Amazon Web Services (AWS) has launched a web identity service with support for Google, Facebook and its own AWS Identity and Access Management (IAM). The service allows developers to grant temporary authorization to people using these three services and simplifies development as all the identity management is done by AWS.
All the server-side code is managed without long-term credentials for the app. The service introduces a new AWS Security Token Service (STS) API that allows for temporary security credentials for customers who have been authenticated by Amazon.com, Facebook, or Google. According to the AWS blog, the “app can then use the temporary security credentials to access AWS resources such as Amazon Simple Storage Service (S3) objects, DynamoDB tables, or Amazon Simple Queue Service queues.”
This means that an app developer can more easily integrate identity features into an app. AWS uses the example of allowing end users to upload an image file as their personal avatar. In this case, a developer would store the images as objects into an Amazon S3 storage bucket. To enable this, the developer integrates a role that has two parts.