SSO, Identity Flow, Authorization In Cloud Applications and Services – Challenges and Solution Approaches

Regardless of the physical deployment the high level schema of canonical cloud application can be described as follows.

 SSO, Identity Flow, Authorization Challenges and Approaches

Key characteristics

  • End user can have existing identities managed by industry strength identity providers such as Windows Live ID, Google, Yahoo!, Facebook, or enterprise Active Directory.
  • End user interacts with the system that requires authentication and authorization via Web Browser, or…
  • End user interacts with the system that requires authentication and authorization  via Rich Client running either on desktop, smartphone, or inside browser (Silverlight, JavaScript, etc)
  • Web Application might interact with downstream web services that require authentication and authorization.

Following are the security related challenges and solution approaches when designing your system that fits the key characteristics above.

Challenge

Approach

  • How to externalize authentication for web applications?
  • How to externalize authentication for web services?
  • How to use Internet credentials with different applications?
  • How to use enterprise credentials with different applications?
  • How to flow security context through physical tiers?
  • How to transform user identity for further fine grained claims based authorization?
  • How to interoperate with others?
  • How to secure communications?
  • How to automate management?

What other questions left unasked and unanswered? Share in comments section below, please.