ما هو مزود الهوية (IdP)؟
في مجال إدارة الهوية والوصول (Identity and access management, IAM) ، يعد مزود الهوية (IdP) الخدمة المركزية لإدارة الهويات. وهو مسؤول عن مصادقة المستخدمين، إصدار رموز الهوية، وتوفير معلومات المستخدم لـ مزودي الخدمة (مثل التطبيقات، الخدمات، واجهات برمجة التطبيقات).
%3btext-align:center%3b%7d%23mermaid-0 .edgeLabel p%7bbackground-color:rgba(232%2c232%2c232%2c 0.8)%3b%7d%23mermaid-0 .edgeLabel rect%7bopacity:0.5%3bbackground-color:rgba(232%2c232%2c232%2c 0.8)%3bfill:rgba(232%2c232%2c232%2c 0.8)%3b%7d%23mermaid-0 .labelBkg%7bbackground-color:rgba(232%2c 232%2c 232%2c 0.5)%3b%7d%23mermaid-0 .cluster rect%7bfill:%23ffffde%3bstroke:%23aaaa33%3bstroke-width:1px%3b%7d%23mermaid-0 .cluster text%7bfill:%23333%3b%7d%23mermaid-0 .cluster span%7bcolor:%23333%3b%7d%23mermaid-0 div.mermaidTooltip%7bposition:absolute%3btext-align:center%3bmax-width:200px%3bpadding:2px%3bfont-family:arial%2csans-serif%3bfont-size:12px%3bbackground:hsl(80%2c 100%25%2c 96.2745098039%25)%3bborder:1px solid %23aaaa33%3bborder-radius:2px%3bpointer-events:none%3bz-index:100%3b%7d%23mermaid-0 .flowchartTitleText%7btext-anchor:middle%3bfont-size:18px%3bfill:%23333%3b%7d%23mermaid-0 rect.text%7bfill:none%3bstroke-width:0%3b%7d%23mermaid-0 .icon-shape%2c%23mermaid-0 .image-shape%7bbackground-color:rgba(232%2c232%2c232%2c 0.8)%3btext-align:center%3b%7d%23mermaid-0 .icon-shape p%2c%23mermaid-0 .image-shape p%7bbackground-color:rgba(232%2c232%2c232%2c 0.8)%3bpadding:2px%3b%7d%23mermaid-0 .icon-shape rect%2c%23mermaid-0 .image-shape rect%7bopacity:0.5%3bbackground-color:rgba(232%2c232%2c232%2c 0.8)%3bfill:rgba(232%2c232%2c232%2c 0.8)%3b%7d%23mermaid-0 :root%7b--mermaid-font-family:arial%2csans-serif%3b%7d%3c/style%3e%3cg%3e%3cmarker orient='auto' markerHeight='8' markerWidth='8' markerUnits='userSpaceOnUse' refY='5' refX='5' viewBox='0 0 10 10' class='marker flowchart-v2' id='mermaid-0_flowchart-v2-pointEnd'%3e%3cpath style='stroke-width: 1%3b stroke-dasharray: 1%2c 0%3b' class='arrowMarkerPath' d='M 0 0 L 10 5 L 0 10 z'/%3e%3c/marker%3e%3cmarker orient='auto' markerHeight='8' markerWidth='8' markerUnits='userSpaceOnUse' refY='5' refX='4.5' viewBox='0 0 10 10' class='marker flowchart-v2' id='mermaid-0_flowchart-v2-pointStart'%3e%3cpath style='stroke-width: 1%3b stroke-dasharray: 1%2c 0%3b' class='arrowMarkerPath' d='M 0 5 L 10 10 L 10 0 z'/%3e%3c/marker%3e%3cmarker orient='auto' markerHeight='11' markerWidth='11' markerUnits='userSpaceOnUse' refY='5' refX='11' viewBox='0 0 10 10' class='marker flowchart-v2' id='mermaid-0_flowchart-v2-circleEnd'%3e%3ccircle style='stroke-width: 1%3b stroke-dasharray: 1%2c 0%3b' class='arrowMarkerPath' r='5' cy='5' cx='5'/%3e%3c/marker%3e%3cmarker orient='auto' markerHeight='11' markerWidth='11' markerUnits='userSpaceOnUse' refY='5' refX='-1' viewBox='0 0 10 10' class='marker flowchart-v2' id='mermaid-0_flowchart-v2-circleStart'%3e%3ccircle style='stroke-width: 1%3b stroke-dasharray: 1%2c 0%3b' class='arrowMarkerPath' r='5' cy='5' cx='5'/%3e%3c/marker%3e%3cmarker