Skip to main content
View expanded cover

Cloud Computing for Enterprise Architectures pp 115–133Cite as

Identity and Access Management in Cloud Computing

Part of the Computer Communications and Networks book series (CCN)

Abstract

With Cloud computing, the latest addition in system architecture, consumers and companies can scale up to massive capacities in an instant without having any investment in new infrastructure or they can even shrink to a desktop within a second. But this service-oriented computing is becoming controversial due to the lack of privacy and security issues. In a recent survey conducted by International Data Corporation (IDC), 87.5% of the participants suggested security as the main reason for reluctance on the part of enterprise IT to aggressively adopt Cloud computing in future system deployments. This chapter discusses a possible solution for Identity and Access Management (IAM) to help enterprise IT organizations and Cloud providers to improve their services. Managing access control and governance within IAM, to meet today’s business needs in the Cloud environment, remains one of the major hurdles for enterprises’ adoption of Cloud services. Today’s aggressive adoption of immature Cloud computing services by enterprises creates extreme thrust to have a strong Cloud-based IAM system which provides support for business needs ranging from secure collaborations with global partners to secure access for global employees consuming sensitive information, from any location and using any device at any time. The motive of this chapter is to show readers a standard possible way to develop an IAM system. This idea can work as seed for someone or a development/research group to come up with a complete full solution.

Keywords

  • Cloud Computing
  • Access Control
  • Cloud Provider
  • Cloud Service Provider
  • Trust Third Party

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

This is a preview of subscription content, access via your institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-1-4471-2236-4_6
  • Chapter length: 19 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   109.00
Price excludes VAT (USA)
  • ISBN: 978-1-4471-2236-4
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   149.99
Price excludes VAT (USA)
Hardcover Book
USD   149.99
Price excludes VAT (USA)
Learn about institutional subscriptions
Fig. 6.1
Fig. 6.2
Fig. 6.3
Fig. 6.4
Fig. 6.5
Fig. 6.6
Fig. 6.7
Fig. 6.8
Fig. 6.9
Fig. 6.10

Notes

  1. 1.

    Kerberos is an authentication protocol for trusted hosts on un-trusted networks.

  2. 2.

    First openly published public key or key-exchange mechanism.

References

  1. Kumaraswamy, S., Lakshminarayanan, L., Reiter, M., Stein, J., Wilson, Y.: Guidance for Identity & Access Management V2.1. Cloud Security Alliance (CSE), April 2010. Online: http://www.cloudsecurityalliance.org/guidance/csaguide-dom12-v2.10.pdf (2010). Last access 10 Oct 2010

  2. Courtney M.: How mature cloud computing. Online: http://www.computing.co.uk/ctg/feature/1843193/how-mature-cloud-computing-market (2010). Last access 24 Dec 2010

  3. Cloud Computing Market – Global Forecast (2010–2015): Online: http://www.marketsandmarkets.com/Market-Reports/cloud-computing-234.html (2010). Last access 1 Jan 2011

  4. Cloud Computing Market – Global Forecast (2010–2015): Online: http://www.toadhillreviews.com/cloud-computing-market/ (2010). Last access 29 Dec 2010

  5. Christiansen C., Kolodgy C., Hudson S., Pintal G.: Identity and access management for approaching clouds [white paper]. Online: https://community.jivesoftware.com/servlet/JiveServlet/previewBody/29809-102-1-53773/cloud_security_wp_236234.pdf (2010). Last access 22 Dec 2010

  6. Li, D., Liu, C., Wei, Q., Liu, Z., Liu, B.: RBAC-based access control for SaaS systems. In: The proceedings of 2010 2nd International Conference on Information Engineering and Computer Science (ICIECS), Wuhan, pp. 1–4. doi:10.1109/ICIECS.2010.5.678213 (2010)

  7. Albeshri., A., Caelli, W.: Mutual protection in cloud computing environment. In: The proceedings of 2010 12th IEEE International Conference on High Performance Computing and Communications, Melbourne, pp. 641–646. doi:10.1109/HPCC.2010.87 (2010)

  8. Ranchal, R., Bhargava, B., Othmane, L., Lilien, L.: Protection of identity information in cloud computing without trusted third party. In: The proceedings of 2010 29th IEEE International Symposium on Reliable Distributed Systems, New Delhi, pp. 368–372 (2010)

    Google Scholar 

  9. Sharma, A.: Cloud computing and open source, May 2010. Online: http://ldn.linuxfoundation.org/article/cloud-computing-and-open-source (2010). Last access 11 Nov 2010

