A conceptual model for federated authentication in the cloud

Document Type

Conference Proceeding


Edith Cowan University


Faculty of Health, Engineering and Science


ECU Security Research Institute




This article was originally published as: Al Abdulwahid A., Clarke N., Furnell S., Stengel I. (2014). A conceptual model for federated authentication in the cloud. Proceedings of the 11th Australian Information Security Management Conference, ISM 2013. (pp. 1-11). Edith Cowan University. Original article available here


Authentication is a key security control for any computing system, whether that is a PC, server, laptop, tablet or mobile phone. However, authentication is traditionally poorly served, with existing implementations falling foul of a variety of weaknesses. Passwords are poorly selected, reused and shared (to name but a few). Research has suggested novel approaches to authentication such as transparent authentication and cooperative and distributed authentication. However, these technologies merely focus upon individual platforms rather than providing a universal and federated authentication approach that can be used across technologies and services. The advent of cloud computing, its universal connectivity, scalability and flexibility, offers a new opportunity of achieving usable and convenient authentication seamlessly in a technology and service independent fashion. The approach introduces a new dedicated authentication provider - the Managed Authentication Service Provider - that is able to provide state-of-the-art centralised verification of authenticity. However, relying upon such an environment also introduces a range of technology, privacy and trust-related issues that must be overcome.

Access Rights

open access