Skip to main content

AWS Launches Web Identity Service With Support For Google And Facebook

Amazon Web Services (AWS) has launched a web identity service with support for Google, Facebook and its own AWS Identity and Access Management (IAM).  The service allows developers to grant temporary authorization to people using these three services and simplifies development as all the identity management is done by AWS.
All the server-side code is managed without long-term credentials for the app. The service introduces a new AWS Security Token Service (STS) API that allows for temporary security credentials for customers who have been authenticated by Amazon.com, Facebook, or Google. The “app can then use the temporary security credentials to access AWS resources such as Amazon Simple Storage Service (S3) objects, DynamoDB tables, or Amazon Simple Queue Service queues.”
This means that an app developer can more easily integrate identity features into an app. AWS uses the example of allowing end users to upload an image file as their personal avatar. In this case, a developer would store the images as objects into an Amazon S3 storage bucket. To enable this, the developer integrates a role that has two parts.
The first is a trust service that “specifies a trusted entity (principal)—that is, who can assume the role. In this case, the trusted entity is any authenticated Amazon.com user.” The second access policy provides permissions that specify what the user can do.
AWS  emphasis on its own identity service which it launched at its re:Invent conference late last year. It allows for identity federation between the customer’s corporate directory and AWS services.
But Google and Facebook are the real identity kings. People use these services far more than an Amazon.com retail account. But where are Twitter and LinkedIn? No explanation is given but we can expect that more services will be added.
Identity is becoming increasingly critical. What’s increasingly apparent is the need for third-party identity providers such as Ping Identity and services such as Forever, a new personal cloud service that gives users control over their own personal data. Forever is provided by Kynetx, Phil Windley’s company that offers context-aware applications that can run on browsers, mobile phones, and desktops.
Other third-party services such as JanRain have prospered by serving as identity brokers. Enterprise app providers such as Symplified and Okta are SaaS providers that also offer identity services.Salesforce.com has also entered the identity marketplace.

Comments

Post a Comment

Popular posts from this blog

Python and Parquet Performance

In Pandas, PyArrow, fastparquet, AWS Data Wrangler, PySpark and Dask. This post outlines how to use all common Python libraries to read and write Parquet format while taking advantage of  columnar storage ,  columnar compression  and  data partitioning . Used together, these three optimizations can dramatically accelerate I/O for your Python applications compared to CSV, JSON, HDF or other row-based formats. Parquet makes applications possible that are simply impossible using a text format like JSON or CSV. Introduction I have recently gotten more familiar with how to work with  Parquet  datasets across the six major tools used to read and write from Parquet in the Python ecosystem:  Pandas ,  PyArrow ,  fastparquet ,  AWS Data Wrangler ,  PySpark  and  Dask . My work of late in algorithmic trading involves switching between these tools a lot and as I said I often mix up the APIs. I use Pandas and PyArrow for in-RAM comput...
Post a Comment
Read more

How to construct a File System that lives in Shared Memory.

Shared Memory File System Goals 1. MOUNTED IN SHARED MEMORY The result is a very fast, real time file system. We use Shared Memory so that the file system is public and not private. 2. PERSISTS TO DISK When the file system is unmounted, what happens to it? We need to be able to save the file system so that a system reboot does not destroy it. A great way to achieve this is to save the file system to disk. 3. EXTENSIBLE IN PLACE We want to be able to grow the file system in place. 4. SUPPORTS CONCURRENCY We want multiple users to be able to access the file system at the same time. In fact, we want multiple users to be able to access the same file at the same time. With the goals now in mind we can now talk about the major design issues: FAT File System & Design Issues The  FAT File System  has been around for quite some time. Basically it provides a pretty good file structure. But I have two problems with it: 1. FAT IS NOT EXTENSIBLE IN PLAC...
Post a Comment
Read more

Common Sense Identification of the Security Problems

Organizations make key information security mistakes, which leads to inefficient and ineffective control environment. High profile data breaches and cyber-attacks drive the industry to look for more comprehensive protection measures since many organizations feel that their capability to withstand persistent targeted attacks is minimal. But at the same time, these organizations make some key information security mistakes, that jeopardize their efforts towards control robustness. Although many firms invest in security technologies and people, no one has the confidence that the measures taken are good enough to protect their data from compromises. Below are the 10 worst mistakes which are common to find, and important to address in the path of mature information security posture. If you analyze the cyber security scenarios, and organizational capabilities, the prevailing trend is a vendor-driven approach. In many cases, security professionals adopt the attitude of procuring...
Post a Comment
Read more