orient='auto' markerHeight='11' markerWidth='11' markerUnits='userSpaceOnUse' refY='5.2' refX='12' viewBox='0 0 11 11' class='marker cross flowchart-v2' id='mermaid-0_flowchart-v2-crossEnd'%3e%3cpath style='stroke-width: 2%3b stroke-dasharray: 1%2c 0%3b' class='arrowMarkerPath' d='M 1%2c1 l 9%2c9 M 10%2c1 l -9%2c9'/%3e%3c/marker%3e%3cmarker orient='auto' markerHeight='11' markerWidth='11' markerUnits='userSpaceOnUse' refY='5.2' refX='-1' viewBox='0 0 11 11' class='marker cross flowchart-v2' id='mermaid-0_flowchart-v2-crossStart'%3e%3cpath style='stroke-width: 2%3b stroke-dasharray: 1%2c 0%3b' class='arrowMarkerPath' d='M 1%2c1 l 9%2c9 M 10%2c1 l -9%2c9'/%3e%3c/marker%3e%3cg class='root'%3e%3cg class='clusters'/%3e%3cg class='edgePaths'%3e%3cpath marker-end='url(%23mermaid-0_flowchart-v2-pointEnd)' style='' class='edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link' id='L_IdP_SP_0' d='M142.453%2c46.919L160.111%2c42.432C177.768%2c37.946%2c213.083%2c28.973%2c239.57%2c26.133C266.056%2c23.293%2c283.714%2c26.586%2c300.716%2c29.756C317.718%2c32.927%2c334.065%2c35.975%2c342.238%2c37.5L350.412%2c39.024'/%3e%3cpath marker-end='url(%23mermaid-0_flowchart-v2-pointEnd)' style='' class='edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link' id='L_IdP_SP_1' d='M142.453%2c64L160.111%2c64C177.768%2c64%2c213.083%2c64%2c239.57%2c64C266.056%2c64%2c283.714%2c64%2c300.704%2c64C317.695%2c64%2c334.02%2c64%2c342.182%2c64L350.344%2c64'/%3e%3cpath marker-end='url(%23mermaid-0_flowchart-v2-pointEnd)' style='' class='edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link' id='L_IdP_SP_2' d='M142.453%2c81.081L160.111%2c85.568C177.768%2c90.054%2c213.083%2c99.027%2c239.57%2c101.867C266.056%2c104.707%2c283.714%2c101.414%2c300.716%2c98.244C317.718%2c95.073%2c334.065%2c92.025%2c342.238%2c90.5L350.412%2c88.976'/%3e%3c/g%3e%3cg class='edgeLabels'%3e%3cg transform='translate(248.3984375%2c 20)' class='edgeLabel'%3e%3cg transform='translate(-61.7265625%2c -12)' class='label'%3e%3cforeignObject height='24' width='123.453125'%3e%3cdiv style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b' class='labelBkg' xmlns='http://www.w3.org/1999/xhtml'%3e%3cspan class='edgeLabel'%3e%3cp%3e%d9%8a%d8%b5%d8%af%d9%82 %d8%a7%d9%84%d9%85%d8%b3%d8%aa%d8%ae%d8%af%d9%85%d9%8a%d9%86%3c/p%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg transform='translate(248.3984375%2c 64)' class='edgeLabel'%3e%3cg transform='translate(-40.7265625%2c -12)' class='label'%3e%3cforeignObject height='24' width='81.453125'%3e%3cdiv style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b' class='labelBkg' xmlns='http://www.w3.org/1999/xhtml'%3e%3cspan class='edgeLabel'%3e%3cp%3e%d9%8a%d8%b5%d8%af%d8%b1 %d8%a7%d9%84%d8%b1%d9%85%d9%88%d8%b2%3c/p%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg transform='translate(248.3984375%2c 108)' class='edgeLabel'%3e%3cg transform='translate(-80.9453125%2c -12)' class='label'%3e%3cforeignObject height='24' width='161.890625'%3e%3cdiv style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b' class='labelBkg' xmlns='http://www.w3.org/1999/xhtml'%3e%3cspan