Open In App

Standards and Protocols in IAM for Cloud Services

Improve
Improve
Like Article
Like
Save
Share
Report

Pre-requisite: IAM

In this article, we’ll discuss the IAM standards that act as an impetus for organizations who want to use or upgrade their services to the cloud, organizations that are currently using the cloud services should also be taken into consideration by the cloud services providers’ commitment for supporting the IAM standards.

Identity Access Management Standards for Organisations

Given below Identity access management standards will help companies/organizations to build effective and efficient user access management into practice in the cloud.

Challenges Faced in User Access Management by Cloud Users

  1. How can one avoid duplication of attributes, identity & credentials and besides that also provide a single sign-on user experience for users?
  2. How can one automatically provision over the user accounts and also automate the whole process of provisioning and de-provisioning?
  3. How can one provision the user accounts with enough privileges and manage the entitlement for all users?
  4. How can one authorize cloud Service X to access user data in cloud service Y without disclosing the credentials?

SAML (Security Assertion Markup Language)

SAML is the most widely used specifications family for browser-based federated sign-on for cloud users. After the user authenticates himself to the identity service he can access the provisioned cloud services that come under the trusted domain, Since the security assertion markup language enables the delegation by using risk-based authentication policies customer can select to use strong authentication for specific cloud services, which can be achieved by using the organization’s identity providers(IdP) which supports strong and delegated authentications. By using this authentication technique the users are less vulnerable to attacks.

Strong authentication is advisable to protect the credentials of users from man-in-the-middle attacks, thus supporting a SAML standard enables an authentication model for cloud customers.

SSO into Google Apps from the browse

 

SPML (Service Provisioning Markup Language)

SPML is an XML-based framework that was developed by OASIS for exchanging user resources and service provisioning information among cooperating organizations. Service Provisioning Markup Language is an emerging standard that can help organizations in automating the provisioning of identities of users for cloud services. Whenever SPM is available organizations should use it to provide accounts of users and profiles with the cloud service.

If SPM is implemented as SaaS(Software-as-a-service) providers “in-time provisioning” for creating accounts of new users in real-time. In this model, the cloud service providers extract attributes from the Service Provisioning Markup Language(SAML) token of a new user, which results in the creation of an SPML message on the fly, and hand over the request to a provisioning service which will add the user’s identity into the cloud database.

Usage of SPML can result in standardization and automation of user or system access and entitlement rights to the cloud services So that the users are not forced into proprietary solutions.

SPML (Service Provisioning Markup Language)

 

XACML (eXtensible Access Control Markup Language)

It is an OASIS-certified general-purpose extensible markup language(XML) based access control language for policy management and access decisions. It uses XML schema for policy language which is used to protect the resources and protect access decisions over these resources.

It not only gives the model of the policy language but also gives a processing environment model for managing the policies and concluding the access decisions. It also specifies the request-response protocol that is used by the application environment for communicating at the decision point; the response for access is also specified in XML.

Most the web-applications have an in-built authorization model which grants or denies access to certain functions of the application or resources based on roles assigned to users. In a centralized IAM architecture, the applications which require specific authorization make it difficult to state the access rights of any individual users across all applications. Hence, the goal here is to provide access control methods, standardized language, and a common policy authorization standard. These decisions are based on the user’s role and job functions.

XACML (eXtensible Access Control markup language)

 

Open Authentication (OAuth)

It is an authentication standard that allows customers to share their private resources/files such as files, videos, pictures, etc. stored on one cloud service provider with another cloud service provider without disclosing any authentication information such as username or password.

It was created for enabling authorization via a secure application program interface(API), It is a method for publishing and interacting with the protected data for application developers but for cloud service providers it is a way through which users can access their data which is hosted by another provider while protecting their user credentials.

sequence of interactions between customer or partner web application

 


Last Updated : 19 Dec, 2022
Like Article
Save Article
Previous
Next
Share your thoughts in the comments
Similar Reads