Identity as a service is predominantly provided by third-party service providers. It may include all the processes, such as identification, authentication, authorization, and accountability, or some of them. Similarly, such services may include activities such as enrollment, provisioning, and deprovisioning.
Some of the identity services that may be offered by third-party service providers include the following:
- Single Sign-on services: When a user needs to access many different resources that have similar authentication requirements and varying authorization polices, then Single Sign-On (SSO) services provide seamless access to such additional resources, without the user needing to provide credentials at each of the resource access. For example, assume that a user is first authenticated in a website called
abc.com, and then he traverses to another website calledxyz.com. Sincexyz.comalso requires user authentication, the site may ask for user credentials again. With SSO, it is possible to trust the earlier authentication atabc.comand check only authorization policies to allow the user to accessxyz.comresources without asking for the credentials again. - Federated identity provider services: A federation is based on standards and works on the identity layer. In a federation, there are two entities. One is called (Asserting Party (AP) or Identity Provider (IdP). The other one is Relying Party (RP) or Service Provider (SP). A user tries to access service-provider website resources, then the service provider requests the identity provider to assert about the identity of the user. The identity provider authenticates the user and asserts about the identity to the service provider. A federation provides a centralized identity service for many consuming service provider websites.
- Password management services: Password management services provide a centralized password vault for safe storage and credential transmission facilities for users.
- User provisioning services: Provisioning of user identity is required for access. User-provisioning services provide automatic or dynamic provisioning capabilities of user accounts to different systems, based on the access requirements.
- Access certification services: Third-party access certification services provide digital identity information, such as digital certificates during electronic transactions.
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.