Cloud-based IAM is, to be honest, in most cases limited to Cloud-based authentication, which means to use the authentication of a customer or partner organization. A consequence thereof is that the authorization management architecture must be changed, since one can no longer assume that users will be present in the systems of the service provider (or in a specific identity provider) to manage authorizations upfront, e.g. by using role models or other (relatively) static information.
Especially in the last years, the externalization of identities from the applications - a healthy but also necessary step - has led to assembling all sorts of attributes of the user, encoding in some way or the other the authorizations/roles that this person has in the different to-be-used target systems, at the Identity Provider. But this approach, though widespread, has a number of disadvantages, especially in cross-organizational scenarios unless the challenge of dealing with distributed sources for authorization information at run-time has been solved.
This presentation describes an architectural approach to use claims-based authorization assertions for web-based applications in conjunction with SAML authentication delegated to an Identity Provider, where the authorization information is neither stored with the application, nor with the Identity Provider.
These days, web application owners benefit from the fact that the world has moved online. People worldwide send out e-mails from their e-mail account(s), keep in contact with friends through social network accounts, perform payments with their online banking account and buy products online…. Because of the success of online services, they are becoming attractive targets to hackers. Today, most accounts are secured with static passwords, but considering the information people store online, static passwords are not enough anymore. Customers demand higher security. It is evident that when those static passwords are intercepted, consequences could be disastrous. The question now is how to keep the valuable information contained within these applications safe from virtual villains? How to create a safe online environment without compromising on user-convenience? Strong cloud-based authentication would be a perfect solution. But will this work? How about managing it? How about relying on hardware technology which has been widely deployed but seldom used? How about the initial verification?
The panelists will discuss the state of secure customer identities that work well for both customers and enterprises.