- Besides IaaS, PaaS, and SaaS cloud computing introduces another service model known as “Identity as a service” (IDaaS).
- Identity as a Service (IDaaS) is an authentication infrastructure that is built, hosted and managed by a third-party service provider.
- IDaaS can be implemented as SSO (single sign-on) for the cloud.
- IDaaS for the enterprise is typically purchased as a subscription based managed service. A cloud service provider may also host applications for a fee and provide subscribers with role- based access to specific applications or even entire virtualized desktops through a secure portal
- Employees in a company require to login into system to perform various tasks. These systems may be based on local server or cloud-based. Following are the problems that an employee might face:
- Remembering different username and password combinations for accessing multiple servers.
- If an employee leaves the company, it's required to ensure that each of the user's account has been disabled. This increases the workload on IT staff.
To solve these issues, IDaaS emerged. IDaaS offers management of identity (information) as a digital entity. This identity can be used during electronic transactions.
There are several identity services that have been deployed to validate services such as validating websites, transactions, transaction participants, client, etc. Identity as a Service may include the following:
- Directory Services
- Federated Services
- Authentication Services
- Risk and Event monitoring
- Single sign-on services
- Identity and Profile management
Single Sign – On (SSO)
To solve the issues of using different usernames and password combinations for different servers, companies now employ Single sign-On software, which allows the user to login only one time and manages the user’s access to other systems. SSO has single authentication server, managing multiple accesses to other systems
Following steps explain the working of Single Sign-On software:
1. User logs into the authentication server using a username and password.
2. The authentication server returns the user's ticket.
3. User sends the ticket to intranet server.
4. Intranet server sends the ticket to the authentication server.
5. Authentication server sends the user's security credentials for that server back to the intranet server.
Note: If an employee leaves the company, then it just required to disable the user’s access to all the systems
Federated Identity Management (FIDM)
FIDM provide the technologies and protocols that enable a user to package security credentials across security domains. It uses Security Mark-up language (SAML) to package a user’s security credentials
Open ID enables users to log in to multiple websites with a single account. Google, Yahoo!, Flickr, Myspace, WordPress etc. support Open ID
- Increased site conversation rates.
- Access to greater user profile content.
- Fewer problems with lost passwords.
- Ease of content integration into social networking sites.