Close

Identity management with multiple cloud providers

With multiple cloud providers, possibly including private clouds and internal IT, how do you make this manageable for the user?

How can you create a single user name that can be used across all these services? Ideally, the user needs to login only once. This is often called ‘Single sign on’ or SSO.

The big picture answer is OpenID. Cloud services and applications should be separated from the management of identities such as user names. A cloud service needs to be a so-called ‘Relying Party’ that relies on an ‘Identity Provider’ for checking the users credentials. The standard for this is OpenID. It is a little like Active Directory from Microsoft, except that OpenID works through web services, and allows multiple Identity Providers to co-exist easily.

One of the nice features is that the application does not have to know the password for the user.

You can see it in action on http://www.livejournal.com/identity/login.bml?type=openid for example.

I am in the process of adding this as a feature to this site, because I do not want to force my subscribers into another account.

Try it out for yourself, and let me know what your experiences are.

From the perspective of the application owner, one of the risks is that the Identity Provider will go out of business. There are a number of mitigation strategies for that, but that might be the topic of another post.

Leave a Reply