Cloud // Software as a Service
04:48 PM
Connect Directly
Repost This

Amazon's Vision For Single Sign-On

Amazon Web Services urges developers to use its single sign-on option, which would let Amazon, Facebook and Google users log in once for access to all three services.

8 Great Cloud Storage Services
8 Great Cloud Storage Services
(click image for larger view and for slideshow)
In the past, businesses were able to grant employees access to services through their corporate identities. Now, the same federation can be achieved between Amazon and Facebook and Google identities for a single Web user sign-on.

All three use the same OAuth 2.0 protocol to authenticate a Web application, and federating identities of the three Web giants means 200 million active Amazon users will be able to reach any of the three service providers with just their Amazon user name and password. Likewise, Facebook and Google users will be able to reach additional services through just one of their existing passwords.

Developers are eager to find such a reach-extending mechanism for their mobile applications. The service is available to mobile Apple iOS and Android applications and Web-based applications. They're more likely to find regular users if newcomers can use a frequently used password instead of having to register and remember a new password. The AWS Developer Center makes it simple for developers to add a button for the log-in to their application. The button triggers use of the federated directory.

[ Want to learn more about federated directories in the cloud? See Cloud Identity Problems Solved By Federating Directories. ]

In a blog entry posted Tuesday, Jeff Wierer, principal product manager for AWS identity and access management, said developers may easily incorporate an Amazon log-in button into their mobile or Web applications. A user sign-on triggers a call for the user's profile, his name, email address and zip code, if the user has consented to the use of that information.

"Web identity federation enables your users to sign in to your app using their, Facebook, or Google identity and authorize them to seamlessly access AWS resources that are managed under your AWS account," wrote Wierer in his May 28 blog. possesses credit card information on its customers as well as names and email addresses, but that information is not shared. A developer asked AWS Wednesday on a forum if he could use the Amazon log-in process to obtain information on a user's recent purchases via his Kindle tablet. Such information would reveal a customer's interests and be a boon to personalized marketing by content providers, he wrote. No Amazon spokesman had responded to his query as of this writing but such information isn't listed as available with the initiation of the service. As the holder of both Kindle and credit card purchase information, Amazon is in a potentially powerful position to supply user profiles on top of the bare-bones profile information currently available to application developers. As of Wednesday, user consent is needed for any profile information to be provided. In the future, as the manager of the log-in process, Amazon would be in a strong position from which to dispense additional information, if allowed or if it chose to do so.

Part of Amazon's argument to developers to adopt its federated log-in button is that it will allow them to build more personalized applications, and spend less time worrying about the fundamental operations of the app.

The use of Amazon single sign-on also gives AWS the means to authorize Google and Facebook users to use AWS resources. The user of a developer's registered application receives a security token through the log-on, which lets the user access S3 to store a picture or retrieve a shared file, or access DynamoDB to analyze data. Such services would allow developers to produce richer applications that make use of AWS resources, without users needing to access them separately.

Comment  | 
Print  | 
More Insights
The next wave in APM
The next wave in APM
Find out how to get the benefits of application monitoring while avoiding the complexity and performance headaches.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Elite 100 - 2014
Our InformationWeek Elite 100 issue -- our 26th ranking of technology innovators -- shines a spotlight on businesses that are succeeding because of their digital strategies. We take a close at look at the top five companies in this year's ranking and the eight winners of our Business Innovation awards, and offer 20 great ideas that you can use in your company. We also provide a ranked list of our Elite 100 innovators.
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.