How to Create and Run Web Project (Java) in Eclipse


Open Eclipse – > /*Click on File Menu

New Project in Eclipse
New Project

Java – Download Free EBooks and Whitepapers

Select Web -> Dynamic Web Project

Web Project in Eclipse
Web Project

Provide proper Project Name

New Dynamic Web Project in Eclipse
New Dynamic Web Project in Eclipse

Keep the Source Folder default

New Dynamic Web Project Configuration in Eclipse
New Dynamic Web Project Configuration

Keep the Context Root and Content Directory default

New Dynamic Web Project Configure Web Module Settings in Eclipse
New Dynamic Web Project Configure Web Module Settings

Click on Finish.

Now Verify Project Explorer in Eclipse

New Web Project in Eclipse (Project Explorer)
New Web Project (Project Explorer)

In Java Resource -> src

create servlet

New Servlet in Eclipse
New Servlet

Give Source Folder, Package and Class Name

Create a Servlet in Eclipse
Create a Servlet

Give Deployment Descriptor Specific Information

Specify modifiers, interfaces to implement, and method stubs to generate

Specify modifiers, interfaces to implement, and method stubs to generate
Specify modifiers, interfaces to implement, and method stubs to generate

Click Finish.

HelloWorldExample will contain…
===================================================================
import java.io.IOException;
import java.io.PrintWriter;

import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
* Servlet implementation class HelloWorldExample
*/
@WebServlet(“/HelloWorldExample”)
public class HelloWorldExample extends HttpServlet {
private static final long serialVersionUID = 1L;

/**
* Default constructor.
*/
public HelloWorldExample() {
// TODO Auto-generated constructor stub
}

/**
* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
*/
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
PrintWriter out = response.getWriter();
out.println(“Hello World!!!!!!!!!!!!!!”);
}

/**
* @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
*/
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
}

}
===================================================================

Now you will see:

servlet-api.jar errors in eclipse
servlet-api.jar errors

Please Visit How to Solve Servlet Errors in Eclipse? (clean-clouds.com) to find the solution.

Once all errors are resolved

Servlet errors resolved
Servlet errors resolved

Now lets do entries in Deployment Descriptor, web.xml

======================================================================

xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance” xmlns=”http://java.sun.com/xml/ns/javaee” xmlns:web=”http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd” xsi:schemaLocation=”http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd” metadata-complete=”true” version=”3.0″>
<description>
Servlet and JSP Examples.
</description>
Servlet and JSP Examples
<servlet>
<servlet-name>HelloWorldExample</servlet-name>
<servlet-class>HelloWorldExample</servlet-class>
</servlet>

<servlet-mapping>
<servlet-name>HelloWorldExample</servlet-name>
<url-pattern>/HelloWorldExample</url-pattern>
</servlet-mapping>

</web-app>

======================================================================

Now lets try to run the project from the eclipse; but for that we need to add web server in eclipse. We will add tomcat 7.x in eclipse

Please visit How to add Tomcat 7.x in Eclipse?

Now lets try to run it in eclipse after adding Tomcat Server in Eclipse

Run Dynamic Web Project on Server From Eclipse
Run Dynamic Web Project on Server
Run Dynamic Web Project on Server From Eclipse-Select Resources
Run Dynamic Web Project on Server -Select Resources

Unblock Features in Windows Firewall

Unblock Features in Windows Firewall
Unblock Features in Windows Firewall

Now Tomcat will start

Tomcat Console in Eclipse
Tomcat Console

Verify the Tomcat status from the Server Tab

Tomcat Server Status in Eclipse
Tomcat Server Status

And we can see servlet is successfully executed at

Successful Servlet Execution in Tomcat Server in Eclipse
Successful Servlet Execution in Tomcat Server

You can copy same path and verify in any browser.

http://localhost:8080/JavaWebProject/HelloWorldExample

Successful Servlet Execution in Tomcat Server in Browser
Successful Servlet Execution in Tomcat Server in Browser

Done!!! 🙂

Other Interesting Tomcat related Articles:

Advertisements

How to Solve Servlet Errors in Eclipse?


Servlet Errors in Eclipse

For new users, it’s common to encounter following errors while developing servlet in Eclipse (I am using eclipse-jee-indigo-SR2-win32) or without it:

HttpServlet cannot be resolved to a type
HttpServletRequest cannot be resolved to a type
HttpServletResponse cannot be resolved to a type
ServletException cannot be resolved to a type
The import javax.servlet cannot be resolved
WebServlet cannot be resolved to a type

servlet-api.jar errors in eclipse
servlet-api.jar errors in eclipse

Java – Download Free EBooks and Whitepapers

The problem is “servlet-api.jar” is not on classpath.

