Open identity management framework for SaaS ecosystem

Abstract

As Software-as-a-Service (SaaS) becomes more and more popular, the identity management and federation among SaaS applications also become an important factor impacting the growth of SaaS ecosystem. Typically, there are three major functions to be enabled in identity federation: 1) Single Sign-On across different services. 2) Account provisioning to different services. 3) Secure backend service call between services. Current SaaS delivery platforms provide these functions in an ad-hoc way, which might limit the growth of SaaS ecosystem. To overcome the limitations, this paper proposes an open identity framework, which leverages open identity protocol such as OpenID and OAuth. Moreover, an OAuth broker is proposed to mediate backend service calls among SaaS applications. The framework can bring benefits to all the roles involved in the ecosystem in a non-intrusive and user-centric way. Open is a good design principle, and it is also the attitude and sprit of collaboration. We think that a SaaS ecosystem based on open technologies could make the composition of services easier and accelerate the on-boarding of service providers. Moreover, more customers might also be attracted by the openness of the ecosystem. © 2009 IEEE.