Third Party Identity Providers

  • Article

Third-party digital identity providers offer Internet users the ability to consolidate the number of digital identities that they use to access Web sites. Web sites, particularly consumer-oriented sites, use the identity provided by the user to authorize them against the service to which the user logs on.

For example, if a retail Web site uses Facebook accounts, when the user registers on the retailer’s Web site, the application will ask the user for the user’s Facebook account credentials. It then connects to the Facebook servers to authenticate the user and perform authorization themselves. Enterprises can use third-party identity providers with a claims-based identity system by establishing a trust relationship between the identity provider and the service or application hosted in the Public Cloud or on their Private Cloud.

Though this model can work well for consumer Web sites (ecommerce) and small organizations, most enterprises already have an account repository in place and creating a second repository is not only redundant, but inefficient. Each digital identity provider represents a separate security domain and if you were to choose this course, it would require implementing access control across not only the internal network. However, external identity providers also represent separate security domains, and the same considerations will need to be applied when implementing access control to services intended for these identities to access.

ARCHITECTURAL DESIGN EXAMPLE:
Bill Malone investigated third-party identity providers but dismissed this option for the following reasons:

Note:
This document is part of a collection of documents that comprise the Reference Architecture for Private Cloud document set. The Reference Architecture for Private Cloud documentation is a community collaboration project. Please feel free to edit this document to improve its quality. If you would like to be recognized for your work on improving this article, please include your name and any contact information you wish to share at the bottom of this page.

REFERENCES:
**

ACKNOWLEDGEMENTS LIST:
**If you edit this page and would like acknowledgement of your participation in the v1 version of this document set, please include your name below:
[Enter your name here and include any contact information you would like to share]

Return to Previous Page

Return to Cloud Computing Security Architecture

Return to Reference Architecture for Private Cloud