Scalable Identity and Access Management Frameworks for Hybrid and Multi-Cloud Platforms
DOI:
https://doi.org/10.22399/ijcesen.5144Keywords:
Identity and Access Management, Hybrid Cloud, Multi-Cloud Security, Zero Trust Architecture, Access Control ModelsAbstract
The development of hybrid and multi-cloud computing has a high rate of adoption and has had a paradigm shift on the IT infrastructure of the enterprise, making it scaled, flexible, and resilient. Nonetheless, this change has come with critical issues of controlling identities and access in the heterogeneous and distributed settings. Identity and Access Management (IAM) is a very vital element in the process of securing the cloud resources because the systems are only accessed by authorized parties with certain condition. Most of the traditional IAM models that were created with centralized backgrounds are not sufficient in cutting across the complexities of the multi domain cloud ecosystems. This paper will give an overview of scalable IAM frameworks on hybrid and multi-cloud systems. It discusses the development of the IAM architectures, such as centralized, federated, and decentralized models, and the suitability of those in the distributed cloud environment. The paper also examines access control models like Role-Based Access Control (RBAC),Attribute-Based Access Control (ABAC) and policy-based models with emphasis on their advantages and shortcomings in the provision of fine-grained and scalable authorization. Also, the paper addresses how Zero Trust Architecture (ZTA) and cloud-native IAM practices can be integrated, focusing on the continuity of authentication, least privilege access, and workload identity policy. The main issues like the interoperability, identity sprawl, policy inconsistency, and performance overhead are deeply examined. There are also investigations of emerging trends, such as identity decentralization and IAM based on AI. The results show that there is no one IAM model which can meet the needs of hybrid and multi-cloud environment. Rather, it is a mix of federated approaches, policy-oriented approaches, and approaches based on Zero Trust, which is needed to ensure scalability and security. The review gives us an idea of the current studies, and future expectations of coming up with an unified and adaptive IAM frameworks.
References
[1] P. Mell and T. Grance, “The NIST definition of cloud computing,” NIST Special Publication 800-145, National Institute of Standards and Technology, 2011.
[2] A. Celesti, F. Tusa, M. Villari, and A. Puliafito, “How to enhance cloud architectures to enable cross-federation,” IEEE International Conference on Cloud Computing, 2010, pp. 337–345.
[3] D. Hardt, “The OAuth 2.0 Authorization Framework,” IETF RFC 6749, 2012.
[4] S. Rose, O. Borchert, S. Mitchell, and S. Connelly, “Zero Trust Architecture,” NIST Special Publication 800-207, 2020.
[5] E. Bertino and N. Islam, “Botnets and internet of things security,” Computer, vol. 50, no. 2, pp. 76–79, 2017.
[6] R. Sandhu, E. Coyne, H. Feinstein, and C. Youman, “Role-based access control models,” IEEE Computer, vol. 29, no. 2, pp. 38–47, 1996.
[7] R. Buyya, C. S. Yeo, S. Venugopal, J. Broberg, and I. Brandic, “Cloud computing and emerging IT platforms: Vision, hype, and reality for delivering computing as the 5th utility,” Future Generation Computer Systems, vol. 25, no. 6, pp. 599–616, 2009.
[8] S. Cantor et al., “Assertions and protocols for the OASIS Security Assertion Markup Language (SAML) V2.0,” OASIS Standard, 2005.
[9] V. C. Hu, D. Ferraiolo, and D. Kuhn, “Assessment of access control systems,” NIST Interagency Report 7316, 2006.
[10] J. M. Bishop, “Computer Security: Art and Science,” Addison-Wesley, 2003.
[11] D. Chadwick, G. Inman, K. W. Chappell, and S. M. Otenko, “Federated identity management,” Computer, vol. 42, no. 5, pp. 120–122, 2009.
[12] S. Pearson and A. Benameur, “Privacy, security and trust issues arising from cloud computing,” 2010 IEEE Second International Conference on Cloud Computing Technology and Science, pp. 693–702, 2010.
[13] M. Jones, J. Bradley, and N. Sakimura, “JSON Web Token (JWT),” IETF RFC 7519, 2015.
[14] C. Allen, “The path to self-sovereign identity,” Life With Alacrity Blog, 2016.
[15] K. Hightower, B. Burns, and J. Beda, Kubernetes: Up and Running, O’Reilly Media, 2017.
[16] D. F. Ferraiolo, D. R. Kuhn, and R. Chandramouli, Role-Based Access Control, Artech House, 2003.
[17] OASIS, “eXtensible Access Control Markup Language (XACML) Version 3.0,” OASIS Standard, 2013.
[18] V. Goyal, O. Pandey, A. Sahai, and B. Waters, “Attribute-based encryption for fine-grained access control of encrypted data,” Proceedings of the 13th ACM Conference on Computer and Communications Security, 2006, pp. 89–98.
[19] J. Kindervag, “Build security into your network’s DNA: The Zero Trust Network Architecture,” Forrester Research, 2010.
[20] R. Gilman and J. Barth, “Zero Trust Networks,” O’Reilly Media, 2017.
[21] E. Bertino, “Data security and privacy in the IoT,” Proceedings of the 19th International Conference on Extending Database Technology (EDBT), 2016, pp. 1–2.
[22] Gartner, “Is the cloud secure? Misconfigurations are the biggest risk,” Gartner Research, 2019.
[23] R. Roman, J. Zhou, and J. Lopez, “On the features and challenges of security and privacy in distributed internet of things,” Computer Networks, vol. 57, no. 10, pp. 2266–2279, 2013.
[24] T. Moses, “eXtensible Access Control Markup Language (XACML) Version 2.0,” OASIS Standard, 2005.
[25] S. Z. Raza, L. Wallgren, and T. Voigt, “SVELTE: Real-time intrusion detection in the Internet of Things,” Ad Hoc Networks, vol. 11, no. 8, pp. 2661–2674, 2013.
[26] N. Li, B. N. Grosof, and J. Feigenbaum, “Delegation logic: A logic-based approach to distributed authorization,” ACM Transactions on Information and System Security, vol. 6, no. 1, pp. 128–171, 2003.
[27] A. Cavoukian, “Privacy by design: The 7 foundational principles,” Information and Privacy Commissioner of Ontario, 2009.
[28] P. R. P. J. Bonatti and D. Olmedilla, “Rule-based policy representation and reasoning for the semantic web,” Lecture Notes in Computer Science, vol. 3761, pp. 240–268, 2005.
[29] D. Reed, J. Sporny, D. Longley, C. Allen, R. Grant, and M. Sabadello, “Decentralized identifiers (DIDs) v1.0,” W3C Working Draft, 2020.
[30] I. Goodfellow, Y. Bengio, and A. Courville, Deep Learning, MIT Press, 2016.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 International Journal of Computational and Experimental Science and Engineering
This work is licensed under a Creative Commons Attribution 4.0 International License.
