Book Image

Cloud Identity Patterns and Strategies

By : Giuseppe Di Federico, Fabrizio Barcaroli
5 (1)
Book Image

Cloud Identity Patterns and Strategies

5 (1)
By: Giuseppe Di Federico, Fabrizio Barcaroli

Overview of this book

Identity is paramount for every architecture design, making it crucial for enterprise and solutions architects to understand the benefits and pitfalls of implementing identity patterns. However, information on cloud identity patterns is generally scattered across different sources and rarely approached from an architect’s perspective, and this is what Cloud Identity Patterns and Strategies aims to solve, empowering solutions architects to take an active part in implementing identity solutions. Throughout this book, you’ll cover various theoretical topics along with practical examples that follow the implementation of a standard de facto identity provider (IdP) in an enterprise, such as Azure Active Directory. As you progress through the chapters, you’ll explore the different factors that contribute to an enterprise's current status quo around identities and harness modern authentication approaches to meet specific requirements of an enterprise. You’ll also be able to make sense of how modern application designs are impacted by the company’s choices and move on to recognize how a healthy organization tackles identity and critical tasks that the development teams pivot on. By the end of this book, you’ll be able to breeze through creating portable, robust, and reliable applications that can interact with each other.

Related Content you might be interested in

Current Title:

Small book image
Cloud Identity Patterns and Strategies
Giuseppe Di Federico | Fabrizio Barcaroli
Dec, 2022 | 258 pages
Small book image
Azure Active Directory for Secure Application Development
Sjoukje Zaal
May, 2022 | 268 pages
Small book image
Implementing Multifactor Authentication
Marco Fanti
Jun, 2023 | 550 pages
Small book image
Keycloak - Identity and Access Management for Modern Applications
Stian Thorgersen | Pedro Igor Silva
Jul, 2023 | 350 pages
Table of Contents (15 chapters)
Preface
Preface
Who this book is for
What this book covers
Download the color images
Conventions used
Get in touch
Share Your Thoughts
Download a free PDF copy of this book
1
Part 1: Impact of Digital Transformation
Part 1: Impact of Digital Transformation
Free Chapter
2
Walkthrough of Digital Identity in the Enterprise
Walkthrough of Digital Identity in the Enterprise
Digital transformation – the impact on the market
Why an enterprise identity strategy?
The impact of identities on the UX
Digital identities – the duties of an enterprise
The challenges when defining an identity strategy
Single sign-on (SSO)
LDAP and Kerberos
Federation of identities
WS-Federation
Security Assertion Markup Language (SAML)
Summary
3
The Cloud Era and Identity
The Cloud Era and Identity
The cloud era
Identity in the cloud era
The challenges of identity
The cloud identity
A hybrid identity
The future of identity
Summary
4
Part 2: OAuth Implementation and Patterns
Part 2: OAuth Implementation and Patterns
5
OAuth 2.0 and OIDC
OAuth 2.0 and OIDC
OAuth and OIDC basic concepts
How OAuth and OIDC work together
How the protocols are implemented in the real world
Technical background
Summary
6
Authentication Flows
Authentication Flows
The authorization code grant flow
The authorization code grant flow with PKCE
The implicit grant flow
The client credentials grant flow
The ROPC grant flow
The OBO flow
Hybrid flows
Summary
7
Exploring Identity Patterns
Exploring Identity Patterns
Understanding the basic terminology
Web applications
Native applications
SPAs
Summary
8
Part 3: Real-World Scenarios
Part 3: Real-World Scenarios
9
Trends in API Authentication
Trends in API Authentication
The complexity of defining standard guidance
The vertical API approach
API landscape complexity
The application frontend API flow
The application automation API
The multiple IdP dilemma
Defining enterprise standards for identity
The service mesh and identity management
Authentication implications in a service mesh
Common antipatterns
Summary
10
Identity Providers in the Real World
Identity Providers in the Real World
The technical aspects
The non-technical aspects
Azure Active Directory (AAD)
Azure Active Directory Domain Services (AD DS)
Azure Active Directory B2C (AD B2C)
Active Directory Federation Services (AD FS)
Customer Identity from SAP Customer Data Cloud
Okta (Auth0)
Summary
11
Real-World Identity Provider – A Zoom-In on Azure Active Directory
Real-World Identity Provider – A Zoom-In on Azure Active Directory
An overview of AAD
AAD basics
Supported authentication protocols
Registering and configuring applications
Additional features
Summary
12
Exploring Real-World Scenarios
Exploring Real-World Scenarios
The identity features within an enterprise in the real world
The implications of the company’s structure
Frontend authentication challenges in the real world
Backend authentication challenges in the real world
Authentication challenges for microservices integration
Summary
13
Index
Index
Why subscribe?
14
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Share your thoughts
Download a free PDF copy of this book

