Components, Requirements and interoperability of IDaaS
Prerequisites – Identity as a Service (IDaaS) as a cloud Based service, Service classes and system codes of conduct in IDaaS
Identity-as-a-Service (IDaaS) refers identity and access management services provided through the cloud on a subscription basis. Identity-as-a-Service is typically fully on-premises and provided via set of software and hardware means.
1. Components of IDaaS:
Following are described key components of IDaaS which satisfies the requirements of IDaaS:
- Policy Enforcement Point –
- Policy Decision Point –
IDaaS can support Security Policy’s designer by providing them an inference mechanism to analyse and derive any elements related to Security Policy from an existing application during the configuration phase of the service. Security policy should be derivative semi- or fully-automatically and published in a defined method to a central service of the Cloud provider to facilitate automated reliable concession with other partner services in the cloud.
- Policy Information Point –
Policy Information Point in the reference architecture of XACML delivers user information for Policy Decision Point to make decisions. In IDaaS, this part also maintains identity roaming between IDaaS in various security domains.
- Policy Administration Point –
It is an endpoint to provide functionalities for operators of tenant deployment to review the derived policies and configure on demand.
- Orchestration engine –
It is the central service of a basic Cloud Provider, to compose the life cycle of Authorization Infrastructure (AAI) in the provider.
This plugin intercepts authentication request and maintain authorization for the service providers. When Security Policy are provisioned to a Cloud Platforms, Policy Enforcement Point is a configurable module depending on adaptive information from a installation process of the cloud provider’s orchestration engine.
2. Requirements of IDaaS:
Following are necessary requirements of IDaaS:
- Control the life cycle of Authentication and Authorization Infrastructure (AAI)
- Automated trust negotiation
- Privacy protection for identity roaming
3. IDaaS Interoperability:
Identity as a Service delivers a relevant mechanism to integrate identity service into individual applications with minimal development effort, by enabling the identification logic and storage of an identity’s attribute to be handled externally. IDaaS application can be separated from other categorized systems by their compliance with Service Oriented Architecture (SOA) standards, particularly if user want to have these services interoperate and be federated. Therefore, Cloud computing Identity as a Service applications must base on a set of developing industry standards to deliver interoperability. The following are necessary services that comes under Identity as a Service interoperability:
- User centric authentication –
It is usually in the form of information cards. The OpenID and CardSpace specifications support this category of data object.
- The XACML policy language –
It is a general-purpose authorization policy language which enables a distributed ID system to write and enforce custom policy expressions. XACML can work with SAML when SAML offerings a request for ID authorization, XACML checks the ID request against its policies and either grants or denies the request.
- The SMPL provisioning language –
It is an XML response language which is utilize to integrate and interoperate service provisioning requests. SPML is a standard of OASIS’s Provision Services Technical Committee (PSTC) which follows the with Service Oriented Architecture (SOA).
- The XDAS audit system –
The Distributed Audit service delivers accountability for users accessing a system, and the exposure of security policy violations at the time of attempts made to access the system by unauthorized users or by users accessing the system in an unauthorized way.