Academic journal article International Journal of Electronic Commerce Studies

Technology of Federated Identity and Secure Loggings in Cloud Computing

Academic journal article International Journal of Electronic Commerce Studies

Technology of Federated Identity and Secure Loggings in Cloud Computing

Article excerpt

ABSTRACT

Federated services are becoming widely implemented at many sites in multiple domain networks for cloud computing across many industry segments. New technology is required not only for federated authentication, but also for services operating distributed attributes, which are both static and dynamic. In addition to the technology, the sites that provide services across multiple domain networks are required to store every log as audit trails. This paper focuses on SAML and ID-WSF, which are the technology and the architecture for identity management and secure web services, discusses deployments and problems in the real world, then proposes a fast and safe technology that extends the ID-WSF for services and logs. To verify the effectiveness of the proposed technology and architecture, the latencies of SAML SSO that exchange SOAP messages are measured and considered in a cloud computing environment.

Keywords: Federation, Identity, Authentication, SAML, ID-WSF, Cloud Computing, Log

1. INTRODUCTION

Along with the wide deployment of cloud computing in many fields, the number of network services not only completed within the same network domain, but also federated with multiple sites among network domains has been increasing. In the case of federated services, federated authentication among multiple sites is necessary. Some federated authentication standards are Security Assertion Markup Language (SAML), OpenID, and Open Authorization (OAuth)1,2,3.

A set of aggregated personal information held by each site providing federated services is called an "identity" and a set of personal information of attributes associated by federated authentication is called a "federated identity".

To use the personal information of attributes of a federated identity, protocols that consider privacy protection and security are necessary. In addition to SAML, a transmission method for attributes using Shibboleth extended by SAML and the Liberty Identity Web Service Framework (ID-WSF), which applies the mechanism of identity verification using SAML assertion, have been specified4,5.

Some companies that develop services on cloud computing provide an Application Program Interface (API) to perform federated authentication of their users' information systems. One example of enterprise usages of cloud computing is Google Apps, which uses the SAML API known as "SAML Single Sign-On (SSO) Services for Google Apps"6. Another example is Salesforce.com, which provides the SAML API known as "Single Sign-On with SAML on Force.com"7. As enterprise usages of cloud computing, SAML has gained a favorable reputation for federated authentication and identity.

Although the technology for federated identities such as SAML has been deployed in many places, the technology for usage of personal information of attributes has not been sufficiently studied from the viewpoint of both speed and safety. Personal attributes include not only the information of "static attributes", such as name, address, birth date, gender, etc., but also the information of "dynamic attributes", such as GPS location, blood pressure, and pulse, etc.8. In past studies of federated identity technology for managing static attributes, the technology of roaming methods for a user's device has been developed to shorten the elapsed time of authentication9. But no work has been done on the federated identity technology that manages dynamic attributes, which are accumulated at every moment of every day, with consideration of speed and safety. If a site that manages the information of attributes cannot quickly transfer that information to another site during a user interaction, the user experience can be severely affected. If the site is located in an area that has low network latency, the problem of a long elapsed time of transferring the attributes may not occur. However, if the site is in a cloud computing data center that is geographically located at a far distance, for example, at the opposite side of the earth, the latency is expected to be so high that the Round Trip Time (RTT) is long. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.