Skip to main content

AWS Launches Web Identity Service With Support For Google And Facebook

Amazon Web Services (AWS) has launched a web identity service with support for Google, Facebook and its own AWS Identity and Access Management (IAM).  The service allows developers to grant temporary authorization to people using these three services and simplifies development as all the identity management is done by AWS.
All the server-side code is managed without long-term credentials for the app. The service introduces a new AWS Security Token Service (STS) API that allows for temporary security credentials for customers who have been authenticated by Amazon.com, Facebook, or Google. The “app can then use the temporary security credentials to access AWS resources such as Amazon Simple Storage Service (S3) objects, DynamoDB tables, or Amazon Simple Queue Service queues.”
This means that an app developer can more easily integrate identity features into an app. AWS uses the example of allowing end users to upload an image file as their personal avatar. In this case, a developer would store the images as objects into an Amazon S3 storage bucket. To enable this, the developer integrates a role that has two parts.
The first is a trust service that “specifies a trusted entity (principal)—that is, who can assume the role. In this case, the trusted entity is any authenticated Amazon.com user.” The second access policy provides permissions that specify what the user can do.
AWS  emphasis on its own identity service which it launched at its re:Invent conference late last year. It allows for identity federation between the customer’s corporate directory and AWS services.
But Google and Facebook are the real identity kings. People use these services far more than an Amazon.com retail account. But where are Twitter and LinkedIn? No explanation is given but we can expect that more services will be added.
Identity is becoming increasingly critical. What’s increasingly apparent is the need for third-party identity providers such as Ping Identity and services such as Forever, a new personal cloud service that gives users control over their own personal data. Forever is provided by Kynetx, Phil Windley’s company that offers context-aware applications that can run on browsers, mobile phones, and desktops.
Other third-party services such as JanRain have prospered by serving as identity brokers. Enterprise app providers such as Symplified and Okta are SaaS providers that also offer identity services.Salesforce.com has also entered the identity marketplace.

Comments

Post a Comment

Popular posts from this blog

How to construct a File System that lives in Shared Memory.

Shared Memory File System Goals 1. MOUNTED IN SHARED MEMORY The result is a very fast, real time file system. We use Shared Memory so that the file system is public and not private. 2. PERSISTS TO DISK When the file system is unmounted, what happens to it? We need to be able to save the file system so that a system reboot does not destroy it. A great way to achieve this is to save the file system to disk. 3. EXTENSIBLE IN PLACE We want to be able to grow the file system in place. 4. SUPPORTS CONCURRENCY We want multiple users to be able to access the file system at the same time. In fact, we want multiple users to be able to access the same file at the same time. With the goals now in mind we can now talk about the major design issues: FAT File System & Design Issues The  FAT File System  has been around for quite some time. Basically it provides a pretty good file structure. But I have two problems with it: 1. FAT IS NOT EXTENSIBLE IN PLAC...
Post a Comment
Read more

Common Sense Identification of the Security Problems

Organizations make key information security mistakes, which leads to inefficient and ineffective control environment. High profile data breaches and cyber-attacks drive the industry to look for more comprehensive protection measures since many organizations feel that their capability to withstand persistent targeted attacks is minimal. But at the same time, these organizations make some key information security mistakes, that jeopardize their efforts towards control robustness. Although many firms invest in security technologies and people, no one has the confidence that the measures taken are good enough to protect their data from compromises. Below are the 10 worst mistakes which are common to find, and important to address in the path of mature information security posture. If you analyze the cyber security scenarios, and organizational capabilities, the prevailing trend is a vendor-driven approach. In many cases, security professionals adopt the attitude of procuring...
Post a Comment
Read more

Ingesting IoT Sensor Data Into S3 With an RPI3

StreamSets Data Collector Edge is a lightweight agent used to create end-to-end data flow pipelines. We'll use it help stream data collected from a sensor. Due to the increasing amount of data produced from outside source systems, enterprises are facing difficulties in reading, collecting, and ingesting data into a desired, central database system. An edge pipeline runs on an edge device with limited resources, receives data from another pipeline or reads the data from the device, and controls the device based on the data. StreamSets Data Collector (SDC) Edge, an ultra-lightweight agent, is used to create end-to-end data flow pipelines in StreamSets Data Collector and to run the pipelines to read and export data in and out of systems. In this blog, StreamSets Data Collector Edge is used to read data from an air pressure sensor (BMP180) from an IoT device (Raspberry Pi3). Meanwhile, StreamSets Data Collector is used to load the data into Amazon's Simple Storage Service ...
Post a Comment
Read more