How to add servlet-api.jar in classpath from Eclipse?

Right Click on the Web Project and Click on Properties

Dynamic Web Project Properties in Eclipse
Dynamic Web Project Properties in Eclipse

Select Java Build Path

Java Build Path in Eclipse
Java Build Path in Eclipse

Click on the Library Tab

Java Build Path in Eclipse-Libraries
Java Build Path in Eclipse-Libraries

Click on “Add External Jar” -> Locate servlet-api.jar from your local system (It’s available in Tomcat Distribution directory.)

Add External Jar servlet-api.jar from tomcat installation dir
Add External Jar servlet-api.jar from tomcat installation dir
servlet-api.jar external jar added
servlet-api.jar external jar added

Click OK and all errors will be resolved.

Servlet errors resolved
Servlet errors resolved

Done!!!

Other Interesting Tomcat related Articles:

Microsoft Visio 2010 – Free Quick Reference Card


Microsoft Visio 2010 – Free Quick Reference Card

 This Microsoft Visio 2010 Reference provides shortcuts, tips, and tricks for the popular diagramming software. Use this reference to brush up on the basics and to find alternative methods to your favorite commands.

Cloud Computing – Download Free EBooks and Whitepapers
Java – Download Free EBooks and Whitepapers
Windows – Download Free EBooks and Whitepapers
Microsoft Visio 2010 - Free Quick Reference Card
Microsoft Visio 2010 – Free Quick Reference Card

This printable quick reference is yours to use, distribute, and share at your organization!

Along with this free reference card, if you are eligible, you will also receive a 30-day trial of CustomGuide training, including over 7,000 Online Skills Assessments and Interactive Tutorials.

To Download Click Here.

 

Microsoft Access 2010 – Free Quick Reference Card


Microsoft Access 2010 – Free Quick Reference Card

This Microsoft Access 2010 Reference provides shortcuts, tips, and tricks for the popular database management system. Use this reference to brush up on the basics and to find alternative methods to your favorite commands.

Cloud Computing – Download Free EBooks and Whitepapers
Java – Download Free EBooks and Whitepapers
Windows – Download Free EBooks and Whitepapers
Microsoft Access 2010 - Free Quick Reference Card
Microsoft Access 2010 – Free Quick Reference Card

This printable quick reference is yours to use, distribute, and share at your organization!

Along with this free reference card, if you are eligible, you will also receive a 30-day trial of CustomGuide training, including over 7,000 Online Skills Assessments and Interactive Tutorials.

To Download Click Here.

 

Java – How to Decompile Class files from Jar Files


How to Decompile Class files from Jar Files?

Decompiler
According to Wikipedia, A decompiler is the name given to a computer program that performs, as far as possible, the reverse operation to that of a compiler. That is, it translates a file containing information at a relatively low level of abstraction (usually designed to be computer readable rather than human readable) into a form having a higher level of abstraction (usually designed to be human readable). The decompiler does not reconstruct the original source code, and its output is far less intelligible to a human than original source code.

Java – Download Free EBooks and Whitepapers

The term decompiler is most commonly applied to a program which translates executable programs (the output from a compiler) into source code in a (relatively) high level language which, when compiled, will produce an executable whose behavior is the same as the original executable program. By comparison, a disassembler translates an executable program into assembly language (and an assembler could be used to assemble it back into an executable program).
Java De-compiler
The “Java Decompiler project” aims to develop tools in order to decompile and analyze Java 5 “byte code” and the later versions.

JD-Core is a library that reconstructs Java source code from one or more “.class” files. JD-Core may be used to recover lost source code and explore the source of Java runtime libraries. New features of Java 5, such as annotations, generics or type “enum”, are supported. JD-GUI and JD-Eclipse include JD-Core library.

JD-GUI is a standalone graphical utility that displays Java source codes of “.class” files. You can browse the reconstructed source code with the JD-GUI for instant access to methods and fields.

JD-Eclipse is a plug-in for the Eclipse platform. It allows you to display all the Java sources during your debugging process, even if you do not have them all.

