Before organizations move applications to the cloud, they must consider various aspects of identity management procurement and authentication users access and authorization control. While provisioning supports creating users and manage through the life cycle, authentication is essential to establish identity and is a prerequisite for the necessary access to resources.
authentications Challenges include not only credential management and strong authentication, but also manageability and user experience. Different types of cloud providers and users have different authentication requirements. While SaaS and PaaS providers offer built-in authentication mechanism and also support authentication delegation, administrators in IaaS and application users must be managed separately. Construction organizations of their own private clouds trying to leverage existing corporate standards. In all these cases, it is important to maintain the standards-based methods rather than using proprietary methods as it helps in scale, management and protection of investments.
Organizations are increasingly beyond the traditional boundaries and allow partners, customers and remote users to access various applications with different levels of privileges. Users need to move between different environments and maintain their access levels provisioned. In cloud computing environments, identity federation is becoming a key tool to authenticate users with identity providers (IdP). This requires the secure exchange of identity attributes between the service provider (SP) and the IdP
Service Provider (SP) : Applications deployed in the cloud or in companies
identity Provider (IdP) : A source of authentication for authorized service users
Various identity federation standards have emerged, including SAML, WS-federation , OpenID and CardSpace. While OpenID and CardSpace are frames that allow users to manage their own SAML and WS-Federation identity provide centralized control of identities and enable federation between trusted parties.
Federation also enables Single Sign-On (SSO) for users as they access applications deployed in enterprise and in the cloud.
SAML for Web SSO
SAML 2.0 is an XML-based protocol that uses security tokens containing assertions to pass user information between a supplier identity and a service provider. SAML 2.0 enables authentication and authorization based on the Web, including single sign-on (SSO).
0 Komentar