When back-end programmers are working on ToB
products or back-end systems, they will inevitably encounter core functions such as account systems, login systems, permission systems, and log systems. These functions are generally named after SSO
systems, RBAC
permission management systems, etc., but these systems together have a proper noun: IAM
.
IAM
IAM
It is Identity and Access Management
the abbreviation of Identity and Access Management, or Identity Management and Access Control, or Identity Management.
On IAM
the basis of , it continues to develop into EIAM
, CIAM
, RAM
, and IDaaS
several categories.
EVER
EIAM
It is Employee Identity and Access Management
the abbreviation of enterprise identity and access management, which mainly solves internal products that provide unified identity authentication and permission management capabilities for internal employees, partners, temporary personnel, etc.
CIAM
CIAM
It is Customer Identity and Access Management
the abbreviation of Customer Identity and Access Management, an external product that mainly solves the unified identity authentication and permission management capabilities of external customers of enterprises (mainly massive Internet users).
RAM
RAM
It is Resource and Access Management
the abbreviation of Resource and Access Management, which RAM
is actually owned by cloud vendors IAM
. It mainly solves the problem of access control for cloud customers to manage cloud resources.
Alibaba Cloud RAM
user login.
IDaaS
The most indispensable thing in the Internet industry is to create new terms. When cloud computing first came out, there were various concepts such as IaaS
, PaaS
, and . SaaS
In recent years, after the popularity of microservices BaaS
, FaaS
related concepts such as microservices and microservices have emerged.
IaaS: Infrastructure as a service, Infrastructure as a service
PaaS: Platform as a service, Platform as a service
SaaS: Software as a service, Software as a service
BaaS: Backend as a service,
FaaS: Functions as a service, Functions as a Service
reference article:
IDaaS
Identity as a Service ( IDentity as a Service
) will be EIAM
put CIAM
on the cloud and made into an independent SaaS
product for sale. The popular understanding is that IDaaS = EIAM + CIAM + SaaS
.
No matter how it changes, the core of these concepts is still the same IAM
, so if you understand IAM
the concept, you will understand all other concepts.
IAM
It generally contains the following five parts, called 5A
:
- Account
- Authentication
- Authorization
- Application
- Audit
account
The account is the digital carrier of the user in the system. It is used to identify the user and access protected resources. Generally, each system will have an account, and the account data structures of different systems are different.
Certification
Authentication is a form of credit guarantee. Authentication is used to determine whether the above account is valid when applying to access resources.
Authorize
Permissions are essentially restrictions, and authorization is the granting of permissions to users so that users can gain access to resources.
application
Applications can be simply understood as all business systems. These business systems should be the interactive objects and carriers of accounts, authentication, and authorization mentioned above.
audit
Auditing is essentially a log. The log needs to record all user operations, including subjects, operations, objects, types, time, locations, results, etc. According to different dimensions, it can be divided into different logs, such as operation logs, login logs, business logs, system logs, etc.
Reference articles:
https://www.woshipm.com/it/4681031.html
https://www.zhihu.com/question/47888930