AN INTEROPERABILITY FRAMEWORK FOR IDENTITY FEDERATION IN MULTI-CLOUDS
Federation For The Cloud Opportunities For A Single Identity
-
Upload
vladimir-jirasek -
Category
Documents
-
view
6.954 -
download
2
description
Transcript of Federation For The Cloud Opportunities For A Single Identity
Federation for the cloud: opportunities for a single identity
Vladimir JirasekApril 2011
Teaser
• Cloud computing has changed the way IT departments deliver the services to the business. Many organisations, small or big, need to share the data with their partners. Furthermore, organisations need to give access to their systems to the users furthermore organisations. Traditional models relied on creating accounts in local identity databases. More recent approach uses federation between two organisations that trust each other. However, what if you take federation concept to the cloud. Can there be such a service as federated identity in the cloud? Could we all end-up with one single identity that is used for all our activities? The presentation will give some fresh views on this topic.
Problem definition – Personal space
• Users have multiple “credentials” that they use to access different resources
• Passwords are usually reused thus increasing the risk of account compromise
• PKI has not solved the problem, created new; has challenges where user interaction is needed
• Users want seamless access to resources without losing the comfort – one identity reusable everywhere?
• Can I use my personal identity at work? No? Why not?
How many identities do I have?
I have over 200 identities in my 1Password dabatase
Problem definition – corporate space
• Management of user identities in a typical corporation is a challenge. Size does matter.
• Typical applications can reuse existing identity and access platforms (AD, LDAP, Kerberos, PKI) however this requires good project governance and architecture
• Companies have business relationships with 3rd parties – built on trust and supported by contracts, yet many corporations manage 3rd party account on their internal IAM platforms – security, cost and compliance issues
• Companies engage with cloud providers and the problem of managing identities and access to cloud service is something that needs to be solved
User identity experience in a typical company – still challenges
Many applications support SSO with odd ones out of SSO platform
IAM platform
Business applications placed on the company network
User identity experience in a typical company with a number of 3rd parties
Internal Systems use IAM platform
IAM platform
Business applications placed on the company network
3rd parties providersOffering services to the business
3rd parties access company’s applications
User identity experience in a typical company with cloud
Many applications support SSO with odd ones out of SSO platform
IAM platform
Business applications placed on the company network
Cloud providers
Put it all together and there are lots of challenges
• Challenges in internal IAM platforms and its implementation
• Challenges in accessing Cloud services and managing users identities and entitlements
• Challenges in accessing 3rd party services• Challenges in managing 3rd party access to company
resources• Add the challenges with end users and their personal
identities and the situation becomes very hard to manage• Mindset change resistance with lack of guidance and
maturity models
One personal identity?
Can I end up with just one identity?
Trusted agency
Issue an identity
Use the identity
Business solution
• SSO inside a company• Identity federation and automated account
provisioning with 3rd parties and cloud providers (in content provider mode)
• Inbound federation with 3rd parties (in identity provider mode)
Solution for both?
IAM platform
Business applications placed in the cloud
Cloud providers
Government trusted assured cloud identity broker
Where are we today?
• Different assurance standards even for paper travel documents (such as passports) issued by different government
• Some government issue e-Identity – usually used for message signing and eGovernment portals access
• IM cloud providers promised yet not emerging (is there a business model?)
• Technology supports the vision
What next?
• Sort internal SSO• Cloud providers to support prominent cloud
identity provider platforms• Develop world-wide standards for identity
assurance – both business and government related (CAMM can help at least with the business side)
• Create business model for cloud providers to support new identity platforms