Components, Requirements and interoperability of IDaaS

Prerequisites – Identity as a Service (IDaaS) as a cloud Based service, Service classes and system codes of conduct in IDaaS
Identity-as-a-Service (IDaaS) refers identity and access management services provided through the cloud on a subscription basis. Identity-as-a-Service is typically fully on-premises and provided via set of software and hardware means.

1. Components of IDaaS:
Following are described key components of IDaaS which satisfies the requirements of IDaaS:

  1. Policy Enforcement Point –
    This plugin intercepts authentication request and maintain authorization for the service providers. When Security Policy are provisioned to a Cloud Platforms, Policy Enforcement Point is a configurable module depending on adaptive information from a installation process of the cloud provider’s orchestration engine.
  2. Policy Decision Point –
    IDaaS can support Security Policy’s designer by providing them an inference mechanism to analyse and derive any elements related to Security Policy from an existing application during the configuration phase of the service. Security policy should be derivative semi- or fully-automatically and published in a defined method to a central service of the Cloud provider to facilitate automated reliable concession with other partner services in the cloud.
  3. Policy Information Point –
    Policy Information Point in the reference architecture of XACML delivers user information for Policy Decision Point to make decisions. In IDaaS, this part also maintains identity roaming between IDaaS in various security domains.
  4. Policy Administration Point –
    It is an endpoint to provide functionalities for operators of tenant deployment to review the derived policies and configure on demand.
  5. Orchestration engine –
    It is the central service of a basic Cloud Provider, to compose the life cycle of Authorization Infrastructure (AAI) in the provider.

2. Requirements of IDaaS:
Following are necessary requirements of IDaaS:

  1. Control the life cycle of Authentication and Authorization Infrastructure (AAI)
  2. Scalability
  3. Automated trust negotiation
  4. Privacy protection for identity roaming
  5. Performance

3. IDaaS Interoperability:
Identity as a Service delivers a relevant mechanism to integrate identity service into individual applications with minimal development effort, by enabling the identification logic and storage of an identity’s attribute to be handled externally. IDaaS application can be separated from other categorized systems by their compliance with Service Oriented Architecture (SOA) standards, particularly if user want to have these services interoperate and be federated. Therefore, Cloud computing Identity as a Service applications must base on a set of developing industry standards to deliver interoperability. The following are necessary services that comes under Identity as a Service interoperability:

  • User centric authentication –
    It is usually in the form of information cards. The OpenID and CardSpace specifications support this category of data object.
  • The XACML policy language –
    It is a general-purpose authorization policy language which enables a distributed ID system to write and enforce custom policy expressions. XACML can work with SAML when SAML offerings a request for ID authorization, XACML checks the ID request against its policies and either grants or denies the request.
  • The SMPL provisioning language –
    It is an XML response language which is utilize to integrate and interoperate service provisioning requests. SPML is a standard of OASIS’s Provision Services Technical Committee (PSTC) which follows the with Service Oriented Architecture (SOA).
  • The XDAS audit system –
    The Distributed Audit service delivers accountability for users accessing a system, and the exposure of security policy violations at the time of attempts made to access the system by unauthorized users or by users accessing the system in an unauthorized way.


My Personal Notes arrow_drop_up

Check out this Author's contributed articles.

If you like GeeksforGeeks and would like to contribute, you can also write an article using contribute.geeksforgeeks.org or mail your article to contribute@geeksforgeeks.org. See your article appearing on the GeeksforGeeks main page and help other Geeks.

Please Improve this article if you find anything incorrect by clicking on the "Improve Article" button below.




Article Tags :

Be the First to upvote.


Please write to us at contribute@geeksforgeeks.org to report any issue with the above content.