Choice of suitable Identity and Access Management standards for mobile computing and communication

© 2017 IEEE. Enterprises have recognised the importance of personal mobile devices for business and official use. Employees and consumers have been freely accessing resources and services from their principal organisation and partners' businesses on their mobile devices, to improve the efficiency and productivity of their businesses. This mobile computing-based business model has one major challenge, that of ascertaining and linking users' identities and access rights across business partners. The parent organisation owns all the confidential information about users but the collaborative organisation has to verify users' identities and access rights to allow access to their services and resources. This challenge involves resolving how to communicate users' identities to collaborative organisations without sending their confidential information. Several generic Identity and Access Management (IAM) standards have been proposed, and three have become established standards: Security Assertion Markup Language (SAML), Open Authentication (OAuth), and OpenID Connect (OIDC). Mobile computing and communication have some specific requirements and limitations; therefore, this paper evaluates these IAM standards to ascertain suitable IAM to protect mobile computing and communication. This evaluation is based on the three types of analyses: Comparative analysis, suitability analysis and security vulnerability analysis of SAML, OAuth and OIDC

IT infrastructure & microservices authentication

Mestrado IPB-ESTGBIOma - Integrated solutions in BIOeconomy for the Mobilization of the Agrifood chain project is structured in 6 PPS (Products, Processes, and Services) out of which, a part of PPS2 is covered in this work. This work resulted in the second deliverable of PPS2 which is defined as PPS2.A1.E2 - IT infrastructure design and graphical interface conceptual design. BIOma project is in the early stage and this deliverable is a design task of the project. For defining the system architecture, requirements, UML diagrams, physical architecture, and logical architecture have been proposed. The system architecture is based on microservices due to its advantages like scalability and maintainability for bigger projects like BIOma where several sensors are used for big data analysis. Special attention has been devoted to the research and study for the authentication and authorization of users and devices in a microservices architecture. The proposed authentication solution is a result of research made for microservices authentication where it was concluded that using a separate microservice for user authentication is the best solution. FIWARE is an open-source initiative defining a universal set of standards for context data management that facilitates the development of Smart solutions for different domains like Smart Cities, Smart Industry, Smart Agrifood, and Smart Energy. FIWARE’s PEP (Policy Enforcement Point) proxy solution has been proposed in this work for the better management of user’s identities, and client-side certificates have been proposed for authentication of IoT (Internet of Things) devices. The communication between microservices is done through AMQP (Advanced Message Queuing Protocol), and between IoT devices and microservices is done through MQTT (Message Queuing Telemetry Transport) protocol