Abstract
Secure identification and authentication are essential processes for protecting access to services or applications. These processes are also crucial in new areas of application such as the cloud computing domain. Over the past years, several cloud identity management-models for managing identification and authentication in the cloud domain have emerged. In this paper, we survey existing cloud identity management-models and compare and evaluate them based on selected criteria, e.g., on practicability or privacy aspects.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
Different approaches exist; hence identity data can be either pushed to or pulled from the service provider.
- 2.
- 3.
- 4.
It is not necessary that the common identifier is shared. Different identifiers mapping to the same user are also possible [6].
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
- 13.
- 14.
A similar approach has been introduced by [27].
- 15.
A semi-trusted identity provider is an identity provider that works correctly but may be interested in inspecting private data. In other words, the identity provider acts honest but curious.
- 16.
By using proxy re-encryption a semi-trusted proxy can alter a ciphertext, which has been encrypted for person A, in such a way that it can be decrypted by person B. Thereby, the proxy gains no access to the plaintext of the data.
- 17.
For generating a re-encryption key, the organization requires its private key and the public key of the service provider.
- 18.
Secure Identity Across Borders Linked, https://www.eid-stork.eu/.
References
Bauer, M., Meints, M., Hansen, M.: D3.1: Structured Overview on Prototypes and Concepts of Identity Management System. FIDIS (2005)
Pearson, S., Benameur, A.: Privacy, security and trust issues arising from cloud computing. In: IEEE CloudCom 2010, pp. 693–702 (2010)
Zissis, D., Lekkas, D.: Addressing cloud computing security issues. Future Gener. Comput. Syst. 28, 583–592 (2012)
Sen, J.: Security and privacy issues in cloud computing. In: Martínez, A.R., Marin-Lopez, R., Pereniguez-Garcia, F. (eds.) Architectures and Protocols for Secure Information Technology Infrastructures, pp. 1–45. IGI Global (2013)
Bertino, E., Takahashi, K.: Identity Management: Concepts, Technologies, and Systems. Artech House, Boston (2011)
Cao, Y., Yang, L.: A survey of identity management technology. In: IEEE ICITIS 2010, pp. 287–293. IEEE (2010)
Dabrowski, M., Pacyna, P.: Generic and complete three-level identity management model. In: SECURWARE 2008, pp. 232–237. IEEE (2008)
Dbrowski, M., Pacyna, P.: Overview of Identity Management. Technical report (2008). www.chinacommunications.cn
Jøsang, A., Fabre, J., Hay, B., Dalziel, J., Pope, S.: Trust requirements in identity management. In: Proceedings of the 2005 Australasian Workshop on Grid Computing and e-Research, pp. 99–108 (2005)
Jøsang, A., Pope, S.: User centric identity management. In: AusCERT 2005 (2005)
Jøsang, A., Zomai, M.A., Suriadi, S.: Usability and privacy in identity management architectures. In: ACSW 2007, pp. 143–152 (2007)
Palfrey, J., Gasser, U.: CASE STUDY: Digital Identity Interoperability and eInnovation. Berkman Publication Series (2007)
Neuman, C., Yu, T., Hartman, S., Raeburn, K.: The Kerberos Network Authentication Service (V5). RFC 4120 (Proposed Standard) (2005)
Leitold, H., Hollosi, A., Posch, R.: Security architecture of the Austrian citizen card concept. In: ACSAC 2002, pp. 391–400 (2002)
Frommm, J., Hoepner, P.: The new German eID card. In: Fumy, W., Paeschke, M. (eds.) Handbook of eID Security, pp. 154–166. Publicis Publishing (2011)
