise from utilizing a cloud computing
service model, there should also be added focus on ensuring that
security is properly implemented either in authentication or
authorization.
Cloud Computing, with its foundation in the world of virtualization, can take advantage of key aspects of web service implementations and security practice; but only to a point. Web service policies are based on a static model that is known, defined, regulated and contained. However, with Cloud Computing, these dynamics change. We can assert that within the cloud environment we deal with a heterogeneous digital ecosystem that is dynamic in nature.
Cloud Computing, with its foundation in the world of virtualization, can take advantage of key aspects of web service implementations and security practice; but only to a point. Web service policies are based on a static model that is known, defined, regulated and contained. However, with Cloud Computing, these dynamics change. We can assert that within the cloud environment we deal with a heterogeneous digital ecosystem that is dynamic in nature.
This leads to a concept which has been a topic of interest for the last several years -Federated Identity Management (FIM). FIM is a process where users are allowed to dynamically distribute identity information across security domains. Authenticated identities that are recognised are able to participate in personalised services across domains, thereby increasing portability of digital identities (i.e. customers, partners, joint ventures, vendors, affiliates, subsidiaries and employees).
With this process there is no central storage of personal information, however users are still able to link identity information between accounts. This process can significantly reduce costly repeated provisioning, mitigate security loopholes and resolve traditional user issues caused by rigid application architecture.
Any enterprise that will be conducting business within the cloud will come across some instance that involves third party trust. Enterprises can implement a federation model to insure against the risk of supporting a business model where there is a strong likelihood of a third party risk.
The Federated Identity Management model involves four logical components, the user, the user agent, the service provider (SP), and the identity provider (IdP), all of which are based on Trust and Standards. Identity Management (IdM) plays an important part in this evolving virtualized world of Cloud Computing as it ensures the compliance and regulations (e.g. HIPAA, SOX,); security and collaboration needed for an enterprise
According to Maler and Reed; One can then state that the basic concept of federated identity management is a process whereby a user's identification is conducted on the Web with the process called Single-Sign-on (SSO).
There are three main federated identity protocols:
1.Security Assertion Markup Language (SAML)
2.OpenID specification and
3.InfoCard specification underlying Microsoft's Windows Cardspace
While SAML 2.0 SSO can be described as the gold standard for implementation, OpenID is also a choice for quite a few in the industry. There is however shortcoming with OpenID when compared to SAML 2.O, nevertheless a combination of say Open ID and InfoCard can compensate for most shortcomings.
Of course we can take this even further with the option of biometrics; however the objectives, needs and requirements of a business should be primary drivers regarding which standard or protocol to implement. We should also ensure a required degree of interoperabilty between client and vendor applications and the SLA definitions
No comments:
Post a Comment