Authorization for a Multi-Cloud System

This is a project design I am currently working on to consume SPIFFE(Secure Production Identity Framework For Everyone) bootstrapped trust and identification to provide authorization in a dynamically scaling, heterogeneous system, inspired by Mr. Prabath Siriwardena from WSO2 and under the supervision of Prof. Gihan Dias from University of Moratuwa. An enterprise system running across multiple clouds, as in the hybrid cloud, is an obvious example that will be benefitted from this. The objective is to open doors for the SPIFFE standard based systems to co-exist with rest of the systems with minimal effort, without compromising on security aspects while having an authorization solution based on SPIFFE.
What is SPIFFE? In brief, it is a trust bootstrapping and identification framework, submitted as a standard and accepted by CNCF(Cloud Native Computing Foundation)[1]. As of now, this standard has two main implementations as SPIRE and Istio[2], a platform that supports service mesh archit…

Identity Mediation for PSD2

Partners, mergers, legal entities, government entities, customers all need to work together in this era, while honoring the boundaries they should work within. This is with link to my previous post on challenges of future IAM requirements arising with increased interchangeability requirements between diversified parties.
  1. Challenges of Future IAM (concerned with Mergers , Acquisitions, Startups) -
  2. Future of Identity and Access Management (IAM)-
This need is much more emphasized with the new regulations such as PSD2 in EU region that is putting foundation for Open Banking. While these standards define guidance for implementation interfaces, 
  • End user authentication and authorization
  • Third party authentication and authorization
  • Identity mgt of internal staff,
 has hidden needs of identity mediation. Federated authentication is going to be a key feature requirement in Open banking for any institution that is looking for a long term journey in the arena as a giant.

With the Strong Customer Authentication requirements, it also highlights the need of an 'ESB like' power in an identity mediation solution. Without being limited to identity mediation between different protocols, a comprehensive solution needs to be flexible and powerful enough to easily define the sequences the authentication and authorization flow should follow. 

How about having an 'ESB like' Identity Mediation Engine that is based on event driven architecture, written in functional programming paradigm and can be dynamically configured in JavaScript? I have seen Identity Mediation Solutions written in OOP paradigm and configured via XML or a UI, then solutions that are written in OOP paradigm, but sequence can be handled via Java Script syntax.what's next?


Post a Comment

Popular posts from this blog

Signing SOAP Messages - Generation of Enveloped XML Signatures

How to send an HTML email in Java (Using Google SMTP Server)

How to convert WSDL to Java