class='edgeLabel'%3e%3cp%3e%d9%8a%d9%88%d9%81%d8%b1 %d9%85%d8%b9%d9%84%d9%88%d9%85%d8%a7%d8%aa %d8%a7%d9%84%d9%85%d8%b3%d8%aa%d8%ae%d8%af%d9%85%3c/p%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3c/g%3e%3cg class='nodes'%3e%3cg transform='translate(75.2265625%2c 64)' id='flowchart-IdP-0' class='node default'%3e%3crect height='54' width='134.453125' y='-27' x='-67.2265625' style='' class='basic label-container'/%3e%3cg transform='translate(-37.2265625%2c -12)' style='' class='label'%3e%3crect/%3e%3cforeignObject height='24' width='74.453125'%3e%3cdiv style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b' xmlns='http://www.w3.org/1999/xhtml'%3e%3cspan class='nodeLabel'%3e%3cp%3e%d9%85%d8%b2%d9%88%d8%af %d8%a7%d9%84%d9%87%d9%88%d9%8a%d8%a9%3c/p%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg transform='translate(484.34375%2c 64)' id='flowchart-SP-1' class='node default'%3e%3crect height='102' width='260' y='-51' x='-130' style='' class='basic label-container'/%3e%3cg transform='translate(-100%2c -36)' style='' class='label'%3e%3crect/%3e%3cforeignObject height='72' width='200'%3e%3cdiv style='display: table%3b white-space: break-spaces%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b width: 200px%3b' xmlns='http://www.w3.org/1999/xhtml'%3e%3cspan class='nodeLabel'%3e%3cp%3e%d9%85%d8%b2%d9%88%d8%af %d8%a7%d9%84%d8%ae%d8%af%d9%85%d8%a9%3cbr /%3e(%d8%a7%d9%84%d8%aa%d8%b7%d8%a8%d9%8a%d9%82%d8%8c %d8%a7%d9%84%d8%ae%d8%af%d9%85%d8%a9%d8%8c %d9%88%d8%a7%d8%ac%d9%87%d8%a9 %d8%a8%d8%b1%d9%85%d8%ac%d8%a9 %d8%a7%d9%84%d8%aa%d8%b7%d8%a8%d9%8a%d9%82%d8%a7%d8%aa)%3c/p%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/svg%3e)
بالإضافة إلى مصادقة (Authentication) ، تكون مزودي الهوية الحديثة أيضًا مسؤولة عن التفويض (Authorization) (تطبيق سياسات التحكم في الوصول (Access control) ) ودعم الميزات المتقدمة مثل تسجيل الدخول الموحد (SSO) و التعددية المستأجرة (Multi-tenancy) .
معايير مزودي الهوية
نظرًا لطبيعة إدارة الهوية والحاجة إلى التشغيل البيني، سيكون من غير العملي وغير الفعال بناء مزودي الهوية بدون معايير. هذه بعض السيناريوهات النموذجية:
- يحتاج مزودان للهوية للتواصل مع بعضهما لتبادل معلومات المستخدم (مثل تسجيل الدخول الاجتماعي).
- يحتاج تطبيق إلى التحقق من هوية المستخدمين باستخدام مزودي هوية متعددين (مثل هوية متحدّة).
- يحتاج مزود الهوية إلى دعم أنواع متعددة من العملاء (مثل الويب، الجوال، إنترنت الأشياء).
لمعالجة هذه السيناريوهات، طورت الصناعة عدة معايير شائعة لمزودي الهوية:
- OAuth 2.0 : إطار تفويض مستخدم على نطاق واسع يمكن التطبيقات من الحصول على حق الوصول نيابة عن المستخدمين أو الخدمات.
- OpenID Connect (OIDC) : طبقة هوية مبنية على قمة OAuth 2.0 توفر المصادقة ومعلومات المستخدم.
- لغة ترميز تأكيد الأمان (Security Assertion Markup Language, SAML) : معيار لتبادل بيانات المصادقة والتفويض بين نطاقات الأمان.
بالنسبة للتطبيقات الجديدة، يعد OpenID Connect (OIDC) المعيار الموصى باستخدامه إما لبناء مزود هوية أو للتكامل مع مزودي الهوية الحاليين.
هيكلية مزود الهوية
مصطلح “مزود الهوية” لا يحدد بنية معينة أو تنفيذًا معينًا. بمعنى آخر، يمكن أن يكون مزود الهوية أيضًا تطبيقًا أحاديًا أو خدمة صغيرة أو خدمة سحابية.
