From: Cloud identity management security issues & solutions: a taxonomy
Type | Cloud IDMSs | Salient features |
---|---|---|
Deployment Based Cloud IDMS | ||
 | A Strong User Authentication Framework for Cloud Computing (Choudhury et al. [2011]) | - Conforms to isolated IDMS properties |
 |  | - Offers security and privacy of user by restricting illegal access |
 |  | - Mutual authentication (Challenge Response & OTP scheme) |
 |  | - Secure session key generation and distribution |
 |  | - Multi-factor authentication (Password and smart-card). |
Isolated IDMS | Protection of Identity Information in Cloud Computing without Trusted third party (Ranchal et al. [2010]) | - Isolated IDMS, since it does not rely on any trusted third-party |
 |  | - Protects PII against unauthorized disclosure |
 |  | - Computes assertions over encrypted data |
 |  | - Active bundle scheme for un-trusted hosts |
 |  | - Encrypted storage of identity data |
 | An Identity-Centric Internet: Identity in the Cloud, IDaaS and other delights (Ates et al. [2011]) | - Realization of centralized Cloud IDMS |
 |  | - Defines the concept of Identity in Cloud Agents (IC-Agents) |
 |  | - IC-Agents as an identity proxy perform identity propagation transactions |
 |  | - Explains the IDaaS module in the context of Personal Data-as-a-Service |
 |  | - Authentication and Authorization as-a-Service module |
Centralized IDMS | Distributed Identity for Secure Service Interaction (Chowdhury and Noll [2007]) | - Presents a role based IDMS architecture |
 |  | - Categorizes digital identity as Personal, Corporate and Social identity |
 |  | - Restricted disclosure of identity credentials to the CSPs |
 |  | - Centralized IdP is responsible for the sharing and distribution of user’s identity credentials |
 | Security and Cloud Computing: ICIMI (Celesti et al. [2010]) | - Inter-Cloud Identity Management Infrastructure (ICIMI) is a federated IDMS |
 |  | - Allows for the expansion of virtualization infrastructure |
 |  | - Establishment of trust among CSPs - Offers standardized, scalable & dynamic authentication |
 | Strengthen Cloud Computing Security with FIM Using HIBC (Yan et al. [2009]) | - Allocates unique identities in hierarchal fashion |
 |  | - Mutual authentication for Hybrid Cloud environment - Handles the establishment of secret session keys |
Federated IDMS | Chord Based Identity Management for e-Healthcare Cloud Applications (Kim et al. [2010]) | - SSO service for Cloud based e-Healthcare application - Uses Peer-to-Peer service model for load balancing |
 |  | - Distributes session information in the federated Cloud environment |
 |  | - Limits the number of authentication requests to central IdP |
 | Security APIs for My Private Cloud (Chadwick and Casenove [2011]) | - Federated access rights to Cloud resources |
 |  | - Proposes Authz API for maintaining the identity database and defining the access control mappings |
 |  | - Authn API for authenticating the Cloud users |
 |  | - Delegation API to delegate access rights to anyone at any time |
 | An Identity-Based OTP Scheme with Anonymous Authentication (Luo et al. [2009]) | - Identity based One-time Password (OTP) authentication scheme |
 |  | - Operates on smart card based bilinear pairings |
 |  | - Generates a temporary identity to protect user’s actual identity |
 |  | - Describes Process Setup and User Registration module |
 |  | - Guarantees user’s anonymity and privacy throughout the communication process |
Anonymous IDMS | UIMM Based on Anonymous Credentials (Zhang and Chen [2010]) | - Universal Identity Management Model (UIMM) that operates on anonymous credentials |
 |  | - Allows for access right delegation |
 |  | - Ensures user’s privacy preservation via unlikable self-generated pseudonyms |
 |  | - Extend WS-Federation to implement Identity Meta-system model. |
 | An Entity-centric Approach for Privacy and Identity Management in Cloud Computing (Angin et al.[2010]) | - Entity-centric architecture for Identity Management in |
 |  | - Implements Active Bundles (AB) scheme to ensures user’s anonymity |
 |  | - AB encapsulates Personal Identity Information (PII), Privacy preserving rules and VM (Virtual Machine) |
 |  | - Implements anonymous identification |
 | (Enhancing Privacy and Dynamic Federation in IdM for Consumer Cloud Computing (Sanchez et al.[2012]) | - Dynamic privacy-enhanced federated identity management solution that defines an enhanced privacy |
 |  | - Introduces a new reputation protocol and implements Enhanced Client Profile (ECP) |
 |  | - Presents Trust aware IDM architecture that mainly comprises of Identity Management (IdM) layer and Trust layer |
 |  | - IdM Layer facilitates user authentication, authorizations and profile management |
 |  | - Trust layer deals with the management, negotiation and distribution of trust related data to other layers. |
User-Centric IDMS | User-Controlled Automated Identity Delegation (Hoellrigl et al.[2010]) | - Implements Identity Delegate that applies user defined data disclosure policies and resolves the information consistency problem |
 |  | - Allows for the integration of multiple IdPs and SPs |
 |  | - Dissemination of identity credentials is kept under the control of the identity owner |