Features

  • JD-Core and JD-GUI are written in C++. This allows an extremely fast decompilation and a display.
  • JD-Core does not require the Java runtime environment for its functioning, therefore no special setup is required.
  • JD-Core works with most current compilers including the following:
    • jdk1.1.8
    • jdk1.3.1
    • jdk1.4.2
    • jdk1.5.0
    • jdk1.6.0
    • jdk1.7.0
    • jikes-1.22
    • harmony-jdk-r533500
    • Eclipse Java Compiler v_677_R32x, 3.2.1 release
    • jrockit90_150_06
  • JD-Core supports the following new features of Java 5:
    • Annotations
    • Generics
    • Type “enum”
  • JD-GUI supports Drag and Drop.
  • JD-GUI supports JAR files.
  • JD-GUI displays color coded Java source code.
  • JD-GUI allows you to browse the “class” files hierarchy.
  • JD-GUI displays “log” files, and allow you to decompile “class” files appearing in Java stack traces.
  • JD-Core, JD-GUI and JD-Eclipse use the excellent cross-platform wxWidgets toolkit.

Download

Download from http://java.decompiler.free.fr/?q=jdgui

Download Java Decompiler
Download Java Decompiler

Extract jd-gui-0.3.3.windows.zip file -> Click on jd-gui Application

Slect Jar file to Decompile in JD-GUI
Slect Jar file to Decompile in JD-GUI
Decompiled Java Class from Jar File
Decompiled Java Class from Jar File

References

http://java.decompiler.free.fr/
http://en.wikipedia.org/wiki/Decompiler

How to Import Existing Java Project in Eclipse


Import Existing Java Project -> Open Eclipse -> Click on File Menu -> New -> Java Project
Java Project
Java Project

Java – Download Free EBooks and Whitepapers

Give Java Project Name

New Java Project
New Java Project
New Java Project Settings
New Java Project Settings

Click on Finish; New Java Project will be available in Project Explorer -> Right Click on it…

Import Existing Project
Import Existing Project
Select General -> File System
Select General -> File System

a

Select Existing Project from File System
Select Existing Project from File System
Overwrite Dialog Box
Overwrite Dialog Box

See the Red Cross Mark in added Project due to Jar files

Java Source File Errors
Java Source File Errors

Right Click on the Imported Project

configure build path in eclipse
configure build path in eclipse

Click on Add Jars;

Add Jars in Eclipse
Add Jars in Eclipse

If Jars are not available in the Same Project which is imported then click on Add External Jar in above dialog box, Select Jars from the directory available on your system.

Jar Selcetion
Jar Selcetion

Click on Ok.

Notice, Red Marks are Gone..

Source Files Errors Removed After adding Jars in Classpath
Source Files Errors Removed After adding Jars in Classpath

FEDERATED IDENTITY MANAGEMENT IN CLOUD COMPUTING


1. Introduction

FEDERATED IDENTITY MANAGEMENT – “Identity” consists of a “set” of information based on context, allied with a definite entity (End User or System). Identity Management should include: Identity Provisioning, De-Provisioning, Identity Information Security, Identity Linking, Identity Mapping, Identity Federation, Identity Attributes Federation, Single Sign On, Authentication and Authorization.

Cloud Computing – Download Free EBooks and Whitepapers

For organizations, unauthorized access to information resources is a foremost concern. Authentication, Authorization and Auditing are the 3 popular “A”s in the context of growing demand of regulatory and compliance requirements.

Authentication (Who are you?): Authentication, solid form of identification; it is the process of validating the identity of an end user or system.

Authorization (What privileges do you have?): Privileges, the end user or system is permitted to after identity establishment. In other words, authorization is the process of implementing and enforcing policies.

Auditing (How the other “A”s are doing?): Auditing is performed to verify efficiency and compliance of IAM controls as per established access policies. It is used to detect security breaches and to specify corrective measures.

With the adoption of cloud services, the organization’s trust boundary has become dynamic. It has moved beyond the control of IT. Identity & Access Management is a critical requirement considering data sensitivity and privacy of information have become increasingly an area of concern in cloud.

Here comes Federated Identity Management as an aid. It allows identity credentials and their associated data to stay on premise or at trusted place while connecting organizations together by distributing copies of selected identity information or claims and allows proficient management, governance and movement in a Cloud world.

In information technology, federated identity has two general meanings:

1.      Assembled identity, of a person’s user information, stored across various identity management systems.

2.      A user’s authentication process across multiple IT systems or even organizations.

In our case, users of different cloud service providers can use a federated identification for identity establishment in cloud computing. Let’s consider Identity Management across “On Premise” and “On Cloud”.

