Cloud Computing Concepts:
Besides IaaS, PaaS, and SaaS cloud computing
introduces another service model known as “Identity
as a service” (IDaaS).
Identity as a Service (IDaaS) is an
authentication infrastructure that is built, hosted and managed by a
third-party service provider.
IDaaS can be implemented as SSO (single sign-on) for the cloud.
IDaaS for the enterprise is typically purchased
as a subscription based managed service. A cloud service provider may also host
applications for a fee and provide subscribers with role- based access to
specific applications or even entire virtualized desktops through a secure
Employees in a company require to login into
system to perform various tasks. These systems may be based on local server or
cloud based. Following are the problems that an employee might face:
Remembering different username and password
combinations for accessing multiple servers.
If an employee leaves the company, it's required
to ensure that each of the user's account has been disabled. This increases
workload on IT staff.
To solve these issues, IDaaS emerged. IDaaS offers management of identity (information) as
a digital entity. This identity can
be used during electronic transactions.
There are several identity services that have been deployed
to validate services such as validating web sites, transactions, transaction
participants, client, etc. Identity as a Service may include the following:
Risk and Event monitoring
Single sign-on services
Identity and Profile management
Single Sign – On (SSO)
To solve the issues of using different usernames and
password combinations for different servers, companies now employ Single
sign-On software, which allows the user to login only one time and manages the
user’s access to other systems. SSO has single authentication server, managing
multiple accesses to other systems
Following steps explain the working of Single Sign-On
User logs into the authentication server using a
username and password.
The authentication server returns the user's
User sends the ticket to intranet server.
Intranet server sends the ticket to the
Authentication server sends the user's security
credentials for that server back to the intranet server.
an employee leaves the company, then it just required to disable the user’s
access to all the systems
Federated Identity Management (FIDM)
FIDM provide the technologies and protocols that enables a
user to package security credentials across security domains. It uses Security Mark-up language (SAML) to
package a user’s security credentials
Open ID enables users to login into multiple websites with
single account. Google, Yahoo!, Flickr, Myspace, WordPress etc. support Open ID
Increased site conversation rates.
Access to greater user profile content.
Fewer problems with lost passwords.
Ease of content integration into social