一個應用於雲端運算的聯邦式身份確保與存取管理系統

現今的雲端運算(cloud computing)技術，除了提供隨著需求應變的整合機制之外，對於基礎架構(infrastructure)、平台資源(platform)、還有應用程式，也提供了服務化的機制。在這些程式進行服務化的過程，有許多的議題也正被討論著: •如何降低IT成本和複雜性，同時減少了需求應變的時間? •如何執行公司的安全政策和遵守法規原則，同時能兼顧開放式的存取服務？ •如何改善客戶使用經驗，並提供安全的資訊存取和服務存取? 此外，雲端運算上的安全考量更是一個很重要的議題。在採用雲端服務時，組織單位之間的信任關係也隨之變成是變動的，如此，這容易造成資訊部門難以掌控的情況。本篇論文著重在，雲端運算環境下，進行身份與存取管理(Identity and Access Management- IAM)程序之時，所面臨的技術問題，包括: 1. 在雲端運算架構下的身份帳號開通管理 (Identity Provisioning Management) 2. 在雲端運算架構下的身份認證與授權管理(Authentication and Authorization Management) 3. 在雲端運算架構下的聯邦式身份管理(Federated Identity Management) 4. 在雲端運算架構下的確保管理(Assurance Management) 本架構所提之架構，已使組織單位可以透過所指定的帳號提供者(IdP)來認證想要使用雲端服務的使用者。我們業已完成一個應用於雲端運算的聯邦式身份確保與存取管理系統，我們希望透過此系統提供雲端環境中，身份與存取管理系統上的一個參考模型。

關鍵字

雲端運算；聯邦式身份管理；確保管理；身份與存取管理

並列摘要

Cloud computing is a style of computing in which dynamically scalable and often virtualized resources are provided as a service over the Internet.However, cloud computing services are still in a developmental stage; cloud computing best practices are evolving, and security is still a major concern. Furthermore, the traditional Identity and Access Management (IAM) approach cannot fit into a cloud computing platform, because the enterprise does not control the cloud service provider’s IAM practices and has even less influence over strict security practices. The system provides a solution for a Federated Identity Assurance and Access Management System in the Identity and Access Management (IAM) process for a cloud computing environment. The Federated Identity Manager described in this paper is implemented. It supports cross domain single sign-on (CD SSO) and interchanges access control information with partners, reflecting trust relationships. Four subsystems have been successfully implemented in the proposed Management System: Identity Provisioning Module, Authentication and Authorization Management Module, Federated Identity Management Module, and Assurance Management Module. The results of this research can offer better security service management framework for large scale of cloud security services.

並列關鍵字

Cloud Computing ； Federated Identity Management ； Assurance Management ； Identity and Access Management (IAM)

參考文獻

[1] F.L. Gutierrez Vela, J.L. Isla Montes, P. Paderewski Rodriguez, M. Sanchez Roman and B. Jimenez Valverde, “An architecture for access control management in collaborative enterprise systems based on organization models”, Science of Computer Programming, 66(1), 44-59, 2007

[2] Christian Emig, Frank Brandt, Sebastian Kreuzer, Sebastian Abeck, “Identity as a Service - Towards a Service-Oriented Identity Management Architecture” , Lecture notes in computer science, Vol. 4606, Springer,1-8, 2007.

[3] Emig, C., Schandua, H., and Abeck, S.,” SOA-Aware Authorization Control”, International Conference on Software Engineering Advances, Tahiti, French, Oct., 2006.

[4] Xu Wei, Wei Jun, Liu Yu, and Li Jing,” SOWAC: a service-oriented workflow access control model”, the 28th Annual International Computer Software and Applications Conference (COMPSAC 2004), Hong Kong , 28-30, Sept. , 2004.

[6] Peyton Liam, Hu Jun, Doshi Chintan, and Seguin Pierre,” Addressing Privacy in a Federated Identity Management Network for EHealth”, Eighth World Congress on the Management of eBusiness (WCMeB 2007), Toronto, Ontario, Canada , 12-13, July , 2007.

國際替代計量

一個應用於雲端運算的聯邦式身份確保與存取管理系統

全文下載

主題瀏覽