A taxonomy model for single sign-on oriented towards cloud computing

Abstract

Clouds can be seen as a natural evolution of the Internet, allowing the utilization of computing capabilities maintained by third parties for optimizing resource usage. There are several elements that compose the cloud infrastructure and its services, and all of them must operate harmoniously. In particular, to allow the creation and deployment of services resilient to internal and external threats, the observance of security aspects is essential. This includes the deployment of authentication and authorization mechanisms to control the access to resources allocated on-demand, a strong requirement for any cloud-based solution. With this issue in mind, several providers have recently started using some form of Single Sign-On (SSO) mechanism to simplify the process of handling credentials inside the cloud. In this work, aiming to provide a structured overview of the wide variety of mechanisms that can be employed with this purpose, we propose a classification of SSO systems for cloud services, which can be used as a model for comparing current and future designing instances of such mechanisms. In addition, to validate the usefulness of the proposed taxonomy, we provide a classification of existing cloud-oriented SSO solutions.