A Multi - Identity Identity Authentication Service Model In PaaS Environment

In cloud computing era, everyone holds many accounts, such as QQ, Taobao, Sina, Google, etc. Account maintenance cost and safety have become a big problem.With the growth of applications services, especially web applications, this phenomenon is more serious. To solve this problem, the single sign-on solutions, IPMaaS, federated identity technology came into being. OpenID is representative of a series of federated identity. The federated identity support people using the same user ID on the network to access a number of application service provided by different service providers. It has brought great convenience to the end user. For web-based application services, be compatible with a variety of federated identity access can significantly increase their visitor volume, but at the same time they have to pay the cost of updating their authentication system. There are many different federated accounts, this means that the application services need to repeatedly modify its authentication system to be compatible with each identity. In this situation the authentication service is coming.As a model of cloud computing, PaaS provider maintain the platform for developers. Many characteristics of PaaS environment make it particularly suitable for additional authentication service which PaaS provider provide to its tenants based on PaaS service. Its advantages include convenience to deliver authentication services; App trusting PaaS provider adds no additional risk; the PaaS platform is able to use the public key directories to distribute public keys, and so on.Based on the considerations above, this article presents a model that the PaaS platform provide authentication services to its tenants application, so that the tenants application can be compatible with a variety of federated identity account access. The model also has a variety of advantages, including fitting the dynamic nature of the cloud relations, scalability for more identity, minimizing user registration; learned from Kerberos protocol to achieve single sign-on and modified to make it more suitable for PaaS environment; The introduction of public key mechanism solve the Kerberos protocol defect that TGS manages all application keys resulting in high-risk issues. Finally, the paper evaluates the model by functionality and safety proving that the model is a viable idea to solve the problem of authentication in a PaaS environment.