...
- Google
Cloud identity refers to a set of technologies, protocols, and practices that enable managing and controlling user identities and access to digital resources in cloud-based environments.
It empowers organizations to securely authenticate, authorize, and manage user access across cloud services and applications. Cloud Identity leverages the power of the cloud to centralize identity management, simplify administration, enhance security, and improve user experience.[1]
Cloud Identity is an Identity as a Service (IDaaS) solution that centrally manages users and groups. You can configure Cloud Identity to federate identities between Google and other identity providers, such as Active Directory and Microsoft Entra ID (formerly Azure AD).[2]
- Amazon
Identity management, access controls, and governance are foundational security pillars for organizations of any size and type. As you migrate to and modernize on AWS, your security and IT teams can adopt modern cloud-native identity solutions and Zero Trust architectures to securely support hybrid workforce productivity, provide builders and customers access experiences with less friction, apply and audit permissions toward least privilege, and help meet stringent compliance mandates.[3]
- Facebook (Meta)
Meta wants to raise the privacy bar higher by de-identifying users while still maintaining a form of authentication to protect users and our services. So, it leveraged the anonymous credential, collaboratively designed over the years between industry and academia, to create a core service called Anonymous Credential Service (ACS). ACS is a highly available, multitenant service that allows clients to authenticate in a de-identified manner. It enhances privacy and security while also being compute-conscious. ACS is one the newest additions to our privacy-enhancing technologies (PETs) portfolio and is currently in use across several high-volume use cases at Meta.
At a high level, anonymous credentials support de-identified authentication by splitting authentication into two phases — token issuance and de-identified authentication. In the token issuance phase, clients contact the server through an authenticated channel to send a token. The server signs and sends it back. Then, in the de-identified authentication (or token redemption) phase, clients use an anonymous channel to submit data and authenticate it utilizing a mutated form of this token rather than a user ID.
We’ve greatly simplified the nuances in the protocol. The signed token (token issuance phase) and redeemed token (de-identified authentication phase) cannot be linked. This property enables the server to authenticate the client in the second phase without knowing which specific client the token belongs to, thus preserving user privacy.[4]
- Apple
Apple provides your organisation with various identity services to help you manage passwords and usernames securely — both across your workplace and in the cloud. Apple uses security measures like authentication, authorization and identity federation, so that individual users can access their favorite apps and other resources without, for example, the additional hardship of setting up usernames and passwords for each one.[5]
Apple uses Keychain App to protect sensitive data and can contain various types of data: passwords (for websites, FTP servers, SSH accounts, network shares, wireless networks, groupware applications, encrypted disk images), private keys, certificates, and secure notes. But pay attention that Keychain is not a blockchain-based App!
- Microsoft
Microsoft has been actively involved in decentralized identity solutions. They have developed technologies like Decentralized Identifiers (DIDs) and verifiable credentials to enable self-sovereign and decentralized identity management. It has contributed to open-source projects like the Decentralized Identity Foundation (DIF) and is working on initiatives such as the Microsoft Authenticator app.
Microsoft Entra Verified ID Service is an issuance and verification service in Azure and a REST API for W3C Verifiable Credentials that are signed with the did:web method. They enable identity owners to generate, present, and verify claims. This forms the basis of trust between users of the systems.
- Microsoft Entra ID is a cloud-based identity and access management solution. It is a directory and identity management service that operates in the cloud and offers authentication and authorization services to various Microsoft services such as Microsoft 365, Dynamics 365, and Microsoft Azure.
- ION is a Layer 2 open, permissionless network based on the purely deterministic Sidetree protocol, which requires no special tokens, trusted validators, or additional consensus mechanisms; the linear progression of Bitcoin's timechain is all that's required for its operation. ION is designed for scale, supporting thousands of DID operations per second across the network. ION has been launched on Bitcoin mainnet and is based on a strongly eventually consistent architecture that enables embarrassingly parallel ingest, processing, and resolution of DID operations.
...