Amazon Web Services urges developers to use its single sign-on option, which would let Amazon, Facebook and Google users log in once for access to all three services.
8 Great Cloud Storage Services
(click image for larger view and for slideshow)
In the past, businesses were able to grant employees access to Amazon.com services through their corporate identities. Now, the same federation can be achieved between Amazon and Facebook and Google identities for a single Web user sign-on.
All three use the same OAuth 2.0 protocol to authenticate a Web application, and federating identities of the three Web giants means 200 million active Amazon users will be able to reach any of the three service providers with just their Amazon user name and password. Likewise, Facebook and Google users will be able to reach additional services through just one of their existing passwords.
Developers are eager to find such a reach-extending mechanism for their mobile applications. The service is available to mobile Apple iOS and Android applications and Web-based applications. They're more likely to find regular users if newcomers can use a frequently used password instead of having to register and remember a new password. The AWS Developer Center makes it simple for developers to add a button for the log-in to their application. The button triggers use of the federated directory.
"Web identity federation enables your users to sign in to your app using their Amazon.com, Facebook, or Google identity and authorize them to seamlessly access AWS resources that are managed under your AWS account," wrote Wierer in his May 28 blog.
Amazon.com possesses credit card information on its customers as well as names and email addresses, but that information is not shared. A developer asked AWS Wednesday on a forum if he could use the Amazon log-in process to obtain information on a user's recent purchases via his Kindle tablet. Such information would reveal a customer's interests and be a boon to personalized marketing by content providers, he wrote. No Amazon spokesman had responded to his query as of this writing but such information isn't listed as available with the initiation of the service.
As the holder of both Kindle and credit card purchase information, Amazon is in a potentially powerful position to supply user profiles on top of the bare-bones profile information currently available to application developers. As of Wednesday, user consent is needed for any profile information to be provided. In the future, as the manager of the log-in process, Amazon would be in a strong position from which to dispense additional information, if allowed or if it chose to do so.
Part of Amazon's argument to developers to adopt its federated log-in button is that it will allow them to build more personalized applications, and spend less time worrying about the fundamental operations of the app.
The use of Amazon single sign-on also gives AWS the means to authorize Google and Facebook users to use AWS resources. The user of a developer's registered application receives a security token through the log-on, which lets the user access S3 to store a picture or retrieve a shared file, or access DynamoDB to analyze data. Such services would allow developers to produce richer applications that make use of AWS resources, without users needing to access them separately.
IT Service Management Must EvolveThe idea of technology being delivered as a service appeals to the 409 IT pros responding to our Service-Oriented IT Survey. But cloud providers are competing for that work, and CIOs are being selective.