Assessment Criteria for Cloud Identity ManagementSystems

Umme Habiba, Abdul Ghafoor Abassi, Rahat Masood and Muhammad Awais ShibliNational University of Science and Technology

School of Electrical Engineering and Computer Science

Islamabad, Pakistan

Email: {11msccsuhabiba, abdul.ghafoor, 10msccsmmasood, awais.shibli }@seecs.edu.pk

Abstract—Cloud computing offers many benefits to the ITindustry by making available the services and resources that helpsthem to proliferate or decrease their organizational resourcesautomatically on demand. On the other hand, organizations arestill uncertain about the security and privacy of their sensitiveinformation (for instance the identity credentials) in the multi-tenant environment of the Cloud. Many security systems havebeen devised for the protection of resources in Cloud environ-ments. Identity Management Systems, in this regard, play a vitalrole in ensuring effective user authentication, provisioning, de-provisioning and access control decisions. Many Cloud IDMSshave been proposed until now claiming to offer flexibility, agilityand robustness. However, no comparative analysis of such Cloudbased IDMSs has been performed so far, as to the best of ourknowledge there exists no specific criteria against which one canevaluate an IDMS on Cloud. This paper proposes an assessmentcriterion for the evaluation of Cloud based IDMSs; comprisingof potential security features that are positively imminent forthe assessment of Cloud based IDMSs. Furthermore, analysisof Cloud IDMSs is presented based on the proposed assessmentcriteria. Potential research directions in the area of Cloud identitymanagement and security are also discussed.

Keywords—identity management; Cloud computing; assessmentcriteria; security

I. INTRODUCTION

Cloud computing has emerged as a comparatively new andinfluential paradigm for managing and delivering services it isconsidered to be an incremental evolution of grid computingthat itself is based on traditional distributed system’s concepts[1]. Besides all the benefits of Cloud computing, organizationsare facing significant security challenges while moving theirdata and applications towards Cloud. Cloud security challengesinclude data leakage, performance, risk management, securestorage data protection, and identity management [2]. Cloudbased IDMSs are different from the traditional IDMSs sincethey require the support for dynamic governance of typicalIDM functions such as, provisioning, de-provisioning, syn-chronization, entitlement, scalability and access control [3].Different IDMSs have been proposed in the past few years, butmost of them aim to ensure some specific functionality suchas authentication, authorization or access right delegation.

To the best of our knowledge, there exist no specific assess-ment criteria against which one can evaluate existing and newlydesigned Cloud identity management systems. Therefore, afterreviewing state-of-the-art literature on Cloud IDMSs, we haveidentified certain security features that can be stated as assess-ment criteria for every Cloud identity management system.

In order to highlight the similarities and differences amongthe various available Cloud IDMS implementations, we haveclassified Cloud IDMSs into Isolated, Centralized, Federatedand Anonymous IDMSs. Proposed assessment criterion is thenapplied to evaluate the Cloud IDMSs, with an objective tohighlight their strengths and weaknesses. Our analysis intendsto help the Cloud Service Consumers (CSC) and Cloud ServiceProviders (CSP) in selecting the best available solution.

The paper is further organized as follows: Section 2 brieflydiscusses the background covering IDMS’s history . Proposedassessment criterion for the evaluation of Cloud IDMSs isdiscussed in Section 3. Section 4 evaluates Cloud identitymanagement systems on the basis of the proposed assessmentcriteria, whereas, Section 5 provides some future researchdirections and conclusion derived out of this study.

II. BACKGROUND

Cloud IDMSs are used to represent and recognize the iden-tities in the digital world. Literature highlights different flavorsof identity management systems; however, no categorizationhas been discussed in any study. We have classified Cloudidentity management systems into four groups 1) IsolatedIDMS, 2) Centralized IDMS, 3) Federated IDMS and 4)Anonymous IDMS. A brief description of each of these systemsis provided below.

A. Isolated IDMS

Isolated Identity management is the common deploymentmodel used by the small or medium size organizations. In anisolated IDMS, single server acts as Service Provider (SP) aswell as the Identity Provider (IdP) and is responsible for thestorage of identity information and user operations [3],[4]. Acommon use-case is depicted in Fig. 1, prior to the serviceacquisition, users are required to perform authentication at theCSP1. Here, CSP1 redirects the user’s authentication requestto its own IdP for further processing. After successful authen-tication, an authentication response is generated and returnedto the corresponding user. This identity management systemdoes not rely on a Trusted Third Party (TTP) for the credentialissuance and verification. However, Isolated IDMS becomesunmanageable with the increase in services and resources sinceeach service needs to know the credentials of authorized users.