Digital transformation – the impact on the market

The implication of digital transformation on identity impacted both the enterprise and the consumer market.

But let’s take a step back and start with an overview of the two markets, how they differ, and their relationships with digital identities.

On one hand, we have the consumer market. The term consumer market, in this context, refers to the market that targets internet users. In other words, every time we consume a cloud service from a PC or a mobile (for example, Microsoft OneDrive or Google Drive) or we hit a website, we are in the consumer market. The consumer market includes social networks (for example, Facebook), search engines (for example, Google or Bing), e-commerce web applications (for example, Amazon, Zalando, or eBay), and, in general, everything consumable by a general internet user. In the consumer market, the service targets us, we represent the final user, and, most importantly, we represent the source of revenue. This revenue may come from our money, our data, (which can include both personal information and/or tracking and collecting our behavior on the web), or anything else that can be profitable.

From a very high-level standpoint, the typical objectives that service has on the consumer market are as follows:

  • Increase traffic
  • Encourage the users to access the service as much as possible
  • Get money:
    • From advertising, if the business model of the application is ad-based
    • Increase the transformation rate in e-commerce applications
    • Any other profitable revenue that comes from the product service model

On the other hand, we have the enterprise market, a market where, historically, giants such as Microsoft, VMware, HP, Cisco, Oracle, and IBM competed to sell products to install and consume on top of servers in the customer’s data center. These tech giants targeted the enterprise market by offering products to the IT department of a company. The IT department of an enterprise company, in turn, needed to create services on top of these products to be consumed by the end business. The result is that these tech giants have always been far from the end business; they have always been focused on boosting the internal IT departments of enterprises. This was the enterprise market that we knew until a few years ago.

The advent of the cloud in enterprises took this paradigm a step further. Today, some of these tech giants, such as Microsoft, Oracle, and IBM, have become enterprise cloud providers. They sell Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), or Software-as-a-Service (SaaS) cloud services to serve their enterprise customers that don’t need a private data center anymore. Enterprise customers take advantage of cloud services by fueling external business and at the same time boosting internal employees’ productivity. This has an important implication: offloading the IT complexity and data center management outside the enterprise by delegating it to the cloud providers and letting themselves focus more on their core business rather than on IT tasks and data center management.

Thanks to the enterprise cloud, which provides the capabilities of the past with less complexity and, most importantly, the new capabilities of the next generation, the next wave of the enterprise market is being created. Companies are constantly looking for new ways to improve their business with technology. The cloud market is young, and the efforts by the IT giants to onboard new customers (enterprises) at this stage to guarantee long-term revenue in the upcoming years are a top priority for them.

The portfolio of services that cloud providers provide to enterprises is huge. As anticipated, services span from simple servers (virtual machines) to web servers, to container hosting, storage, backup as a service, and much more. Identity providers are another important service offered to enterprises, and this is the core topic of this book.

In the context of digital identities, if we try to compare the consumer market with the enterprise, we will notice something. In the enterprise market, unlike the consumer market, there is a high level of complexity. The reason for that is that companies are supposed to manage their identity services for their employee. Identity, on the other hand, is consumed in the consumer market and managed by identity providers, such as Facebook or Google, just to provide two examples.

This concept has several implications. To properly use identity services, we need an enterprise-grade identity strategy that can simplify the complexity of this wide and critical topic.

Previous Section
End of Section 2
Next Section