Identity and access management using Boto and JSON

  • Authors

    • S Adhirai
    • Paramjit Singh
    • R P. Mahapatra
    2018-03-19
    https://doi.org/10.14419/ijet.v7i2.8.10550
  • Identity, Identity and Access Management, IAM Policy, Boto, JSON

  • Abstract

    Cloud computing has emerged as the important data processing tool as it tackles exponential data growth. This, in turn, makes security something of a moving target. The National Institute of Standards and Technology (NIST), has declared the Identity and Access Management (IAM) as one of the major threats to the cloud computing. The Top Threats Working Group of Cloud Security Alliance (CSA) ranks “IAM†as the second topmost threat among twelve biggest threats in cloud computing. IAM allows the cloud server for managing the web services and herby allowing the users to manage the users and corresponding permissions (user policies). Other benefits posed by the IAM are central management ofusers, and maintain several security qualifications. This paper focuses on Managing IAM Users, and Working with IAM Policies using JavaScript Object Notation (JSON), and Boto. The paper concludes utmost care should be given to IAM user management and IAM user policies. It is the IAM Policies which play the sole role of ensuring security. If you don’t set up IAM policies properly, you will create security holes leading to security lapses.

  • References

    1. [1] “Identity and Access Management (IAM)â€, IT Glossary, Gartner, https://www.gartner.com/it-glossary/identity-and-access-management-iam/

      [2] Advantage and Disadvantage of JSON, http://candidjava.com/advantage-and-disadvantage-of-json/.

      [3] AWS Identity and Access Management Examples, http://boto3.readthedocs.io/en/latest/guide/iam-examples.html

      [4] Boto 3 Documentation, https://boto3.readthedocs.io/en/latest/.

      [5] CLOUD SECURITY ALLIANCE, 2016, “The Treacherous 12 - Cloud Computing Top Threats in 2016â€.

      [6] Gilchrist, Alasdair, An Executive Guide to Identity Access Management, Kindle Edition, RG Consulting, 2015.

      [7] http://www.tutorialspoint.com/json/, JSON Tutorial.

      [8] https://www.gartner.com/newsroom/id/3354117, “Gartner Says By 2020, a Corporate "No-Cloud" Policy Will Be as Rare as a "No-Internet" Policy Is Todayâ€, STAMFORD, Conn., June 22, 2016.

      [9] https://www.javatpoint.com/json-tutorial, JSON Tutorial.

      [10] https://www.json.org/, Introducing JSON.

      [11] https://www.w3schools.com/js/js_json_intro.asp, JSON – Introduction.

      [12] Jerry Archer, Alan Boehme, Dave Cullinane, Nils Puhlmann, Paul Kurtz, Jim Reavis. CLOUD SECURITY ALLIANCE SecaaS DEFINED CATEGORIES OF SERVICE, 2011.

      [13] JSON – DataTypes,

      https://www.tutorialspoint.com/json/json_data_types.htm.

      [14] JSON Data Types,

      https://www.w3schools.com/js/js_json_datatypes.asp.

      [15] JSON: The Fat-Free Alternative to XML, http://json.org/xml.html.

      [16] Limitations on IAM Entities and Objects, http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html.

      [17] Managing IAM Users,

      http://boto3.readthedocs.io/en/latest/guide/iam-example-managing-users.html.

      [18] Mell, Peter, and Grance, Timothy, The NIST Definition of Cloud Computing, Special Publication 800-145, September 2011.

      [19] Orondo, Omondi, Identity & Access Management: A Systems Engineering Approach, Second Edition, IAM Imprints, Boston, MA, 2016.

      [20] Osmanoglu, Ertem, Identity and Access Management: Business Performance Through Connected Intelligence, First Edition, Syngress, London, New York, 2014.

      [21] Overview of IAM Policies,

      http://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html.

      [22] Wayne Jansen, Timothy Grance, 2011, Guidelines on Security and Privacy in Public Cloud Computing, Special Publication 800-144.

      [23] What are the advantages of JSON over XML?, https://www.quora.com/What-are-the-advantages-of-JSON-over-XML.

      [24] Williamson, G., Yip D., Identity Management: A Primer, 1st Edition, MC Press, Texas, 2009.

      [25] Witty R., Allan A., Enck J., Wagner R., Identity and Access Management Defined, Gartner Research, SPA-21-3430, 4 November 2003, Available online:

      http://www.bus.umich.edu/KresgePublic/Journals/Gartner/research/118200/118281/118281.pdf

      [26] Working with IAM Policies,

      http://boto3.readthedocs.io/en/latest/guide/iam-example-policies.html

      [27] T. Padmapriya and V. Saminadan, “Improving Throughput for Downlink Multi user MIMO-LTE Advanced Networks using SINR approximation and Hierarchical CSI feedbackâ€, International Journal of Mobile Design Network and Innovation- Inderscience Publisher, ISSN : 1744-2850 vol. 6, no.1, pp. 14-23, May 2015.

      [28] S.V.Manikanthan and K.srividhya "An Android based secure access control using ARM and cloud computing", Published in: Electronics and Communication Systems (ICECS), 2015 2nd International Conference on 26-27 Feb. 2015,Publisher: IEEE,DOI: 10.1109/ECS.2015.7124833.

  • Downloads

  • How to Cite

    Adhirai, S., Singh, P., & P. Mahapatra, R. (2018). Identity and access management using Boto and JSON. International Journal of Engineering & Technology, 7(2.8), 640-651. https://doi.org/10.14419/ijet.v7i2.8.10550

    Received date: 2018-03-24

    Accepted date: 2018-03-24

    Published date: 2018-03-19