B. Centralized IDMS

Centralized identity management is slightly different fromthe isolated IDMS since, it separates the functions of SP and

2013 IEEE 19th Pacific Rim International Symposium on Dependable Computing

978-0-7695-5130-2/13 $26.00 © 2013 IEEE

DOI 10.1109/PRDC.2013.39

188

2013 IEEE 19th Pacific Rim International Symposium on Dependable Computing

978-0-7695-5130-2/13 $26.00 © 2013 IEEE

DOI 10.1109/PRDC.2013.39

188

2013 IEEE 19th Pacific Rim International Symposium on Dependable Computing

978-0-7695-5130-2/13 $26.00 © 2013 IEEE

DOI 10.1109/PRDC.2013.39

188

2013 IEEE 19th Pacific Rim International Symposium on Dependable Computing

978-0-7695-5130-2/13 $26.00 © 2013 IEEE

DOI 10.1109/PRDC.2013.39

188

2013 IEEE 19th Pacific Rim International Symposium on Dependable Computing

978-0-7695-5130-2/13 $31.00 © 2013 IEEE

DOI 10.1109/PRDC.2013.39

188

Fig. 1: Isolated IDMS

IdP. In a centralized IDMS, a single IdP (TTP) is responsiblefor the issuance, storage and management of identity data [3],[4]. As a first step, IdP collects all the identity informationfrom CSPs to manage centrally. Later, when a CSC sendsan authentication request, that request is redirected to theconcerned IdP that returns them an authentication response,as depicted in Fig. 2 . Typically, single CSC may avail theservices of different CSPs that may have a shared IdP trustedby both of the parties. An obvious drawback of the centralizedIDMS model is single point of failure.

Fig. 2: Centralized IDMS

C. Federated IDMS

Federated identity management system allows the sub-scribers from multiple organizations to use the same identitycredentials for acquiring access to all the networks withinany particular trusted group of enterprises [3], [4], [5]. Thesesystems have received significant attention from the IT industrybecause of its design agility that inherently allows crossdomain access to its users by eliminating the need of creatingadditional user accounts for external parties. Federated IDMSfollows the distributed storage architecture, where identityinformation is stored at multiple locations. The workflow ofuser request and service provider’s response is shown in Fig.3, where user attempts to perform authentication at CSP1prior to service acquisition. At the CSP’s end, that requesttriggers the identity push and identity pull methods that collectsand combines the user’s identity information stored acrossvarious service providers and IdPs. Each service providermay maintain its own independent identity database for themanagement of credentials; however that information is linkedvia user’s identity while performing user authentication orauthorization.

D. Anonymous IDMS

An identity management system that offers anonymity as afeature is termed as an anonymous identity management sys-tem. In an Anonymous identity management system, identityinformation is capable of keeping its entity (owner) secret fromeverybody else [6], [7]. More specifically it means ”no name”.

Fig. 3: Federated IDMS

Anonymous identity should be strong enough to make it hard,if not impractical, to remain strictly anonymous because datainferred eventually may be connected with other informationand can be republished.

III. ASSESSMENT CRITERIA FOR CLOUD IDMSS

Many organizations are moving their enterprise identitymanagement systems to Cloud IDMSs after realizing the sig-nificant benefits such as computational outsourcing and storageof sensitive information. However, there exists no specificassessment criterion that can be used for the evaluation ofCloud Identity Management Systems. To evaluate commercialidentity management systems such as Shibboleth and OpenID,most of the papers cite “Laws of Identity” by Kim Cameron[8], which specifies seven identity management laws that everyIDMS should follow [9]. However, Cloud elevates numerousother security concerns such as privacy, auditing & compli-ance and availability, which requires further enhancement andextension in the existing laws. We have made a contributionto this part by identifying certain features that a Cloud IDMSshould possess by performing an extensive literature surveyon the security issues of Cloud based IDMSs [2], [7], [10].The existing laws described in [7], [8], [10] have also beenused in the formulation of our assessment criterion. A briefdescription of all those features is given below along with theirlevel of compliance that can be High, Medium or Low. Theselevels are designed by following the guidelines from NIST[11] where authentication assurance levels are assigned to thesystems on the basis of the requirements they fulfill. Similarly,we specify certain requirements against each feature. Levelsare assigned to each feature depending upon their compliancewith the defined requirements. High level indicates that thesystem offers complete support to a feature and fulfills allthe requirements stated against that particular feature. Mediumlevel is assigned to the feature that satisfies only limited set ofrequirements. Lastly, a level of Low indicates that the systemunder consideration lacks support to the feature in question.

A. Limited Disclosure

Considering the best practices regarding identity manage-ment which states that information should be disclosed on“need to know” basis only, and stored on a “need to retain”basis only as that may help to ensure the minimal damage inthe event of any violation such as theft of identity information[6], [7], [8], [9]. Limited disclosure is an important constraintthat needs to be considered while selecting a Cloud IDMS,

189189189189189

otherwise users may fall victim to various attacks such as non-repudiation, impersonation attack, phishing attack etc. IDMS isassigned a level of “High” if it fully conforms to the limiteddisclosure principle and discloses the personal identificationinformation on need to know basis only and “Low” if limiteddisclosure feature is completely missing in the system underdiscussion.

B. Identity Federation

Considering the distributed nature of Cloud, every CloudIDMS is required to support the federation of identities in orderto enhance their security, performance and usability[5]. More-over, IDMS’s performance may improve via movable identitycredentials that will eliminate the need of redundant storageat multiple servers. “High” level is assigned to the systemthat follows a fully distributed architecture for informationstorage and collects the identity information from multiplelocations each time the user or CSP requests for the user’sidentity credentials. Whereas, “Medium” level indicates thatthe IDMS incorporates the distributed storage framework alongwith a mandatory centralized architecture for identity storageand retrieval therefore partially supports the feature of identityfederation. A level of “Low” indicates simply no support foridentity federation.

