Cloud Identity Crisis and the Identity Broker
Join the DZone community and get the full member experience.Join For Free
What is identity?
"Set of information (attributes) by which an individual is definitively distinguished within a context, such as an application."
- Physiological attributes
- Biographical information
- Issued credentials
- “Secret” information (e.g. history)
A nice analogy. Superman's identity attributes:
- Height: 192cm
- Weight: 106kg
- Skin Color: White
- Eye Color: Blue
- Hair Color: Black
- Place of Birth: Krypton
- Citizenship: Kryptonian, American
- Base: Metropolis, Fortress of Solitude
- Occupation: Journalist, Super Hero
- Employer: Daily Planet, Self-employed
Superman is also Clark Kent, employee of Daily Planet, adoptive son of Martha and Jonathan Kent. Superman is at the same time Kal El, citizen of Krypton and son of Jor El.
As seen, identity is complex, even for Superman. Everyone of us has multiple identities, one at home, another one at work, and different virtual personas. Especially Superman. For each user, we have multiple identities in different systems.
What does this mean for Superman?
Complexity: One user, many identities. Superman is Clark Kent, with different virtual identities for his differents personas and contexts. He might use firstname.lastname@example.org for Facebook, clark.kent at Daily Planet, superboy1977 for GMail (since he create the account in highschool and superman was already taken) and email@example.com to access the systems of his kryptonian star ship.
If a user has more than one identity then they will deal with that complexity by having easy to remember credentials which makes them a weak link for hackers.
What about the enterprise?
Fragmentation: Many apps, many systems. Furthermore, these systems he might access are located both on-premise and in the cloud (hybrid scenarios), each with its own identity management.
If applications have separate identity systems then it becomes a manual job to maintain the integrity of the identities on that system for events such as staff changes
Complexity & Fragmentation lead to Entropy: A fragmented identity system leads to fragmented accountability, allowing suspect users to identify using unapproved applications.
Why Cloud Identity Brokerage?
That's where a Cloud Service Broker (CSB) can help. Such a broker is at its core a Cloud Marketplace, an Exchange for the enterprise that integrates, manages and bills cloud services, essential to the transformation of traditional IT into IT as a Service and pivotal in moving forward new trends like Bring Your Own App (BYOA) by integrating social login.
A CSB is, by its very own nature, also an Identity Broker since it needs to provide basic Identity & Access Management service (SSO & Identity Provisioning). Identity Brokers and cloud identity hubs that offer Identity-as-a-Service (IDaaS) - life-cycle management of users across external cloud services - and behave like Virtual Directories that intermediate between enterprise identities and external cloud identities.
These brokers need to support at least two functions (Provisioning & SSO), for multiple contexts (work, home) in two directions: Inbound - from enterprise to CSB and Outbound - from CSB to Cloud Service Provider (CSP).
By relying on open standards, ecosystem in which emerging technique like JWT, UMA, OpenID Connect 1.0, OAuth 2.0, SCIM have an edge due to their agility, cloud friendliness and robustness.
How does this help Superman?
The Identity Broker can help even Superman to manage all his online identities under a single umbrella, with a unique global id, creating identity unions and allowing easy access to any and all potential services.
What does it all mean?
- Cloud Identity is Hybrid. We live in a (virtual) world where software systems are mingled across heterogeneous infrastructures, located both on premise and in the cloud, with heterogeneous identity management systems.
- BYOA permeates the Enterprise. Personal applications (like Dropbox, Evernote) are used more and more in the enterprise, more often than not without IT supervision. Decisions are made by Line of Business (LoB) and governance is lacking.
- Open Standards Matter. Without standards that are open and widely adopted, interoperability between systems becomes an even more tangled mess. Standards adoption is mostly driven by internet scale applications with enterprise IT just catching up.
- Identity is the new Control Plane.
Published at DZone with permission of Vlad Mihnea. See the original article here.
Opinions expressed by DZone contributors are their own.