Authorization for a Multi-Cloud System

This is a project design I am currently working on to consume SPIFFE(Secure Production Identity Framework For Everyone) bootstrapped trust and identification to provide authorization in a dynamically scaling, heterogeneous system, inspired by Mr. Prabath Siriwardena from WSO2 and under the supervision of Prof. Gihan Dias from University of Moratuwa. An enterprise system running across multiple clouds, as in the hybrid cloud, is an obvious example that will be benefitted from this. The objective is to open doors for the SPIFFE standard based systems to co-exist with rest of the systems with minimal effort, without compromising on security aspects while having an authorization solution based on SPIFFE.
What is SPIFFE? In brief, it is a trust bootstrapping and identification framework, submitted as a standard and accepted by CNCF(Cloud Native Computing Foundation)[1]. As of now, this standard has two main implementations as SPIRE and Istio[2], a platform that supports service mesh archit…

Why Identity Mediation? And a Language ?

As identified and predicted by several prominent analyst firms(Forrester, Gartner) , acquiring and merging has been the frequent mechanism for enterprises to expand in the recent past and the years to come. With this expansion there is a rising need for enterprises to handle the enterprise across identity and access management procedures in a secured way that is fast enough to have the competitive advantage of the merged or acquired assets. With different enterprises having variety of standards and protocols in use for identity and access management, catering for this requirement is absolutely challenging given the time factor. A similar situation has been addressed by Enterprise Service Bus(ESB) concept few years back, when the requirements raised to mediate between different transport protocols and data formats when communication is required between disparate enterprise systems that are legacy and modern.

We are trying to apply the same concepts around ESB in the arena of identity and access management to provide the basement for an Enterprise Identity Bus(EIB). While the idea of EIB has been discussed frequently in panels with the participation of industry giants and the concept has existed a while, there are limited implementations and research done around the subject. Hence in order to design an elegant solution, we have to go deep down to root levels of mediation language implementations and possible approaches for the mediation engine implementation.

Observing how the identity protocols have been evolving, reaching the glory stages and then getting dead in few years time, the mediation engine needs to be very flexible in its configuration and extensibility where a Domain Specific Language(DSL) is to be defined to cater for. This decision is considered looking at the pros and cons of it and usage of mediation languages in ESBs.

This blog is to provide a platform to discuss and share important findings, thoughts towards the implementation of IML(Identity Mediation Language) and IME(Identity Mediation Engine) together with an approach towards providing a robust solution for the requirement under consideration.


Post a Comment

Popular posts from this blog

Signing SOAP Messages - Generation of Enveloped XML Signatures

How to send an HTML email in Java (Using Google SMTP Server)

How to convert WSDL to Java