APJ ABDUL KALAM TECHNOLOGICAL UNIVERSITY
THIRD SEMESTER MCA DEGREE EXAMINATION, JULY 2018
Course Name: CLOUD COMPUTING
Identity Protocol Standards define how exchange identity information between parties.
- Many protocols that provide identity services form the basis to create interoperability among services.
- Commonly used Identity protocol standards:
- XACML and SAML
- OpenID 2.0 is the standard associated with creating an identity and authenticate its use by a third-party service.
- It is the key to creating Single Sign-On (SSO) systems.
- OpenID doesn’t specify the means for authentication of an identity; a particular system should execute the authentication process.
- Authentication can be by a Challenge and Response Protocol (CHAP), through smart card, or a biometric measurement.
- In OpenIDL, the authentication procedure has the following steps:
- The end-user uses a program like a browser that is called a user agent to enter an OpenID identifier.
- The OpenID is presented to a service that provides access to the resource that is desired.
- An entity called a relaying party queries the OpenID identity provider to authenticate the accuracy of the OpenID credentials.
- The authentication is sent back to the relaying party from the identity provider and access is either provided or denied.
XACML and SAML
XACML and SAML
- The second protocol used is a set of authorization markup languages that create files in the form of XACML and SAML.
-SAML (Security Assertion Markup Language)
-XACML (eXtensible Access Control Markup Language)
- SAML is a standard for passing authentication and authorization between an identity provider and the service provider.
- The Security Assertion Markup Language (SAML) standard enables the secure exchange of authentication and authorization information between security domains
- Taken as a unit, OpenID and SAML are used as the standard authentication mechanism for clients accessing cloud services.
- It is particularly important for services such as mashups that draw information from two or more data services.
- An open standard called OAuth provides a token service that can be used to present validated access to resources.
- The use of OAuth tokens allows clients to present credentials that contain no account information (userID or password) to a cloud service.
- The token comes with a defined period after which it can no longer be used.
Windows Azure Identity Standards
- The Windows Azure Platform uses a claims-based identity based on open authentication and access protocols.
- These standards may be used without modification on a system that is running in the cloud or on-premises.
- Windows Azure security draws on the following three services:
- Active Directory Federation Services 2.0
- Windows Azure AppFabric Access Control Service
- Windows Identity Foundation (WIF)