C. Authentication

Cloud typically offers authentication via SSO, that ensuresuser access to all the trusted systems/resources without prompt-ing for login at each of them within a single session [2], [4].Potential users/customers of Cloud are highly concerned aboutthe IDMS’s level of authentication as that is closely related tothe level of security the system may offer. An IDMS with sin-gle factor authentication is relatively more vulnerable to attackssuch as network eavesdropping; brute force attacks; dictionaryattacks; cookie replay; identity theft etc [12]. “High” levelis assigned to indicate that the IDMS provides two-factorauthentication. Whereas a level of “Medium” indicates thatthe system offers single factor authentication or supports SSOalso via some related technology (SAML, OpenID). Moreovera level of “Low” indicates that the system specifies no authen-tication mechanism at all.

D. Authorization

In authorization, CSC’s identity information is used togrant access to Cloud services and resources so that onlyright user accesses the right services/resources [4]. EveryCloud IDMS is required to offer authorization proceduresor else it may pose serious threats to the CSCs and CSPs,for instance privilege escalation, unauthorized disclosure ofsensitive credentials, data tampering, service hijacking etc [12].“High” level is assigned to the system that specifies properauthorization model e.g. RBAC, ABAC etc. whereas “Low”label indicates the absence of access control mechanisms inthe design of an IDMS.

E. Consistent user experience

IDMSs are required to provide consistent user experienceby offering support for multiple operators and technologies

(such as SAML, OAuth, OpenId). To ensure consistent expe-rience users can possibly choose the credentials and attributesfrom lists issued by IdP in advance of each operation or theycan specify their identity revelation rules prior to actual serviceusage [9]. Consistent user experience is of great significance tothe CSCs since considering user’s consent prior to the releaseof their sensitive identity credentials restricts many possiblethreats/attacks (such as the identity theft and impersonationattack) and helps to better protect the identity data. An IDMSthat guarantees consistent user experience across multiple con-texts is assigned a label of “High”. System that supports thisfeature relatively lesser is given “Medium” rank in evaluation.Whereas an IDMS that offers no support to consistent userexperience completely are assigned “Low” label.

F. Audit and Compliance

IDMS is required to incorporate audit and compliancefeature to ensure proper working that eventually raises trust ofits customers and users in the system [6]. CSPs and CSCs arehighly concerned about the auditing and compliance capabilitywhile selecting Cloud IDMS [10]. Identity management systemthat does not offer support to auditing and logging featuremay cause non-repudiation by inside-attackers, un-traceableattacker exploits, data loss and leakage etc. [12]. Identitymanagement systems that comply with international standardsof security and privacy are considered more reliable andtrustworthy. Cloud IDMS is considered to have “High” levelof assurance if it conforms to any international standard (suchas PCI-DSS, HIPAA, ISO27001) and has the auditing viamonitoring and logging capability as well. “Medium” levelis assigned if it supports any one of the above mentionedfeatures as if it complies with any industry standard but lacksauditing and logging capability or vice versa. A level of “Low”is assigned to the IDMS that lacks support for both features.

G. Multiple Operators and Technologies

Identity management systems are required to support bothpolycentric (that allows federation) and polymorphic (that ex-ists in different types) identity information (or tokens) [8], [9].Cloud IDMS should be capable of accepting the segregationand distinction among the different contexts, since a singleuser might have multiple contextual identities such as personal(name, e-mail address), professional (employee-ID, Salary)and citizen (National ID card). Moreover, a Cloud based IDMSmust support the interoperation of various technologies (e.g.OpenID, OAuth) that are run by multiple IdPs in order toenhance their efficiency and usability. “High” level is assignedto the system that ensures support to multiple protocols andis capable of understanding the segregation among differentcontexts. “Medium” level indicates that either the systemsupports limited set of protocols or recognizes the differencebetween multiple contextual identities, whereas, “Low” indi-cates absence of this feature.

H. Self service

An IDMS is required to have a self-service feature thatenables the user to alter his sensitive personal informationaccumulated by the CSP (such as postal address, phone num-ber, password etc.). Users must be allowed to modify/updatetheir personal identification information that uniquely identifies

190190190190190

them in an IDMS. Self-service feature facilitates the CSCsby offering them the firm control over the sharing of theirsensitive identity credentials. On the other hand, it saves themanagement/operational costs as well as the troubleshootingtime of the CSPs. “High” level is assigned to the IDMSwhich allows the user to manage his credentials and offersthe user with maximum control over his sensitive information.“Medium” indicates that the system allows the user to controlhis credentials but to a certain level for instance system offersonly the password change facility to the user and no othermanagement rights are offered thus the system is said to havea partial support for self-service attribute. An IDMS is assigneda “Low” label if this facility is absent.

