Information Technology Reference
In-Depth Information
Listing 1
SCIM User Provisioning
{
"schemas"
:[urn:scim:schemas:core:1.0,
"urn:scim:schemas:extension:enterprise:1.0"
],
userName:
"Umme"
,
externalId:
"Uhabiba"
,
name:{
"formatted"
:
"Umme
Habiba"
,
"givenName"
:
"Umme"
,
"familyName"
:
"Ali"
},
password:
"123@sadf@@wsd"
,
id:
"ghf_1245"
,
roles:[{
"value"
:
"Patient"
}],
locale:
"Islamabad"
,
preferredLangauge:
"English"
,
addresses:[{
"streetAddress"
:
"Sector
H-12"
,
"primary"
:
true
}],
emails:[{
"value"
:
"11msccsuhabiba@seecs.edu.pk"
}],
phoneNumbers:[{:[{
"value"
:
"92334532589"
}]}]
3.
User Account(A/C) Management:
User account management module is
responsible for the management of changes in user account throughout their
identity's lifetime. Cloud subscribers may subscribe for new Cloud services or
resources; such activities are reliably adjusted for the respective user across
multiple Cloud servers. For instance, if change in user's access privileges or at-
tribute values is encountered then that account change is made accordingly and
timely in a synchronized manner.
4.
Authentication:
Provisioning module forwards the information regarding user
authentication such as user name, user-ID, password etc. to the authentication
server. Our authentication server implements SSO authentication using SAML
2.0 SSO profile, which allows the CSC to access multiple distinct Cloud re-
sources with just one time authentication within a single session. Furthermore,
security and privacy of identity credentials during the communication is ensured
through encrypted SAML authentication request and response. Sample SAML
authentication query request and response are presented in Listing 2 and List-
ing 3 for better understanding.
5.
Authorization:
This module is responsible for ensuring legitimate access to
Cloud services and resources. We have implemented
Role-Based Access Con-
trol model (RBAC)
using XACML, that creates and enforces the access control
policies for the subjects (CSCs) based on their roles assigned by the provision-
ing module.
Search WWH ::
Custom Search