| As an emerging network applications model, cloud computing has a very good application and development prospects. However, cloud computing as a new business model whose research is still in initial stage, there are many issues to be solved, particularly its security issue. And identity authentication and access control management is exactly one of the main issues on cloud computing security. Many service providers have their own IAM systems. However, the cloud has its unique characteristics, traditional IAM systems are not adapt to the security needs of the cloud environment.This paper proposed an IAM system implementation strategy based on the role-based access control model and standard protocols. This strategy applied SAML, XACML, and SPML protocol. On the one hand, SAML protocol supports single sign-on, and defines the communication protocols between the components and transport mechanisms. XACML protocol provides a standard access control decision-making model. The combination of SAML and XACML protocols can form a complete access control solution. On the other hand, SAML achieves unified authentication between heterogeneous systems. SPML implements automation of user management lifecycle. The combination of SAML and SPML protocols can achieve automation of user identity provisioning between identity provider and service provider. This strategy not only can achieve automation of IAM configuration management of cloud environment, but also achieve unified management functions between multiple systems, and can be used as a reference for enterprises to build secure cloud services. |
PDF Full Text Request