2. On Premise Identity Management

 

In an archetypal organization, applications are deployed inside the organization’s outskirts and “trust boundary” is more often than not static and is monitored and controlled by the organization itself.

Standardized Access control policies and robust identity management tools help in secure and efficient connectivity for Employees, Partners or customers in day to day activities like:

·         To access Employee HR Portal

·         To access Intranet Portal from off-premise

·         To access knowledge management resources or to contribute in KM.

·         E-Transactions

The conventional approach to solve this problem has been Single Sign on (SSO), the centralization of access control information into one server. Use of LDAP, Kerberos and Active Directory is very popular.

2.1. Kerberos

Figure 1. Kerberos

Kerberos is a computer network authentication protocol, which allows nodes communicating over a non-secure network to prove their identity to one another in a secure manner [1].

1) The client authenticates itself to the Authentication Server and receives a ticket (All tickets are time-stamped).

2) It then contacts the Ticket Granting Server, and using the ticket it demonstrates its identity and asks for a service.

3) If the client is eligible for the service, then the Ticket Granting Server sends another ticket to the client.

4) The client then contacts the Service Server, and using this ticket it proves that it has been approved to receive the service.

Limitations of Kerberos Protocol:

·         Single point of failure: When the Kerberos server is down, none can log in.

·         Strict time requirements: The clocks of the involved hosts must be synchronized within configured limits. The tickets have a time availability period and if the host clock is not synchronized with the Kerberos server clock, the authentication will fail.

·         The administration protocol is not standardized and differs between server implementations.

·         Compromise of authentication infrastructure will allow an attacker to pose as any user.

2.2. Active Directory:

Figure 2. Active Directory

Active Directory uses a number of standardized protocols to provide a variety of network services, including:

·         Lightweight Directory Access Protocol LDAP, the industry standard directory access protocol, compatible with many management and query applications. Active Directory supports LDAPv3 and LDAPv2.

·         Optional Kerberos-based authentication

·         DNS-based naming and other network information

Features:

·         Central location for network administration and security

·         Information security and single sign-on for user access to networked resources

·         The ability to scale up or down easily

·         Standardizing access to application data

·         Synchronization of directory updates across servers

The Kerberos security protocol (and therefore the AD domains and forests built on it) was designed to work in a fairly secure environment, such as a corporate intranet. Within organization, directory services such as Microsoft’s Active Directory or products using the Lightweight Directory Access Protocol have allowed companies to recognize their users through a single identity.

 

“But” What if,

·         Users and Resources are in two Different Organizations: Traditional SSO is impractical for extranets or Web services because partners may not agree on a single SSO vendor, and it is not possible / feasible to have a unified database.

·         For Cloud based application: In Cloud Computing, For example, when an organization uses hosted, software as a service (SaaS) CRM solution e.g., salesforce.com or Application developed on force.com or Application deployed on Amazon EC2(Public Cloud), users are employees who access the application have enterprise identities. With external service providers, access is often managed by a separate account, which is not often associated with their organization’s identity management system and thereby represents a considerable security dilemma.

What about providing adequate security for these identities?

3. “On Cloud” Federated Identity Management

With federated identity, identity information can be ported across diverse security domains using “claims” and “assertion” from a digitally signed identity provider. Claims-based authentication (Multi-factor) is the foundation of federated identity. It is about presenting an application with the potentially “wide” range of identity information it needs, from an identity provider it trusts, regardless of whether the application is inside or outside the enterprise (Cloud in our case)[2].

With Cloud adoption, the organization’s trust boundary will become dynamic and will move beyond the control of an organization. The network, system, and application boundary of an organization will extend into the Cloud Service Provider domain. Loss of control will continue to challenge the established trusted governance and control model.

That is where we require Federated Identity, it allows companies to keep their own directories and securely exchange information from them.

Identity federation conquers the concern of “securely” managing identities, enabling the organization to share employee identity information with the Cloud Service Provider (CSP) or any other resource over the Internet. This allows the organization to boost their control over “who” has access to “what” information and resources, regardless of where those resources reside (e.g., on salesforce.com’s servers, AWS). Federated identity management improves security by controlling access on an operation base and providing a detailed audit trail.