IV. ANALYSIS OF CLOUD IDENTITYMANAGEMENT SYSTEMS

In this section, we discuss various Cloud based identitymanagement systems and classify them into four differentcategories considering the different approaches that each sys-tem takes to manage the identity information. Our analy-sis includes systems from each category including Isolated,Centralized, Federated and Anonymous identity managementsystems. Cloud IDMS from each category has been investi-gated against the proposed assessment criterion each system’sstrengths and weaknesses have also been identified with respectto the essential security concerns of CSPs and CSCs.

A. Isolated IDMS

In the following subsections, we discuss few well knownIsolated identity management systems along with its analysis.

1) A Strong User Authentication Framework for CloudComputing: Strong user authentication framework for Cloudenvironment [13] conforms to the Isolated IDMS properties,since single Cloud SP is responsible for the storage, main-tenance and verification of identity credentials and does notrely on any trusted third party (IdP). This framework offerssolution for the management of user’s identity credentials,mutual authentication along with session key generation and itssecure distribution. Cloud users are authenticated via password,smart card and Out of Band (OOB) authentication.

Analysis: Proposed strong user authentication frame-work is based on two-factor authentication that uses smart cardbased bilinear pairings and user password to provide two-levelAuthentication. It offers partial support to Self-service featureas the framework incorporates the password change facilityonly in the system design. This framework ensures LimitedDisclosure feature by two separate channels for transmittinguser credentials that minimizes the impact of informationdisclosure and ascertain protection against identity relatedthreats. Distribution of credentials is achieved in a way thatsome information is stored in the user’s smart card whereasone-time key is sent by the server to user’s mobile via SMSthus offering support to Identity federation as well. However,no support for Multiple Operators and Technologies is offeredas the framework does not define user roles. Consistent user ex-perience across multiple SPs is also not provided. Frameworkspecifies no Authorization feature. Furthermore, the design ofproposed framework falls short to identify any Auditing andCompliance procedures for the secure Cloud architecture.

2) Protection of Identity Information in Cloud Computingwithout Trusted third party : Rohit et.al has described asecurity solution for Personal Identity Information (PII) thatprevents unauthorized disclosure and usage of user’s sensitiveidentity information [14]. Presented scheme computes theassertions over encrypted user data and performs computationover multiple nodes that eliminates the need of Trusted ThirdParty (TTP) and prevents the theft of user identity as well.Support for un-trusted hosts is ensured via Active Bundle (AB)scheme, ABs contain PII, privacy preserving policies and aVirtual Machine (VM) and also possesses a set of protectionmechanisms to protect themselves. In the presented solution,SP itself is responsible for the generation and verification ofidentity credentials (Active Bundles) thus does not rely on anyTTP thus adheres to the Isolated IDMS model.

Analysis: AB discloses restricted PII to the SP thusoffers support to Limited Disclosure feature and providessecurity against identity attacks. AB scheme has a ’DisclosurePolicy’ component that ensures seamless and Consistent userexperience across multiple SPs. Another significant feature ofAB scheme is ’Identity Data’, which stores encrypted identityinformation to ensure secure user Authentication. ’DisclosureHistory’ is yet another important feature of AB scheme whichis responsible for maintaining and providing logging but doesnot comply with any industry standard thus offers partialsupport to Auditing and Compliance principle. This schemeeliminates the need of a TTP for handling the identity manage-ment functions by following the distributed architecture for thestorage and processing of secret information among multiplenodes that consequently ensures security as well as IdentityFederation. On the other hand, support for Multiple Operatorsand Technologies is not provided. Authorization module is notincluded in the proposed scheme for the ensuring of accesscontrol policies to the appropriate applications. This schemealso lacks to provide support for Self-service feature.

B. Centralized IDMS

In the following subsections, few well known Centralizedidentity management systems are briefly discussed along withits analysis.

1) An Identity-Centric Internet: Identity in the Cloud,IDaaS and other delights: Concept of Identity in CloudAgents (IC-Agents) is presented in [15], which is a logicalidentity proxy with Identity as a Service (IDaaS) component.IC-Agents are entities in global trust infrastructure or anentity in Cloud environment that can potentially be a user,Cloud SP or CSC. IC-Agents are involved in all the identitypropagation transactions and functions as an identity proxythroughout the communication. Furthermore, IDaaS concept isexplained in the context of Personal Data-as-a-Service alongwith Authentication and Authorization as-a-Service module tofacilitate identity management operations. Presented solutionis a realization of Centralized IDMS model, where IC-Agentsare exclusively held responsible for the propagation of identitycredentials and operates as an identity proxy throughout thecommunication processes.

