Cloud Identity and Security - Document List
IDaaS Best Practices
This is our principle reference document, maintained and accessible via a Google Doc.
Thanks to Nuccio for creating this first resource.
- E-Health Summit, Toronto - Presentation to Canadian EHealth CIOs on 'Personal Clouds', including the role of Kantara UMA.
- Canada Cloud Roadmap - Inclusion of IDaaS into industry non-profit forum for developing Canadian Cloud providers.
Our plans to update this document include:
- Case study of New Zealand's 'Real Me' Identity service - the overview is here below:
The NZL Govt operates its public-facing online service RealMe® (https://realme.govt.nz) to provide web based online Identity functions for citizens, and comprises two main functions:
- the RealMe login service providing pseudonymous authentication - with around 20% penetration of the population and used daily by more and more users
- the RealMe assertion service providing verification of identity and address details.
The identity credential leverages existing Government held identity information registers to establish a 'verified RealMe account'.
Forgerock's OpenAM (http://forgerock.com/products/open-identity-stack/openam/) is the IdP app that is used in the centralized login service. This then integrates all the other departmental service providers (Relying Parties) and Identity attribute providers.
A number of 'broker' services from New Zealand vendors are being independently developed to allow SMEs a lightweight integration path to take advantage of the login/authentication functionality of RealMe. his avoids duplicating login functionality for their own services and restricts the 'necklace of credentials' burden for users. Full blown integration for larger private sector organisations is underway with an initial implementation of a bank whose new customers are the first in New Zealand to be able to open an account using their verified RealMe account on a smartphone.
With 15+ public sector agencies and almost 50 services integrated in the role of Relying Parties and Identity Attribute Providers, there's a range of RP/SP applications in use - Ping Federate, OpenSSO, Denmark's OIO SAML.net, Simple PHP, Tivoli, and a small number of Java and Pearl opensource