  10. Ben-Or, M., Goldwasser, S., Wigderson, A.: Completeness theorems for on-cryptographic fault-tolerant distributed computation. In: Proceedings of the Twentieth Annual ACM Symposium on Theory of Computing, Chicago, IL, May 1988, pp 1–10 (1988)

    Google Scholar 

  11. Kumaraswamy, S., Lakshminarayanan, S., Reiter, M., Stein, J., Wilson, Y.: Domain 12: Guidance for Identity & Access Management V2.1. Cloud Security Alliance. Online: http://www.cloudsecurityalliance.org/guidance/csaguide-dom12-v2.10.pdf (2010). Last access 2 Oct 2010

  12. Harkins, D., Carrel, D.: The Internet Key Exchange (IKE), RFC 2409. IETF Network Working Group. Online: http://www.ietf.org/rfc/rfc2409.txt (1998). Last access 12 Jan 2011

  13. Ricciardi, F., MIT Kerberos Consortium: Kerberos protocol tutorial. Online: http://www.kerberos.org/software/tutorial.html (2007). Last access 22 Dec 2010

  14. SANS Institute InfoSec Reading Room: A review of the Diffie-Hellman algorithm and its use in secure internet protocols. Online: http://www.sans.org/reading_room/whitepapers/vpns/review-diffie-hellman-algorithm-secure-internet-protocols_751 (2001). Last access 12 Jan 2011

    Google Scholar 

  15. Rescorla, E.: Diffie-Hellman key agreement method, RFC 2631. IETF Network Working Group. Online: http://www.ietf.org/rfc/rfc2631.txt (1999)

  16. RSA Laboratories, RSA Laboratories’: FAQ about today’s cryptography, version 4.1. RSA Security Inc., 2000. Online: http://www.rsa.com/rsalabs/faq/index.html (2000). Last access 12 Dec 2010

  17. Benjamin, L.: Diffie-Hellman method for key agreement. Online: http://apocalypse.org/pub/u/seven/diffie.html (1997). Last access 22 Dec 2010

  18. RSA Laboratories: PKCS #3: Diffie-Hellman key-agreement standard, version 1.4. Revised Nov 1, 1993. Online: http://www.rsalabs.com/pkcs/pkcs-3/index.html (1993). Last access 27 Jan 2011

  19. Tutorial Point: Web Services behavioural characteristics. Online: http://www.tutorialspoint.com/webservices/web_services_characteristics.htm (2011). Last access 17 Jan 2011

  20. Xuelei, W., Jia, C., Bilan, R.: Web Service architecture and application research. In: International Conference on E-Business and Information System Security, 2009 (EBISS ’09), 23–24 May 2009, pp. 1–5. doi:10.1109/EBISS.2009.5138146 (2009)

  21. Ahmed, K.E.U.: Developing a prototype of identity and access management. Research Project in ACET Center, University of Reading, Reading (2011). 28 Feb 2011

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Electrical & Computer Engineering, RMIT University, Melbourne, Australia

    Khandakar Entenam Unayes Ahmed

  2. ICREA Research Professor in Computational Science at Barcelona Supercomputing Centre, Barcelona, Spain

    Vassil Alexandrov

Authors
  1. Khandakar Entenam Unayes Ahmed
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Vassil Alexandrov
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Khandakar Entenam Unayes Ahmed .

Editor information

Editors and Affiliations

  1. School of Computing, University of Derby, Kedleston Road, Derby, DE22 1GB, United Kingdom

    Zaigham Mahmood

  2. School of Computing, University of Derby, Kedleston Road, Derby, DE22 1GB, United Kingdom

    Richard Hill

Rights and permissions

Reprints and Permissions

Copyright information

© 2011 Springer-Verlag London Limited

About this chapter

Cite this chapter

Ahmed, K.E.U., Alexandrov, V. (2011). Identity and Access Management in Cloud Computing. In: Mahmood, Z., Hill, R. (eds) Cloud Computing for Enterprise Architectures. Computer Communications and Networks. Springer, London. https://doi.org/10.1007/978-1-4471-2236-4_6

Download citation

  • DOI: https://doi.org/10.1007/978-1-4471-2236-4_6

  • Published:

  • Publisher Name: Springer, London

  • Print ISBN: 978-1-4471-2235-7

  • Online ISBN: 978-1-4471-2236-4

  • eBook Packages: Computer ScienceComputer Science (R0)