Analysis: The presented concept of logical identityproxy(IC-Agent) ensures the segregation of user’s PII whiledisseminating user’s credentials across multiple SPs to acquire

191191191191191

their services thus offering support to Multiple Operatorsand Technologies feature. Moreover, IC-Agents are capable ofmonitoring and logging all the user operations (for instanceauthorization and other service accesses), which may help tocarry out the auditing processes as per SP’s requirement butdoes not comply with any industry standard thus offers partialsupport to Auditing and Compliance principle. Furthermore,they provide interfaces called dashboards for user Authentica-tion. IC-Agent may also function as a personal IdP to provideSSO capability thus eliminates the need of repeated user loginsfor each independent resource access. Dashboard displaysSP’s requirements in order to acquire user’s consent beforedisclosing their sensitive identity information mandatory forthe verification process thus ensures Consistent user experienceacross multiple SPs. Proposed concept of IC-Agent is based onthe distributed architecture for personal data storage as somedata is stored by the IC-Agent itself while other information isretrieved via multiple distinct IC-Agent sources thus followsthe Identity Federation principle. Users are provided withfull control over their identity information stored at IC-Agenthost (Software and Hardware) hence support to Self Serviceprinciple is ensured. IC-Agent applies the user defined datadisclosure policies while forwarding user credentials to the SPsfor secure authentication or Authorization. On the other hand,this scheme offers no support to Limited disclosure principle.

2) Distributed Identity for Secure Service Interaction:Mohammad et.al present a Role based identity managementarchitecture in [16] that utilizes user’s mobile device as aunique attribute of his digital identity. Presented concept isnamed as ’My Digital Identity’ (single IdP), which is animplementation of centralized identity management model. MyDigital Identity is categorized into personal identity, corporateidentity and social identity. Each of these identity classes havetheir corresponding attributes and identifiers that are disclosedonly on need to know basis to the SPs hence ensure thesecurity of user credentials during the authentication process.My Digital Identity classifies information into separate roleshowever, single IdP is used for the sharing and distribution ofuser’s identity credentials to the SP.

Analysis: Presented role based identity managementarchitecture follows the Limited Disclosure principle whereeach identifier discloses limited information to the SP whileaccessing multiple related services. The Identity Federationmechanism is ensured by distributing the identifying informa-tion across multiple locations, for instance partial user creden-tials are held in the network storage area whereas the otherhalf is stored at the user’s mobile device (SIM card). Systemoffers the Self Service functionality through my digital identitycomponent that allows the user to alter, append or revoke hisstored identity credentials. Furthermore, the system providesAuthentication functionality via user’s SIM card. However thesystem suggests an extended SIM card architecture as well thatholds multiple credentials for different authentication services.Network based identity data store (My digital identity) allowsthe user to define data disclosure policies for other person-nel thus guarantees seamless and Consistent user experienceacross multiple SPs. Authorization module that ensures thelegitimate user accesses to the distributed resources is providedthrough role based access control model. System offers supportto Multiple Operators and Technologies principle by acceptingthe segregation and distinction among the different identity

contexts such as personal, social and corporate identity. How-ever, the system does not specify Auditing and Compliancefunctionality that is critical for maintaining and keeping thecheck and balance on CSCs as well as on Cloud SPs for thesecurity of IDMSs.

C. Federated IDMS

This section briefly discusses and evaluates few well-known federated identity management systems against thefeatures of our assessment criterion.

1) Security and Cloud Computing: ICIMI: Inter-CloudIdentity Management Infrastructure (ICIMI) is described in[17], which is a federated IDMS. In ICIMI, Home Cloudforwards the federation request to Foreign Cloud with theaim of expanding its virtualization infrastructure. In orderto acquire the resources from Foreign Cloud, Home Cloud’s(subject) identity is required to be declared trusted by the IdP(third party asserting trustiness), and that assertion is thenforwarded to the Foreign Cloud (relying party) to make theresource acquisition successful.

Analysis: ICIMI uses IdP/SP model to provide Au-thentication using the concept of SSO where Home Clouduses one-time authentication technique in order to accessthe federated Foreign Cloud services that are in its sharedtrusted domain. This infrastructure offers support for MultipleOperators and Technologies by providing a solution that isindependent of the underlying authentication mechanisms andby incorporating standards such as SAML. Moreover, ICIMI isbased on distributed system architecture comprising of severalIdPs; therefore the mechanism for storage and retrieval ofuser credentials follows the Identity Federation principle. Inaddition, Limited disclosure principle is also followed by thisscheme as the Home Cloud hides the identity of CSCs bymaking the resource acquirement request on his behalf. How-ever, the system incorporates no Authorization mechanism.Similarly, Self-service facility is not offered. Secure logging toensure Auditing and Compliance is not reflected in the designand architecture of the proposed infrastructure. ICIMI does notensure Consistent user experience across multiple SPs.

2) Strengthen Cloud Computing Security with FIM UsingHIBC: A Federated Identity Management (FIM) system forCloud along with Hierarchical Identity-Based-Cryptography(HIBC) is described in [18], which allocates unique identitiesto users and servers in hierarchal fashion. This paper clearlyfollows the Federated IDMS properties by allowing the cus-tomers/consumers of one Cloud to use the services of the otherCloud that is potentially trusted by their SPs, with single useridentity.

Analysis: Authentication principle is followed in theproposed system via SSO facility that uses single identitycredentials and allows the user to access multiple servicesand resources that are provided by distinct SPs. HIBC offerssupport to Identity Federation principle by specifying thehierarchical approach for identity storage and maintenance.In addition, HIBC model provides Multiple Operators andTechnologies facility to CSCs by incorporating numerous au-thentication protocols supported by distinct Cloud SPs. TheHIBC model follows Limited Disclosure principle since same

192192192192192

exclusive identity information is disclosed in each resource ac-cess request. However, no access control policies are specifiedin the model hence lacks Authorization capability. Similarly,Self-service facility is also missing in the HIBC model. Thismodel does not ensure seamless and Consistent user experi-ence across multiple SPs. Auditing and Compliance capabilityis also not offered by the HIBC model.

