With the adoption of cloud computing, a multitude of front-end mobile devices are emerging that require access to services in the cloud. Applications in the cloud are now commonly deployed as software as a service (SaaS). However, with the introduction of SaaS new security challenges need to be addressed. The challenge is to provide a single sign-on environment for services through an identity provider plus sufficient authorization granularity for backend services for the client applications to access. Through detailed discussion of the two standards (SAML 2.0 and OAuth 2.0) this paper presents a study how the two standards can provide a single sign-on solution for cloud computing. Furthermore, by outlining a case study/scenario of the two standards, the Federated Identity Access Broker Pattern for cloud computing is developed to present a solution for these security issues.
[1]
A. Goudard.
[A little bit of history].
,
1993,
Soins. Chirurgie.
[2]
P. Mell,et al.
The NIST Definition of Cloud Computing
,
2011
.
[3]
P. Deniker.
[A little bit of history].
,
2002,
L'Encephale.
[4]
Jim Webber.
REST in Practice
,
2010,
ECSA.
[5]
Peter Sommerlad,et al.
Security Patterns: Integrating Security and Systems Engineering
,
2006
.
[6]
Jong Hyuk Park,et al.
SSP-MCloud: A Study on Security Service Protocol for Smartphone Centric Mobile Cloud Computing
,
2011
.