Chapitre6-Cloud IAM
Chapitre6-Cloud IAM
Chapter 5
Cloud Computing IAM
5 ArcTIC
Manel Medhioub
[email protected]
Esprit 2020-2021
Lesson plan
1- Introduction
2- Identity and Access Management
3- Identity Federation and SSO
5- IAM Standards for Cloud Computing
6- Benefits and Challenges
Introduction
3
Introduction
4
Introduction
Business
IT Admin Developer End User Security/ Compliance
Owner
Too many user Redundant Too many Too many Too expensive
stores and code in each passwords orphaned to reach new
account admin app Long waits for accounts partners,
requests Rework code access to apps, Limited channels
Unsafe sync too often resources auditing ability Need for
scripts control
Source: Identity and Access Management: OverviewRafal Lukawiecki - Strategic Consultant, Project Botticelli Ltd [email protected]
5
Introduction
6
Introduction
8
Introduction
9
Introduction
10
Introduction
13
Identity and Access Management
15
Identity and Access Management
• In fact, it:
identifies the issue of the need for cloud users to
manage two separate authentication and
authorization schemas, the proprietary, and the
one offered by the cloud provider.
proposes the use of Identity Federation as a
potential solution.
16
Identity and Access Management
18
Identity and Access Management
Multifactor Authentication
20
Identity Federation and SSO
28
IAM Standards for Cloud Computing
29
IAM Standards for Cloud Computing
Authorization is nearly always about
Who?
Credits: all icons from the Noun Project | Invisible: Andrew Cameron, | Box: Martin Karachorov | Wrench: John O'Shea | Clock: Brandon Hopkins
31
IAM Standards for Cloud Computing
XACML
• The XACML
eXtensible Access Control Markup Language
Standard
defines an XML-based language for stating policy
and forming access control decisions.
focuses on the mechanism for arriving at
authorization decisions
32
IAM Standards for Cloud Computing
XACML
Decide
Policy Decision Point
Support
Policy Information Point
Policy Retrieval Point
Manage
Policy Administration Point
34
Fine-Grained Authorization for Cloud-based Services, David Brossard, Axiomatics
IAM Standards for Cloud Computing
XACML
XACML
Mgmt
API
App#1
Functional API
3. Customer A users use the SaaS application App#2
App#3
Central IT:
Company A SaaS provider
36
IAM Standards for Cloud Computing
XACML (OP2)
VPN
SaaS App #1
SaaS App #2
SaaS App #3
37
IAM Standards for Cloud Computing
XACML (OP3)
Native
API
App#1
Functional API
Customer A users use the SaaS application App#2
App#3
Central IT:
Company A SaaS provider
38
IAM Standards for Cloud Computing
Standard Supporting companies Open standard Cloud provider Requests
or protocol name
YES
SAML Oracle, IBM, Allow customers to delegate authentication
Novell, Microsoft and choose authentication methods
YES
XACML Oracle, Allow authorization that may represent
IBM, CISCO, Red Hat complex policies, required by enterprise-
scale applications
YES
OAuth Google, Twitter, Allow users to access their data while
Facebook protecting their account and credentials
information, which is not sent.
YES
OpenID Google, IBM, Provides SSO for consumers
Microsoft, yahoo,
Orange, payPal
YES
OATH VeriSign, Unification across three widely used
SanDisk, industrial standards.
Gemalto, Entrust
39
Benefits and Challenges
Benefits today
Benefits to take you forward
(Tactical)
(Strategic)
40
Source: Identity and Access Management: OverviewRafal Lukawiecki - Strategic Consultant,
Benefits and Challenges
41
Benefits and Challenges
42
Benefits and Challenges