Amazon Web Services (AWS) has launched a web identity service with support for Google, Facebook and its own AWS Identity and Access Management (IAM). The service allows developers to grant temporary authorization to people using these three services and simplifies development as all the identity management is done by AWS.
All the server-side code is managed without long-term credentials for the app. The service introduces a new AWS Security Token Service (STS) API that allows for temporary security credentials for customers who have been authenticated by Amazon.com, Facebook, or Google. According to the AWS blog, the “app can then use the temporary security credentials to access AWS resources such as Amazon Simple Storage Service (S3) objects, DynamoDB tables, or Amazon Simple Queue Service queues.”
This means that an app developer can more easily integrate identity features into an app. AWS uses the example of allowing end users to upload an image file as their personal avatar. In this case, a developer would store the images as objects into an Amazon S3 storage bucket. To enable this, the developer integrates a role that has two parts.
The first is a trust service that “specifies a trusted entity (principal)—that is, who can assume the role. In this case, the trusted entity is any authenticated Amazon.com user.” The second access policy provides permissions that specify what the user can do.
AWS is putting an emphasis on its own identity service which it launched at its re:Invent conference late last year. It allows for identity federation between the customer’s corporate directory and AWS services.
But Google and Facebook are the real identity kings. People use these services far more than an Amazon.com retail account. But where are Twitter and LinkedIn? No explanation is given but we can expect that more services will be added.
Identity is becoming increasingly critical. What’s increasingly apparent is the need for third-party identity providers such as Ping Identity and services such as Forever, a new personal cloud service that gives users control over their own personal data. Forever is provided by Kynetx, Phil Windley’s company that offers context-aware applications that can run on browsers, mobile phones, and desktops.
Other third-party services such as JanRain have prospered by serving as identity brokers. Enterprise app providers such as Symplified and Okta are SaaS providers that also offer identity services. Salesforce.com has also entered the identity marketplace.