90 likes | 174 Views
A Survey of Risk: Federated ID Management in Cloud and Grid Computing. Presentation b y Andy Wood (P11250192). Introduction. Cloud (and Grid) computing are the new platforms today. Working with business partners is more common place in todays connected world.
E N D
A Survey of Risk:Federated ID Management in Cloud and Grid Computing Presentation by Andy Wood (P11250192)
Introduction • Cloud (and Grid) computing are the new platforms today. • Working with business partners is more common place in todays connected world. • Managing user accounts across disparate systems is becoming more difficult and costly.
Federated ID Management • Federated ID Management (FIdM) allows for simplified user management across security domains. • Based on a user authenticating to own DS and their ID used to authenticate to remote services through trust relationships. • FIdM is based on not just technology. • Many ways to implement • User centric • Business centric
Critical Review - Resources • Keywords: • (FIdM or Federated) and Cloud and Risk. • Resource Databases: • IEEE Xplore; ACM DL; SCOPUS; CiteSeerX and Google Scholar. • Resources: • 673 initial resources. • Reduced to final 18. • 5 Further papers added
Critical Review - Criteria • Criteria: • Primary / Secondary source • Difficulty to implement • Risk type: Security; Liability; Trust; Assurance or Interoperability • Scalability • Protocols • Citation
Critical Review - Findings • Most papers describe similar technologies: • SAML being key protocol for ID transfer • XACML bring key protocol for access control • Key risks: • Trust (with 3rd party); • Interoperability; and • Message security. • Scalability of solutions were good • Difficulty varied and subjective • Olden (2011) describes a typical enterprise benefit with example saving of $4.5m per year.
Critical Review – Risks • Liability • Ensuring lines of responsibility • Assurance • Processes and procedures being followed: • staff vetting; • joiners/movers/leavers etc. • Trust • Fundamental, but difficult to implement • Security • ID theft • Greater exposure than via separate authentication to systems • Message security through exchange of ID information • Interoperability • Some standard based mechanisms such as SAML • Others describe extended or bespoke mechanisms • Potential for large federations to include multiple mechanisms • Higher risk profile • Higher cost for implementation and support
Conclusion • Resources were harmonious in design and risk • Immature area of technology • Still room for improvement • FIdM is more than just technology • Lack of described foundation prior to tech • FIdM is a business enabler • Balance of risk v business enablement • Risk profile has to be aligned to each business