Table 3 Key Features of Cloud IDMSs
From: Cloud identity management security issues & solutions: a taxonomy
Type | Cloud IDMSs | Salient features |
|---|---|---|
Deployment Based Cloud IDMS | ||
| Â | A Strong User Authentication Framework for Cloud Computing (Choudhury et al. [2011]) | - Conforms to isolated IDMS properties |
| Â | Â | - Offers security and privacy of user by restricting illegal access |
| Â | Â | - Mutual authentication (Challenge Response & OTP scheme) |
| Â | Â | - Secure session key generation and distribution |
| Â | Â | - Multi-factor authentication (Password and smart-card). |
Isolated IDMS | Protection of Identity Information in Cloud Computing without Trusted third party (Ranchal et al. [2010]) | - Isolated IDMS, since it does not rely on any trusted third-party |
| Â | Â | - Protects PII against unauthorized disclosure |
| Â | Â | - Computes assertions over encrypted data |
| Â | Â | - Active bundle scheme for un-trusted hosts |
| Â | Â | - Encrypted storage of identity data |
| Â | An Identity-Centric Internet: Identity in the Cloud, IDaaS and other delights (Ates et al. [2011]) | - Realization of centralized Cloud IDMS |
| Â | Â | - Defines the concept of Identity in Cloud Agents (IC-Agents) |
| Â | Â | - IC-Agents as an identity proxy perform identity propagation transactions |
| Â | Â | - Explains the IDaaS module in the context of Personal Data-as-a-Service |
| Â | Â | - Authentication and Authorization as-a-Service module |
Centralized IDMS | Distributed Identity for Secure Service Interaction (Chowdhury and Noll [2007]) | - Presents a role based IDMS architecture |
| Â | Â | - Categorizes digital identity as Personal, Corporate and Social identity |
| Â | Â | - Restricted disclosure of identity credentials to the CSPs |
|  |  | - Centralized IdP is responsible for the sharing and distribution of user’s identity credentials |
| Â | Security and Cloud Computing: ICIMI (Celesti et al. [2010]) | - Inter-Cloud Identity Management Infrastructure (ICIMI) is a federated IDMS |
| Â | Â | - Allows for the expansion of virtualization infrastructure |
| Â | Â | - Establishment of trust among CSPs - Offers standardized, scalable & dynamic authentication |
| Â | Strengthen Cloud Computing Security with FIM Using HIBC (Yan et al. [2009]) | - Allocates unique identities in hierarchal fashion |
| Â | Â | - Mutual authentication for Hybrid Cloud environment - Handles the establishment of secret session keys |
Federated IDMS | Chord Based Identity Management for e-Healthcare Cloud Applications (Kim et al. [2010]) | - SSO service for Cloud based e-Healthcare application - Uses Peer-to-Peer service model for load balancing |
| Â | Â | - Distributes session information in the federated Cloud environment |
| Â | Â | - Limits the number of authentication requests to central IdP |
| Â | Security APIs for My Private Cloud (Chadwick and Casenove [2011]) | - Federated access rights to Cloud resources |
| Â | Â | - Proposes Authz API for maintaining the identity database and defining the access control mappings |
| Â | Â | - Authn API for authenticating the Cloud users |
| Â | Â | - Delegation API to delegate access rights to anyone at any time |
| Â | An Identity-Based OTP Scheme with Anonymous Authentication (Luo et al. [2009]) | - Identity based One-time Password (OTP) authentication scheme |
| Â | Â | - Operates on smart card based bilinear pairings |
|  |  | - Generates a temporary identity to protect user’s actual identity |
| Â | Â | - Describes Process Setup and User Registration module |
|  |  | - Guarantees user’s anonymity and privacy throughout the communication process |
Anonymous IDMS | UIMM Based on Anonymous Credentials (Zhang and Chen [2010]) | - Universal Identity Management Model (UIMM) that operates on anonymous credentials |
| Â | Â | - Allows for access right delegation |
|  |  | - Ensures user’s privacy preservation via unlikable self-generated pseudonyms |
| Â | Â | - Extend WS-Federation to implement Identity Meta-system model. |
| Â | An Entity-centric Approach for Privacy and Identity Management in Cloud Computing (Angin et al.[2010]) | - Entity-centric architecture for Identity Management in |
|  |  | - Implements Active Bundles (AB) scheme to ensures user’s anonymity |
| Â | Â | - AB encapsulates Personal Identity Information (PII), Privacy preserving rules and VM (Virtual Machine) |
| Â | Â | - Implements anonymous identification |
| Â | (Enhancing Privacy and Dynamic Federation in IdM for Consumer Cloud Computing (Sanchez et al.[2012]) | - Dynamic privacy-enhanced federated identity management solution that defines an enhanced privacy |
| Â | Â | - Introduces a new reputation protocol and implements Enhanced Client Profile (ECP) |
| Â | Â | - Presents Trust aware IDM architecture that mainly comprises of Identity Management (IdM) layer and Trust layer |
| Â | Â | - IdM Layer facilitates user authentication, authorizations and profile management |
| Â | Â | - Trust layer deals with the management, negotiation and distribution of trust related data to other layers. |
User-Centric IDMS | User-Controlled Automated Identity Delegation (Hoellrigl et al.[2010]) | - Implements Identity Delegate that applies user defined data disclosure policies and resolves the information consistency problem |
| Â | Â | - Allows for the integration of multiple IdPs and SPs |
| Â | Â | - Dissemination of identity credentials is kept under the control of the identity owner |