Federated identity management enables:

·         Easier access to consume cloud resources

·         Superior end-user experience through SSO and just-in-time account provisioning

·         Reduced cost and time to incorporate authentication and authorization

·         Elimination of non-scalable proprietary SSO applications

Federation enables the communication of systems and applications separated by an organization’s trust boundary, e.g., a sales person interacting with Salesforce.com from a corporate network. Federated Identity Management leverages lessons from the U.S. federal system and application integration. Local applications or organizations maintain their own repositories which respond to queries from both local and remote applications with security assertions containing user attributes and roles. When encountering external users, the local applications query other federated repositories to authenticate and authorize these non-local users [3].

Identity Federation can be accomplished any number of ways with the use of formal internet standards such as SAML, Information Cards, and OpenID etc [4]. Identity Federation has following solution areas:

1.      Single Sign On

2.      Application based Web Services Security

3.      Identity Lifecycle

Some of the cloud use cases that require IAM support from the CSP include:

·         Employees of an organization accessing a SaaS service using identity federation (e.g., sales and support staff members accessing Salesforce.)

·         To access the CSP management console to provision resources and access for users using a corporate identity

·         Developers creating accounts for partner users in a RightScale

·         End users accessing storage service in the within and outside a domain using access policy management features

·         An application residing in a cloud service provider (e.g., Amazon EC2) accessing storage (e.g., Amazon S3) from cloud service.

4. Face-Off

Kerberos / Active Directory

Claim based Authentication

In AD, every authenticated user has one or more Kerberos tickets that contain identity information.

A basic construct of claims-based authentication is the token, formatted in Security Assertion Markup Language (SAML). SAML token is similar to a Kerberos ticket.

A Kerberos ticket contains a payload, called the access token that asserts what security groups the user is a member of. The resource (e.g., a file server) trusts this assertion because the ticket is cryptographically confirmed to be from a valid identity source

The payload of this assertion contains a potentially broader set of identity information, called “claims”, than a Kerberos ticket holds. A claim can be anything you define it to be: name, email, phone number, age, privilege level, meal preference, etc.

In AD, a Kerberos ticket has time restrictions regarding when it can be used. This prevents replay attacks, in which packets are captured then played back to a server at a later time in an attempt to compromise it.

An SAML assertion conditions can restrict when the assertion is valid, who can use the assertion, how many times it can be used, and whether the assertion can be delegated.

AD Kerberos ticket is encrypted with either the ticket-granting server key (for a ticket-granting ticket—TGT) or the user key (for a session ticket).

An SAML assertion is signed and can have various degrees of encryption from the identity provider that created it, from individual components to the entire assertion.

The scope of an AD Kerberos ticket is essentially within the enterprise.

SAML token has no restrictions of this kind at all. This means that a claims-aware application can authenticate users equally comfortably inside or outside the corporate firewall.

5. How Federated Identity Works?

Private Cloud Scenario

User inside the enterprise attempts to access a claims-aware application that’s deployed in Private Cloud. This situation is common nowadays as more applications are becoming claims aware and the private cloud is becoming popular in large organizations.

Figure 3. Identity in Private Cloud [3]

All you need to implement this scenario is a federation service, such as

1.      Active Directory Federation Services (ADFS) 2.0, IBM Tivoli Federated Identity Manager, or Ping Identity’s PingFederate

2.      Claims-aware Application

1.The application needs identity information for the user.

2. The application triggers or initiates either a web service call or an HTTP redirect through the browser to ask for a token from an STS.

3. The STS responds to the request, returning the token to the application.

 

Public Cloud Scenario (SaaS)

Accessing a SaaS provider, in which an enterprise uses a service such as Salesforce or a hosted email provider without maintaining separate passwords at every provider.

Public Cloud Scenario (IaaS)

In Public Cloud users in the identity provider’s enterprise need to seamlessly access application deployed in the Public Cloud.

Figure 4. Federated Identity in Public Cloud

The single largest difference between this scenario and the previous one is that the Cloud Service Provider may have its own STS, and the application service trusts it alone. The federated trust agreements that the Cloud Service Provider establishes with its customers are supported by the STS, rather than the application service. This Cloud Service Provider configuration is more scalable than one without an STS because the resource load of potentially thousands of trusts is focused on the STS instead of the application service and won’t affect the application service’s resources. It’s also more secure, because the application service doesn’t trust any external claims—only the claims generated by its own STS in Public Cloud [3].

