When back-end programmers are working on ToBproducts or back-end systems, they will inevitably encounter core functions such as account systems, login systems, permission systems, and log systems. These functions are generally named after SSOsystems, RBACpermission management systems, etc., but these systems together have a proper noun: IAM.
IAM
IAMIt is Identity and Access Managementthe abbreviation of Identity and Access Management, or Identity Management and Access Control, or Identity Management.
On IAMthe basis of , it continues to develop into EIAM, CIAM, RAM, and IDaaSseveral categories.
EVER
EIAMIt is Employee Identity and Access Managementthe abbreviation of enterprise identity and access management, which mainly solves internal products that provide unified identity authentication and permission management capabilities for internal employees, partners, temporary personnel, etc.
CIAM
CIAMIt is Customer Identity and Access Managementthe abbreviation of Customer Identity and Access Management, an external product that mainly solves the unified identity authentication and permission management capabilities of external customers of enterprises (mainly massive Internet users).
RAM
RAMIt is Resource and Access Managementthe abbreviation of Resource and Access Management, which RAMis actually owned by cloud vendors IAM. It mainly solves the problem of access control for cloud customers to manage cloud resources.
Alibaba Cloud RAMuser login.
IDaaS
The most indispensable thing in the Internet industry is to create new terms. When cloud computing first came out, there were various concepts such as IaaS, PaaS, and . SaaSIn recent years, after the popularity of microservices BaaS, FaaSrelated concepts such as microservices and microservices have emerged.
IaaS: Infrastructure as a service, Infrastructure as a service
PaaS: Platform as a service, Platform as a service
SaaS: Software as a service, Software as a service
BaaS: Backend as a service,
FaaS: Functions as a service, Functions as a Service
reference article:
IDaaSIdentity as a Service ( IDentity as a Service) will be EIAMput CIAMon the cloud and made into an independent SaaSproduct for sale. The popular understanding is that IDaaS = EIAM + CIAM + SaaS.
No matter how it changes, the core of these concepts is still the same IAM, so if you understand IAMthe concept, you will understand all other concepts.
IAMIt generally contains the following five parts, called 5A:
- Account
- Authentication
- Authorization
- Application
- Audit
account
The account is the digital carrier of the user in the system. It is used to identify the user and access protected resources. Generally, each system will have an account, and the account data structures of different systems are different.
Certification
Authentication is a form of credit guarantee. Authentication is used to determine whether the above account is valid when applying to access resources.
Authorize
Permissions are essentially restrictions, and authorization is the granting of permissions to users so that users can gain access to resources.
application
Applications can be simply understood as all business systems. These business systems should be the interactive objects and carriers of accounts, authentication, and authorization mentioned above.
audit
Auditing is essentially a log. The log needs to record all user operations, including subjects, operations, objects, types, time, locations, results, etc. According to different dimensions, it can be divided into different logs, such as operation logs, login logs, business logs, system logs, etc.
Reference articles:
https://www.woshipm.com/it/4681031.html
https://www.zhihu.com/question/47888930