10.6. Single Sign-On (SSO)


10.6. Single Sign-On (SSO)
Propagating the authentication and authorization information for a cloud service consumer across multiple cloud services can be a challenge, especially if numerous cloud services or cloud-based IT resources need to be invoked as part of the same overall runtime activity.
The single sign-on (SSO) mechanism enables one cloud service consumer to be authenticated by a security broker, which establishes a security context that is persisted while the cloud service consumer accesses other cloud services or cloud-based IT resources. Otherwise, the cloud service consumer would need to re-authenticate itself with every subsequent request.
The SSO mechanism essentially enables mutually independent cloud services and IT resources to generate and circulate runtime authentication and authorization credentials.

The credentials initially provided by the cloud service consumer remain valid for the duration of a session, while its security context information is shared (Figure 10.9).

The SSO mechanism’s security broker is especially useful when a cloud service consumer needs to access cloud services residing on different clouds (Figure 10.10).


Figure 10.9. A cloud service consumer provides the security broker with login credentials (1).
The security broker responds with an authentication token (message with small lock symbol) upon successful authentication, which contains cloud service consumer identity information (2)
that is used to automatically authenticate the cloud service consumer acoss Cloud Services A, B, and C (3).


Figure 10.10. The credentials received by the security broker are propagated to ready-made environments across two different clouds.
The security broker is responsible for selecting the appropriate security procedure with which to contact each cloud.


Cloud computing concept Book Link
CLOUDCOMPUTING THEORY PLAYLIST
CLOUD COMPUTING PRACTICAL PLAYLIST
Subscribe the Channel Link
IF any #Query or #Doubt #DM on #Instagram :- #bansode_ajay_2102
#bansode_tech_solution

Comments

Post a Comment

Popular posts from this blog

Load Data From Excel To Grid View in Asp.net C#

Image
Load Data From Excel To Grid View in Asp.net C# This is very easy to load data from excel sheet to grid view in asp.net web page using c#. In this tutorial you can learn how to Load excel sheet data to Grid View easily using asp.net C# code. This tutorial also covers how to get data from any excel file to Grid View dynamically in c# using file Upload control. Follow this steps 1. Create an asp.net project. 2. design asp.net page with file Upload, button control and a Grid View control. 3. create an excel connection string in the web config file. 4. Write code to load data from excel sheet to Grid View asp.net using C#. code:- using System; using System.Collections.Generic; using System.Linq; using System.Web; using System.Web.UI; using System.Web.UI.WebControls; using System.IO; using System.Collections; using System.Configuration; using System.Data.OleDb; using System.Data; public partial class _Default : System.Web.UI.Page {     protected void Page_Load(object se
Read more

Code Analysis | IDE0054 In C# Application

Image
Code Analysis | IDE0054 In C# Application #codeanalysis #code #analysis #IDE0054 #compound #assignment #description:- Code Analysis:- IDE0054 Use compound assignment // dotnet_style_prefer_compound_assignment = true x += 5; // dotnet_style_prefer_compound_assignment = false x = x + 5; Reference:-    
Read more

10.5. Identity and Access Management (IAM) in Cloud Computing

Image
10.5. Identity and Access Management (IAM) The identity and access management (IAM) mechanism encompasses the components and policies necessary to control and track user identities and access privileges for IT resources, environments, and systems. Specifically, IAM mechanisms exist as systems comprised of four main components: • Authentication – Username and password combinations remain the most common forms of user authentication credentials managed by the IAM system, which also can support digital signatures, digital certificates, biometric hardware (fingerprint readers), specialized software (such as voice analysis programs), and locking user accounts to registered IP or MAC addresses. • Authorization – The authorization component defines the correct granularity for access controls and oversees the relationships between identities, access control rights, and IT resource availability. • User Management – Related to the administrative capabilities of the system, the user manag
Read more