Information Technology Reference
In-Depth Information
case-study lies with their significance for dealing with sensitive and critical identity
and user information.
This topic chapter is organized as follows: Section 2 presents the related work
covering IDMS from an inter-Cloud perspective. Components of the proposed Se-
cure IDMS for federated Cloud environment along with a complete work-flow is
discussed in Section 3. Section 4 presents the use-case scenarios of the proposed
system. However, details regarding the evaluation tools and techniques with corre-
sponding results are presented in Section 5. Finally, in Section 6 we conclude this
chapter by highlighting our contribution and future research directions.
2
Related Work
Identity management is among the top security challenges that organizations face
while moving their critical identity data at Cloud. Cloud identity management sys-
tems may exist in different flavors, however, Federated IDMS is the common de-
ployment model used for inter-Cloud environments. Several IDMSs [5, 6, 7] have
been proposed in the past few years; however, here we explain only a few well-
known Cloud based FIM systems that are closely related to the proposed secure
Identity Management System for federated Cloud environment. Celesti et al. in [8]
have proposed an Inter-Cloud Identity Management Infrastructure (ICIMI) where
Home Cloud forwards the federation request to Foreign Cloud with the aim of
expanding its virtualization infrastructure. Similarly, Yan et al. in [9] have also
discussed various issues regarding web-service security and proposed a Federated
Identity Management (FIM) system for Cloud along with Hierarchical Identity-
Based-Cryptography (HIBC). Security APIs for My Private Cloud is presented in
[10] that discusses a set of three security APIs. These APIs are designed for allow-
ing the users to delegate their access rights to anyone at any time and offers federated
access rights to Cloud resources.
We have analyzed various identity management systems [8, 9, 11] and our study
reveals that none of the existing systems heuristically cover all the required fea-
tures including privacy, user-centricity, real-time synchronization, provisioning, de-
provisioning, interoperability and access right delegation; which are much needed
for federated Cloud IDMSs. Further, each of the analyzed system has its own cer-
tain weaknesses regarding interoperability, implementation and deployment. For in-
stance,
Security APIs for my Private Cloud
[10] offers PHP based implementa-
tion for the proposed solution, clearly limiting its utility to PHP based applications
only, hence lacks interoperability. In addition to this, it offers no security mecha-
nism to protect its authorization database and access right delegation tokens from
illegal modification and forgery. Therefore, considering the prospective adoption of
FIM systems, we propose a secure identity management system for federated Cloud
environment that ensures interoperability, access right delegation, real-time syn-
chronization along with communication level security and privacy. All of the afore-
mentioned features collectively provide the desired level of security, privacy and
interoperability.
Search WWH ::
Custom Search