Cloud Security
Moderator:
Architectural Patterns for the Intersection of IAM and Cloud Computing
Architectural Patterns for the Intersection of IAM and Cloud Computing
Cloud Identity and Security
Using Identity Management and Federation to establish a reliable and safe environment to use cloud offerings in today’s world.
Identity and Access in the Cloud
Identity and Access in the Cloud
Organizations are adopting IT services in the Cloud to reduce costs, but how does this change the way identity needs to be managed? This session describes how using the Cloud influences identity and access management within an organization. It explains the risks involved and describes best practices and technologies for managing these risks based on ISO 27001.
Privacy Protected Authentication and Authorisation
Privacy Protected Authentication and Authorisation
CardSpace in the Cloud describes a web based federated identity management system which is based on the user centric approach of the Information Card model, but has been significantly enhanced to remove many of the problems inherent in Microsoft’s original design. The new design is an alternative to UProve and Idemix credentials, and uses existing SAML 2 federations and assertions. Our model supports privacy protection of the user attributes, user mobility and the aggregation of multiple claims from different identity providers (IdPs), whilst only requiring the user to authenticate via just one of his IdPs. Furthermore no constraints are placed on the authentication mechanism that is used by this IdP. The level of assurance (LoA) of the authenticating IdP is built into the design.
All this is achieved by introducing a new component, the Linking Identity Selector, which can run anywhere in the cloud, and allows the user to select multiple cards at service provision time. Users can then use the combined set of credentials to access a wider range of web based resources. We describe a use case which allows the user to present a credit card, a self asserted card, a hotel loyalty card and a frequent flyer card in order to make an online hotel booking, using voice biometrics for authentication.