Identity and access control and management system and method in cloud environment

Abstract

The invention discloses an identity and access control and management system and method in a cloud environment. The system comprises an identity and access control and management system (IAM), a user terminal and an application server. For different application services, integrated identity authentication and unified user management follow an identity authentication and access control separation principle, and user identity and access control management is realized. On the respect of user identity information management, from generation to cancellation of the user identity, a registration service provides self-help service for the user; on the respect of user authentication, a double-factor authentication technology is used for realizing the bidirectional authentication of the user and an authentication server and issuing an authentication bill to realize one-time authentication and multi-time use; and on the respect of access control and management, the access authority of the user is managed based on a role access control strategy of a user group, and the server is authorized to issue an authorized bill to the user. By adopting the identity and access control and management system and method disclosed by the invention, the user is convenient to manage the identity information, multi-time authentication is avoided, the authentication security is enhanced, and the illegal access of unauthorized users is prevented.

Description

technical field [0001] The invention belongs to the field of information security of cloud computing, and relates to an identity and access control management system and method in a cloud environment. Background technique [0002] Cloud computing is a business model that distributes computing tasks on a resource pool composed of a large number of computers, enabling users to obtain computing power, storage space and information services on demand. Cloud computing can be roughly divided into three types of services according to service types, namely, IaaS uses infrastructure as a service, PaaS uses platform as a service, and SaaS uses software as a service. IaaS encapsulates basic resources such as hardware devices into services for users to use, such as the elastic computing cloud EC2 and simple S3 of Amazon cloud computing AWS (Amazon Web Services). The abstraction level of resources in PaaS goes one step further. He provides the user application environment, typically suc...

AI Technical Summary

Problems solved by technology

[0008] 4) Single sign-on: The single sign-on solution can complete the application of users logging in to different security domains, and the current standards are not uniform

[0014] 1) It is difficult to change permissions. When a user changes or leaves the job, it is necessary to carefully modify the access permissions in all the application systems where he is located, which is cumbersome

[0015] 2) Different application systems use the same account, which is difficult to integrate and the product functions are not perfect, such as lack of support for single sign-on

[0016] 3) When the application system exchanges user credentials and synchronizes user passwords with external application systems, it may face security risks such as weak security tokens, invalid authentication or access control functions, etc.

Images