Federated Authentication Using the Cloud |
Authentication is a key security control for any computing system, whether that is a PC, server, laptop, tablet or mobile phone. However, authentication is traditionally poorly served, with existing implementations falling foul of a variety of weaknesses. Passwords are poorly selected, reused and shared (to name but a few). Tokens have higher cost and their usability is an issue when the user is required to carry multiple tokens for accessing a variety of services. Research has suggested novel approaches to authentication such as transparent authentication and cooperative and distributed authentication. However, these technologies merely focus upon individual platforms rather than providing a universal and federated authentication approach that can be used across technologies and services. The advent of cloud computing, its universal connectivity, scalability and flexibility, offers a new opportunity of achieving usable and convenient authentication seamlessly in a technology and service independent fashion. The approach introduces a state-of-the-art cloud centralised verification of user authenticity. However, relying upon such an environment also introduces a range of technology, privacy and trust-related issues that must be overcome.
Al Abdulwahid A