부산대학교 도서관

With the increasing acceptance of multiple authentication mechanisms, federated infrastructures need to provide means of keeping consistency between multiple user identities. Although the current authentication and authorization infrastructures are designed to support multiple ways of authentication (SAML, OpenID Connect, X.509), they are missing unified protocols and interfaces to harmonize multiple user identities. This article introduces the concept of identity harmonization for federated cloud services. Our approach is based on the standardized System for Cross-domain Identity Management (SCIM) protocol. We add the support for account linking and per-service verification. Furthermore, the concept is put into context of currently existing federated infrastructures and is exemplified within a federated e-infrastructure currently developed in the course of the INDIGO-Datacloud project. The concept is evaluated in the INDIGO testbed in terms of deployability, scalability, provisioning and deprovisioning of user accounts, as well as maintenance and integration effort.