TY - GEN
T1 - An Analysis of Open Standard Identity Protocols in Cloud Computing Security Paradigm
AU - Naik, Nitin
AU - Jenkins, Paul
N1 - © 2016 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
PY - 2016/10/13
Y1 - 2016/10/13
N2 - Cloud computing enables businesses to use computing resources on-demand anywhere in the world without having to build and maintain computing infrastructures in-house. This model involves multiple parties performing diverse operations via the Internet across multiple organisations. Employees and consumers can access resources and services from their own and associated organisations. Despite the success of cloud computing, its security paradigm has one major challenge: how to determine the identity and access rights of users across all the organisations. The user's credential and sensitive information are always stored and maintained by the parent organisation, however, other partner organisations require verification of the user's identity and access rights to allow them to access their services and resources. The biggest difficulty is to communicate the user's identity to their partner organisations without sending their sensitive information. Numerous open standard identity protocols have been introduced in the last two decades. Amongst all, three standard identity protocols Security Assertion Markup Language (SAML), Open Authentication (OAuth), and OpenID Connect (OIDC) are the most established protocols in the cloud computing industry. Therefore, this paper presents a working prototype and critical analysis of these three open standard identity protocols SAML, OAuth and OIDC. It also explores evaluation criteria which are used for this analysis purpose. Finally, it discusses their strengths and limitations, and determines the most suitable open standard identity protocol for all types cloud computing models.
AB - Cloud computing enables businesses to use computing resources on-demand anywhere in the world without having to build and maintain computing infrastructures in-house. This model involves multiple parties performing diverse operations via the Internet across multiple organisations. Employees and consumers can access resources and services from their own and associated organisations. Despite the success of cloud computing, its security paradigm has one major challenge: how to determine the identity and access rights of users across all the organisations. The user's credential and sensitive information are always stored and maintained by the parent organisation, however, other partner organisations require verification of the user's identity and access rights to allow them to access their services and resources. The biggest difficulty is to communicate the user's identity to their partner organisations without sending their sensitive information. Numerous open standard identity protocols have been introduced in the last two decades. Amongst all, three standard identity protocols Security Assertion Markup Language (SAML), Open Authentication (OAuth), and OpenID Connect (OIDC) are the most established protocols in the cloud computing industry. Therefore, this paper presents a working prototype and critical analysis of these three open standard identity protocols SAML, OAuth and OIDC. It also explores evaluation criteria which are used for this analysis purpose. Finally, it discusses their strengths and limitations, and determines the most suitable open standard identity protocol for all types cloud computing models.
KW - Cloud Computing Security
KW - IDaaS
KW - OAuth
KW - Open Standard Identity Protocols
KW - OpenID Connect
KW - SAML
KW - SSO
UR - http://www.scopus.com/inward/record.url?scp=84995495141&partnerID=8YFLogxK
UR - https://ieeexplore.ieee.org/document/7588881
U2 - 10.1109/DASC-PICom-DataCom-CyberSciTec.2016.85
DO - 10.1109/DASC-PICom-DataCom-CyberSciTec.2016.85
M3 - Conference publication
AN - SCOPUS:84995495141
SN - 978-1-5090-4066-7
T3 - Proceedings - 2016 IEEE 14th International Conference on Dependable, Autonomic and Secure Computing, DASC
SP - 428
EP - 431
BT - Proceedings - 2016 IEEE 14th International Conference on Dependable, Autonomic and Secure Computing (DASC)
PB - IEEE
T2 - 14th IEEE International Conference on Dependable, Autonomic and Secure Computing, DASC 2016, 14th IEEE International Conference on Pervasive Intelligence and Computing, PICom 2016, 2nd IEEE International Conference on Big Data Intelligence and Computing, DataCom 2016 and 2016 IEEE Cyber Science and Technology Congress, CyberSciTech 2016, DASC-PICom-DataCom-CyberSciTech 2016
Y2 - 8 August 2016 through 10 August 2016
ER -