Home > Design Patterns > Cloud Authentication Gateway

Cloud Authentication Gateway (Cope, Erl, Ahmed)

How can cloud-based IT resources be made accessible to cloud service consumers with diverse protocol requirements?

Cloud Authentication Gateway

Problem

Cloud consumers are compelled to support multiple authentication, communication and session protocols when cloud service providers deliver components, applications, and service compositions with diverse protocol requirements.

Solution

An authentication service is implemented, allowing standard authentication, communication, and session establishment from a cloud consumer to the authentication service. The authentication service then authenticates to the cloud resource on behalf of the cloud consumer using the diverse protocols required by the cloud provider.

Application

An authentication gateway service (AGS) is established as a reverse proxy front end between the cloud consumer and the cloud resource, which intercepts and terminates the consumer’s encrypted network connection, authenticates the cloud consumer, authenticates itself and the consumer to the cloud provider, and then proxies all communication between the two. All three parties are authenticated in some combination of transport level or application level communication.
Cloud Authentication Gateway: A consumer only needs to support a single set of standard protocols using the AGS.

A consumer only needs to support a single set of standard protocols using the AGS.

Cloud Authentication Gateway: The AGS as a reverse proxy brokering among multiple authentication, communication, and session protocols.

The AGS as a reverse proxy brokering among multiple authentication, communication, and session protocols.