Amazon Web Services (AWS) has announced initial support for the SAML (Security Assertion Markup Language) 2.0 open identity federation standard. This will enable federated single sign-on (SSO) “empowering users to sign into the AWS Management Console or make programmatic calls to AWS APIs, by using assertions from a SAML-compliant identity provider (IdP).” http://aws.typepad.com/aws/2013/11/aws-identity-and-access-management-using-saml.html
This is good news for the many companies with an investment in the SAML standard, and a big step towards bridging the gap between enterprise use of identity standards and support for identity standards in infrastructure-as-a- service (IaaS) and platform-as-a-service (PaaS). It still leaves unaddressed identity standard support for user authentication to applications hosted within AWS. It would be great if AWS would provide security token service (STS) support to make it easier for new applications built on AWS to accept user identities based on federation standards. Lots of new cloud applications are being built on AWS. If more of them were built using identity standards, the world would be a safer and more convenient place.
Hopefully this is the first of many related announcements that will someday also include JIT provisioning to help on board engineers; and support for OAuth 2.0, OpenID Connect and SCIM standards.
The Gartner Blog Network provides an opportunity for Gartner analysts to test ideas and move research forward. Because the content posted by Gartner analysts on this site does not undergo our standard editorial review, all comments or opinions expressed hereunder are those of the individual contributors and do not represent the views of Gartner, Inc. or its management.