3) Chord Based Identity Management for e-HealthcareCloud Applications: Il Kon et.al presents an algorithm thatprovides SSO service for Cloud based e-Healthcare appli-cation using Peer-to-Peer service model for load balancing[19]. Presented algorithm is called Chord for Cloud (C4C),it allows the customers of one Cloud to use the servicesof the other Cloud environments, with single user identity.C4C aims at minimizing the amount of verification queriesto the centralized Identity Management Server (IMS) or thirdparty IdP. Once the user is successfully authenticated, theC4C distributes his session information in the federated Cloudenvironment so that hereafter the requesting node can verifythe user authentication request itself without requesting IMSor third party IdP.

Analysis: The described algorithm in [19] offers Au-thentication via SSO where session values are extracted fromthe user’s service request and are verified by the SP (node) ifsuccessful, user is given access to the requested service. Thisalgorithm offers support to Multiple Operators and Technolo-gies by incorporating protocols such as SAML and OpenID.Moreover, C4C follows the Identity Federation principle byoffering the distributed processing architecture where usercredentials are disseminated among multiple Cloud nodes forverification, whereas sensitive identity information at eachprocessing node is secured via Intrusion Detection Systems.In addition, C4C is composed of multiple components outof which Session Manager (SM) module is responsible formaintaining the information about valid user sessions andafter successful verification, this SM module initiates theAuthorization process. SM module creates session for eachauthenticated user and specifies valid time slot for each createdsession. The user credentials are kept encrypted throughout thevalid user sessions and revoked after session termination toensure Limited Disclosure along with confidentiality. Whereas,proposed algorithm does not provide Self service functionalitythat enables the user to manage his sensitive identity creden-tials himself without requesting any SP support. Similarly,Auditing and Compliance principle is also not included inthe design of C4C algorithm and does not comply with anyindustry standard as well. Moreover, the algorithm does notensure Consistent user experience across multiple SPs.

4) Security APIs for My Private Cloud: A conceptualmodel along with the security architecture is presented in [11]that describes a set of three security APIs designed for allowingthe user to delegate his access rights to anyone at any timeand ensures federated access rights to Cloud resources. Thedesign and implementation of Authorization API (Authz API),Authentication API (Authn API) and Delegation via invitationAPI (Delegation API) has been presented that ensures thesecurity. Authz API maintains the identity database and definesthe access control mappings, while Authn API is responsiblefor authenticating the Cloud users and returning the user’sidentity credentials back to the requesting service and functions

as a federated SP. Moreover a Delegation API is also describedwhich is based on a delegation issuing web service feature.This feature is particularly responsible for issuing the delega-tion tokens and maintaining the logs of delegated attributesagainst the delegatees.

Analysis: Proposed model presents the design of threesecurity APIs each with a specific functionality such as Authen-tication API is responsible for verification and identification ofusers and sends back user’s identity credentials to the Cloud.SSO functionality is also incorporated in the system modelwhere user logouts are restricted to the Cloud applications onlywhereas session with the authentication IdP/server remainsactive. Whereas, Authorization API on the basis of user’sidentity attributes decides what rights a particular Cloud usermay possess and when to revoke those access rights. Thesesecurity APIs enable the Cloud users to protect their data inCloud by specifying their own access control policies and arecapable of delegating the access rights of their resources/datato other users thus offering support to Consistent user experi-ence principle. The model also enables the Cloud resourceowners to maintain logs of their potential users, in orderto ensure that only the legitimate resource can be accessedby the user having valid delegated attributes. However, thismodel does not comply with any industry standard thus offerspartial support to Auditing and Compliance principle. In orderto provide support to Multiple Operators and Technologies,proposed model offers support to multiple IdP protocols suchas SAML and OpenID. Moreover, this model enables the userto relate his identity information across multiple SPs to raisehis assurance level for authentication purposes thus offeringsupport to Identity Federation feature. However, this modelspecifies no mechanism for Limited Disclosure of identityinformation that makes the system and user credentials vul-nerable to identity related attacks. Similarly, this model offersno Self Service facility.

D. Anonymous IDMS

In this section, we will be discussing few anonymousidentity management systems along with their analysis on thebasis of our assessment criteria.

1) An Identity-Based OTP Scheme with Anonymous Authen-tication: Identity based One-time Password (OTP) authentica-tion scheme is presented in [20] that operates on smart cardbased bilinear pairings. Proposed scheme generates a tempo-rary identity to protect user’s actual identity in the authentica-tion phase that consequently ensures user’s privacy. Identitybased OTP scheme involves three entities that is user, hissmart card and a server that performs the user authentication.After successful authentication, server generates the temporaryidentity and session key for the user and thus guarantees user’sanonymity and privacy throughout the communication process.

