Third Party Identity Providers

Third Party Identity Providers

Third-party digital identity providers offer Internet users the ability to consolidate the number of digital identities that they use to access Web sites. Web sites, particularly consumer-oriented sites, use the identity provided by the user to authorize them against the service to which the user logs on.

For example, if a retail Web site uses Facebook accounts, when the user registers on the retailer’s Web site, the application will ask the user for the user’s Facebook account credentials. It then connects to the Facebook servers to authenticate the user and perform authorization themselves. Enterprises can use third-party identity providers with a claims-based identity system by establishing a trust relationship between the identity provider and the service or application hosted in the Public Cloud or on their Private Cloud.

Though this model can work well for consumer Web sites (ecommerce) and small organizations, most enterprises already have an account repository in place and creating a second repository is not only redundant, but inefficient. Each digital identity provider represents a separate security domain and if you were to choose this course, it would require implementing access control across not only the internal network. However, external identity providers also represent separate security domains, and the same considerations will need to be applied when implementing access control to services intended for these identities to access.

Bill Malone investigated third-party identity providers but dismissed this option for the following reasons:

    1) Contoso already has an Active Directory user store and creating a set of users on a third-party system is redundant.

    2) Contoso wants to retain complete control over user account data.

    3) A third-party identity provider does not build on the current Contoso identity infrastructure and would make identity management as a whole more difficult

This document is part of a collection of documents that comprise the Reference Architecture for Private Cloud document set. The Reference Architecture for Private Cloud documentation is a community collaboration project. Please feel free to edit this document to improve its quality. If you would like to be recognized for your work on improving this article, please include your name and any contact information you wish to share at the bottom of this page.


If you edit this page and would like acknowledgement of your participation in the v1 version of this document set, please include your name below:
[Enter your name here and include any contact information you would like to share]

Return to Previous Page

Return to Cloud Computing Security Architecture

Return to Reference Architecture for Private Cloud


Leave a Comment
  • Please add 4 and 8 and type the answer here:
  • Post
Wiki - Revision Comment List(Revision Comment)
Sort by: Published Date | Most Recent | Most Useful
Page 1 of 1 (4 items)
Wikis - Comment List
Sort by: Published Date | Most Recent | Most Useful
Posting comments is temporarily disabled until 10:00am PST on Saturday, December 14th. Thank you for your patience.
Page 1 of 1 (4 items)