 6. IDaaS

 Federated identity management makes feasible the vision of “identity as a service (IDaaS)” where authentication and authorization functions are available to any application.

Figure 5. IDaaS

 The identity store in the cloud is kept in sync with the corporate directory through a provider-proprietary scheme. Organization can work with the CSP to delegate authentication to the cloud identity service provider.

Pros

·         Abstraction from complexity of integrating with various CSPs supporting different federation standards.

·         Salesforce.com and Google support delegated authentication using SAML. If they support two different versions of SAML then Identity Broker that support both SAML standards (multiprotocol federation gateways) can hide this integration complexity from organizations adopting cloud services.      

Cons

·         Dependency on 3rd party for an identity management service

·         Less visibility and Control into the service, implementation and architecture details.

o   Availability and Authentication performance of cloud applications hinges on the identity management service provider

7. Standards

 Identity Federation can be accomplished any number of ways with the use of formal internet standards as discussed below [5]:

Figure 6. Standards

7.1. SAML

·         Most mature, detailed, and widely adopted specifications family for browser-based federated sign-on for cloud users

·         Enables delegation (SSO)

·         Multifactor authentication

·         Support strong authentication and web SSO, avoid duplication of identity, and share only selected attributes to protect user privacy

·         Platform neutrality. SAML abstracts the security framework away from platform architectures and particular vendor implementations.

·         Business-to-business and employee-facing use cases

·         Shibboleth

o   Led by Internet2 to provide peer-to-peer collaboration using a federated identity infrastructure based on SAML.

o   Huge adoption rate in university and research communities

·         Liberty Alliance

o   An organization of vendors and enterprises that is largely perceived as having formed in response to Microsoft’s Passport efforts.

o   Identity federation framework (ID-FF) and identity Web services framework (ID-WSF). Their ID-FF work, which originally resulted in two versions of the ID-FF specification, has now been incorporated into SAML 2.0.

o   Provides testing services for SAML 2.0 as well as their own protocols.

7.2. SPML

·         Emerging

·         Xml-based framework being developed by oasis for exchanging user, resource, and service provisioning information among cooperating organizations.

7.3. XACML

·         XACML is an oasis-ratified, general-purpose, xml-based access control language for policy management and access decisions.

·         Xml schema for a general policy language, processing environment model to manage the policies and to conclude the access decisions.

·         A standard way to express authorization policies across a diverse set of cloud services and externalize  authorization and enforcement from the application

7.4. OAUTH

·         OAUTH is an emerging authentication standard that allows consumers to share their private resources (e.g., photos, videos, contact lists, bank accounts) stored on one csp with another csp without having to disclose the authentication information

·         Supported via an API by service providers including GOOGLE, TWITTER, FACEBOOK, and PLAXO

7.5. OPENID

·         OPENID is an open, decentralized standard for user authentication and access control, allowing users to log on to many services with the same digital identity—i.e., a single sign-on user experience with services supporting OPENID.

·         Not adopted due to trust issues

7.6. WS-*

·         Driven by a collaborative effort between Microsoft, IBM, VeriSign, RSA Security, Ping Identity and others.

·         Composable suite of specifications for enabling secure Web services.

·         WS-Trust, WS-Federation, and WS-Policy is an evolving set of mechanisms for layering authentication, authorization and policy across both single and multiple security domains.

 

8. Conclusions

 

This paper reviewed the concept of Federated Identity Management in the particular context of Cloud Computing. The paper has re-examined most important approaches to traditional IdM systems.  The paper has also discussed the specific case of Identity management in various Cloud Deployment scenarios like public and private cloud.

As final remarks, we can notice that despite the diversity in implementation of Federated Identity, IDaaS will become the most important service in near future which abstracts away all diverse details of Identity management in Cloud Scenario.

 References

 

[1]           Kerberos (protocol), Wikipedia http://en.wikipedia.org/wiki/Kerberos_%28protocol%29

[2]           Federated Identity, Wikipedia http://en.wikipedia.org/wiki/Federated_identity

[3]           Sean Deuby, Ease Cloud Security Concerns with Federated Identity, http://www.windowsitpro.com/article/active-directory/Answer-Cloud-Security-Concerns-Federated-Identity-.aspx

[4]           David F. Carr, What’s Federated Identity Management? http://www.eweek.com/c/a/Channel/Whats-Federated-Identity-Management/

[5]           Cloud Security and Privacy, An Enterprise perspective on Risk and Compliance, O’REILLY