Kaler, C., McIntosh, M.: Web Services Federation Language (WS-Federation) Version 1.2. OASIS Standard (2009)
Armbrust, M., Fox, A., Griffith, R., Joseph, A.D., Katz, R., Konwinski, A., Lee, G., Patterson, D., Rabkin, A., Stoica, I., Zaharia, M.: Above the Clouds: A Berkeley View of Cloud Computing Cloud Computing. Technical report, RAD Lab (2009)
Cloud Security Alliance: Security Guidance for Critical Areas of Focus in Cloud Computing V3.0. CSA (2011)
Cox, P.: How to Manage Identity in the Public Cloud. InformationWeek reports (2012)
Gopalakrishnan, A.: Cloud computing identity management. SETLabs Brief. 7, 45–55 (2009)
Goulding, J.T.: Identity and Access Management for the Cloud: CA’s strategy and vision. Technical Report May, CA Technologies (2010)
Zwattendorfer, B., Stranacher, K., Tauber, A.: Towards a federated identity as a service model. In: Egovis 2013, pp. 43–57 (2013)
Ates, M., Ravet, S., Ahmat, A.M., Fayolle, J.: An identity-centric internet: identity in the cloud, identity as a service and other delights. In: ARES 2011, pp. 555–560 (2011)
Huang, H.Y., Wang, B., Liu, X.X., Xu, J.M.: Identity federation broker for service cloud. In: ICSS 2010, pp. 115–120 (2010)
Nuñez, D., Agudo, I., Lopez, J.: Leveraging privacy in identity management as a service through proxy re-encryption. In: Zimmermann, W. (ed.) Proceedings of the PhD Symposium at the 2nd European Conference on Service-Oriented and Cloud Computing, pp. 42–47 (2013)
Nuñez, D., Agudo, I.: BlindIdM: a privacy-preserving approach for identity management as a service. Int. J. Inf. Secur. 13, 199–215 (2014)
Zwattendorfer, B., Slamanig, D.: On privacy-preserving ways to porting the austrian eID system to the public cloud. In: Janczewski, L.J., Wolfe, H.B., Shenoi, S. (eds.) SEC 2013. IFIP AICT, vol. 405, pp. 300–314. Springer, Heidelberg (2013)
Green, M., Ateniese, G.: Identity-based proxy re-encryption. In: Katz, J., Yung, M. (eds.) ACNS 2007. LNCS, vol. 4521, pp. 288–306. Springer, Heidelberg (2007)
Ateniese, G., Fu, K., Green, M., Hohenberger, S.: Improved proxy re-encryption schemes with applications to secure distributed storage. ACM Trans. Inf. Syst. Secur. 9, 1–30 (2006)
Nuñez, D., Agudo, I., Lopez, J.: Integrating OpenID with proxy re-encryption to enhance privacy in cloud-based identity services. In: IEEE CloudCom 2012, pp. 241–248 (2012)
Zwattendorfer, B.: Towards a Privacy-Preserving Federated Identity as a Service Model. PhD Thesis, Graz University of Technology (2014)
Zwattendorfer, B., Slamanig, D.: Privacy-preserving realization of the STORK framework in the public cloud. In: SECRYPT 2013, pp. 419–426 (2013)
Birrell, E., Schneider, F.: Federated identity management systems: a privacy-based characterization. IEEE Secur. Priv. 11, 36–48 (2013)
Linn, J., Boeyen, S., Ellison, G., Karhuluoma, N., Macgregor, W., Madsen, P., Sengodan, S., Shinkar, S., Thompson, P.: Trust Models Guidelines. Technical report, OASIS (2004)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Zwattendorfer, B., Zefferer, T., Stranacher, K. (2015). A Comparative Survey of Cloud Identity Management-Models. In: Monfort, V., Krempels, KH. (eds) Web Information Systems and Technologies. WEBIST 2014. Lecture Notes in Business Information Processing, vol 226. Springer, Cham. https://doi.org/10.1007/978-3-319-27030-2_9
Download citation
DOI: https://doi.org/10.1007/978-3-319-27030-2_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-27029-6
Online ISBN: 978-3-319-27030-2
eBook Packages: Computer ScienceComputer Science (R0)