Analysis: OTP scheme described in [20] uses tempo-rary identity information to ensure anonymity thus follows theLimited Disclosure principle. Scheme utilizes smart card thatis based on bilinear pairings and generates OTP along with thetemporary user identity to ensure anonymity and security in theAuthentication process. Identity Federation feature is ensuredthrough the combination of smart card and OTP where identityinformation is collected from multiple sources to generate user

193193193193193

credentials that are finally used in the process of authenticationor Authorization. Self-service feature is also incorporated inthe system through the password change facility module thatenables the user to change or update his password without anyassistance from the server side. However, the proposed OTPscheme offers no Auditing and Compliance mechanisms anddoes not comply with any industry standard. Support for Multi-ple Operators and Technologies is an important considerationwhile providing authentication, however it is not consideredin this scheme. Moreover, Consistent user experience acrossmultiple SPs is also not provided as the scheme does not allowthe user to selectively disclose his identity information to theSPs.

2) UIMM Based on Anonymous Credentials: Yang et.aldescribe a Universal Identity Management Model (UIMM)where users are allowed to prove the ownership of theiridentity credentials without having the communication withthe IdP [21]. The model further makes the user capable ofdelegating their access rights to any other user of their choice.UIMM ensures user’s privacy and anonymity via unlikable selfgenerated pseudonyms and combines relationship-focused andcredential-focused user centric identity management conceptsin the SOA.

Analysis: In the presented model, Limited Disclosureprinciple is followed via pseudonym based signature schemethat ensures the minimal and selective disclosure of userinformation. The Authentication module includes IdP thatprovides the identity credentials to users and is also responsiblefor performing their verification. UIMM is an extension ofWS-Federation framework which ensures Authorized access tomultiple federated security realms. Identity selector componentof identity meta-system ensures Consistent user experiencesince it allows the user to chose the credentials for differentresource accesses. The identity meta-system component aimsto provoide support to Multiple Operators and Technologiesattribute by ensuring the separation of contexts thus offerssecure communication between the CSCs and CSPs. Self-service facility is provided via personal identity meta-systemmodule where users are allowed to manage their sensitiveidentity information. On the contrary, UIMM offers no supportto Identity Federation and Auditing and Compliance principle.

We have reviewed various Cloud Identity ManagementSystems, but no absolute ranking can be performed sinceeach system has some pros and cons either because of theiridentity management architecture or underlying mechanismsfor handling the identities. Furthermore, discussed IDMSshave several issues regarding interoperability, implementationand deployment. In order to give the proof of concept, wehave applied our assessment criterion on only few well knownidentity management systems. The security features that wehave identified are worth considering however, there is noobligation that every Cloud IDMS must offer those completeset features, since, requirements vary from one organization toanother organization. Similarly, Table 1 illustrates that noneof the assessed system offers complete support to all of thementioned features of Cloud IDMS. There is a strong need forCloud based IDMS that holistically covers basic and advancedsecurity features to satisfy the heterogeneous and dynamicnature of Cloud.

V. CONCLUSION AND FUTURE WORK

This paper provides an assessment criterion that mightbe used to evaluate and analyze the state-of-the-art CloudIdentity Management Systems. Our analysis shows that thereis a need to improve the Cloud Identity Management Sys-tems in terms of features and functionality. Considering ouranalytical evaluation, research in the domain of Cloud identitymanagement should be performed with an objective to achievean effective, reliable and secure Cloud based IDMSs. Futureresearch should focus on providing an Identity Managementframework that should be adequate for the Cloud environmentcomprising of many advanced features. Though, several Cloudidentity management systems have been proposed thus far;however, none of those systems discuss identity managementas a complete system since they address only few particularIDMS features such as authentication, authorization or accessright delegation etc. None of the proposed systems discussescomplete set of security features that a Cloud IDMS mustsupport. In future, we may attempt to cover security features ofCloud identity management systems along with their relatedmechanisms to assist CSCs and CSPs in selecting the mostappropriate identity management system that best suits theirfunctional and security requirements.

REFERENCES

[1] L. Youseff, M. Butrico, and D. Da Silva, “Toward a unified ontology ofcloud computing,” in Grid Computing Environments Workshop, 2008.GCE’08. IEEE, 2008, pp. 1–10.

[2] W. A. Jansen, “Cloud hooks: Security and privacy issues in cloud com-puting,” in System Sciences (HICSS), 2011 44th Hawaii InternationalConference on. IEEE, 2011, pp. 1–10.

[3] Y. Cao and L. Yang, “A survey of identity management technology,”in Information Theory and Information Security (ICITIS), 2010 IEEEInternational Conference on. IEEE, 2010, pp. 287–293.

[4] A. Jøsang, J. Fabre, B. Hay, J. Dalziel, and S. Pope, “Trust requirementsin identity management,” in Proceedings of the 2005 Australasianworkshop on Grid computing and e-research-Volume 44. AustralianComputer Society, Inc., 2005, pp. 99–108.

[5] S. Suriadi, E. Foo, and A. Jøsang, “A user-centric federated single sign-on system,” Journal of Network and Computer Applications, vol. 32,no. 2, pp. 388–401, 2009.

[6] A. Bhargav-Spantzel, J. Camenisch, T. Gross, and D. Sommer, “Usercentricity: a taxonomy and open issues,” Journal of Computer Security,vol. 15, no. 5, pp. 493–527, 2007.

[7] E. McCallister, Guide to protecting the confidentiality of personallyidentifiable information. DIANE Publishing, 2010.

[8] K. Cameron, “The laws of identity,” Microsoft Corp, 2005.

[9] J. Leskinen, “Evaluation criteria for future identity management,” inTrust, Security and Privacy in Computing and Communications (Trust-Com), 2012 IEEE 11th International Conference on. IEEE, 2012, pp.801–806.

[10] W. Jansen and T. Grance, “Guidelines on security and privacy in publiccloud computing,” NIST special publication, pp. 800–144, 2011.

[11] D. W. Chadwick and M. Casenove, “Security apis for my private cloud-granting access to anyone, from anywhere at any time,” in CloudComputing Technology and Science (CloudCom), 2011 IEEE ThirdInternational Conference on. IEEE, 2011, pp. 792–798.

[12] C. Modi, D. Patel, B. Borisaniya, A. Patel, and M. Rajarajan, “A surveyon security issues and solutions at different layers of cloud computing,”The Journal of Supercomputing, vol. 63, no. 2, pp. 561–592, 2013.

194194194194194

TABLE I: Comparative Analysis of Cloud IDMS

Categories Identity Management Systems Authn Authz IdentityFederation

ConsistentExperience

Self-Service

Audit &Compliance

LimitedDisclosure

MultipleOper. & Tech.

Isolated IDMS A Strong User Authentication Frame-work for Cloud Computing

High Low High Low Medium Low High Low

Protection of Identity Info. in CCwithout TTP

Medium Low High High Low Medium High Low

CentralizedIDMS

An Identity-Centric Internet: Identityin the Cloud, IDaaS

Medium High High High High Medium Low High

Distributed Identity for Secure Ser-vice Interaction

Medium High High High High Low High High

FederatedIDMS

Security and Cloud Computing:ICIMI

Medium Low High Low Low Low High High

Strengthen Cloud Computing Secu-rity with FIM Using HIBC

Medium Low High Low Low Low High High

Chord Based Identity Managementfor e-Healthcare Cloud Applications

High High High Low Low Low High High

Security APIs for My Private Cloud:granting access to anyone

Medium High High High Low Medium Low High

AnonymousIDMS

An Identity-Based OTP Scheme withAnonymous Authentication

Medium High High Low Medium Low High Low

UIMM Based on Anonymous Cre-dentials

Medium High Low High High Low High High

[13] A. J. Choudhury, P. Kumar, M. Sain, H. Lim, and H. Jae-Lee, “Astrong user authentication framework for cloud computing,” in ServicesComputing Conference (APSCC), 2011 IEEE Asia-Pacific. IEEE, 2011,pp. 110–115.

[14] R. Ranchal, B. Bhargava, L. B. Othmane, L. Lilien, A. Kim, M. Kang,and M. Linderman, “Protection of identity information in cloud comput-ing without trusted third party,” in Reliable Distributed Systems, 201029th IEEE Symposium on. IEEE, 2010, pp. 368–372.

[15] M. Ates, S. Ravet, A. M. Ahmat, and J. Fayolle, “An identity-centricinternet: identity in the cloud, identity as a service and other delights,” inAvailability, Reliability and Security (ARES), 2011 Sixth InternationalConference on. IEEE, 2011, pp. 555–560.

[16] M. M. Chowdhury and J. Noll, “Distributed identity for secureservice interaction,” in Wireless and Mobile Communications, 2007.ICWMC’07. Third International Conference on. IEEE, 2007, pp. 56–56.

[17] A. Celesti, F. Tusa, M. Villari, and A. Puliafito, “Security and cloudcomputing: intercloud identity management infrastructure,” in EnablingTechnologies: Infrastructures for Collaborative Enterprises (WETICE),2010 19th IEEE International Workshop on. IEEE, 2010, pp. 263–265.

[18] L. Yan, C. Rong, and G. Zhao, “Strengthen cloud computing securitywith federal identity management using hierarchical identity-basedcryptography,” in Cloud Computing. Springer, 2009, pp. 167–177.

[19] I. K. Kim, Z. Pervez, A. M. Khattak, and S. Lee, “Chord based identitymanagement for e-healthcare cloud applications,” in Applications andthe Internet (SAINT), 2010 10th IEEE/IPSJ International Symposiumon. IEEE, 2010, pp. 391–394.

[20] S. Luo, J. Hu, and Z. Chen, “An identity-based one-time passwordscheme with anonymous authentication,” in Networks Security, WirelessCommunications and Trusted Computing, 2009. NSWCTC’09. Interna-tional Conference on, vol. 2. IEEE, 2009, pp. 864–867.

[21] Y. Zhang and J.-L. Chen, “Universal identity management model basedon anonymous credentials,” in Services Computing (SCC), 2010 IEEEInternational Conference on. IEEE, 2010, pp. 305–312.

195195195195195