%3btext-align:center%3b%7d%23mermaid-1 .edgeLabel p%7bbackground-color:rgba(232%2c232%2c232%2c 0.8)%3b%7d%23mermaid-1 .edgeLabel rect%7bopacity:0.5%3bbackground-color:rgba(232%2c232%2c232%2c 0.8)%3bfill:rgba(232%2c232%2c232%2c 0.8)%3b%7d%23mermaid-1 .labelBkg%7bbackground-color:rgba(232%2c 232%2c 232%2c 0.5)%3b%7d%23mermaid-1 .cluster rect%7bfill:%23ffffde%3bstroke:%23aaaa33%3bstroke-width:1px%3b%7d%23mermaid-1 .cluster text%7bfill:%23333%3b%7d%23mermaid-1 .cluster span%7bcolor:%23333%3b%7d%23mermaid-1 div.mermaidTooltip%7bposition:absolute%3btext-align:center%3bmax-width:200px%3bpadding:2px%3bfont-family:arial%2csans-serif%3bfont-size:12px%3bbackground:hsl(80%2c 100%25%2c 96.2745098039%25)%3bborder:1px solid %23aaaa33%3bborder-radius:2px%3bpointer-events:none%3bz-index:100%3b%7d%23mermaid-1 .flowchartTitleText%7btext-anchor:middle%3bfont-size:18px%3bfill:%23333%3b%7d%23mermaid-1 rect.text%7bfill:none%3bstroke-width:0%3b%7d%23mermaid-1 .icon-shape%2c%23mermaid-1 .image-shape%7bbackground-color:rgba(232%2c232%2c232%2c 0.8)%3btext-align:center%3b%7d%23mermaid-1 .icon-shape p%2c%23mermaid-1 .image-shape p%7bbackground-color:rgba(232%2c232%2c232%2c 0.8)%3bpadding:2px%3b%7d%23mermaid-1 .icon-shape rect%2c%23mermaid-1 .image-shape rect%7bopacity:0.5%3bbackground-color:rgba(232%2c232%2c232%2c 0.8)%3bfill:rgba(232%2c232%2c232%2c 0.8)%3b%7d%23mermaid-1 :root%7b--mermaid-font-family:arial%2csans-serif%3b%7d%3c/style%3e%3cg%3e%3cmarker orient='auto' markerHeight='8' markerWidth='8' markerUnits='userSpaceOnUse' refY='5' refX='5' viewBox='0 0 10 10' class='marker flowchart-v2' id='mermaid-1_flowchart-v2-pointEnd'%3e%3cpath style='stroke-width: 1%3b stroke-dasharray: 1%2c 0%3b' class='arrowMarkerPath' d='M 0 0 L 10 5 L 0 10 z'/%3e%3c/marker%3e%3cmarker orient='auto' markerHeight='8' markerWidth='8' markerUnits='userSpaceOnUse' refY='5' refX='4.5' viewBox='0 0 10 10' class='marker flowchart-v2' id='mermaid-1_flowchart-v2-pointStart'%3e%3cpath style='stroke-width: 1%3b stroke-dasharray: 1%2c 0%3b' class='arrowMarkerPath' d='M 0 5 L 10 10 L 10 0 z'/%3e%3c/marker%3e%3cmarker orient='auto' markerHeight='11' markerWidth='11' markerUnits='userSpaceOnUse' refY='5' refX='11' viewBox='0 0 10 10' class='marker flowchart-v2' id='mermaid-1_flowchart-v2-circleEnd'%3e%3ccircle style='stroke-width: 1%3b stroke-dasharray: 1%2c 0%3b' class='arrowMarkerPath' r='5' cy='5' cx='5'/%3e%3c/marker%3e%3cmarker orient='auto' markerHeight='11' markerWidth='11' markerUnits='userSpaceOnUse' refY='5' refX='-1' viewBox='0 0 10 10' class='marker flowchart-v2' id='mermaid-1_flowchart-v2-circleStart'%3e%3ccircle style='stroke-width: 1%3b stroke-dasharray: 1%2c 0%3b' class='arrowMarkerPath' r='5' cy='5' cx='5'/%3e%3c/marker%3e%3cmarker orient='auto' markerHeight='11' markerWidth='11' markerUnits='userSpaceOnUse' refY='5.2' refX='12' viewBox='0 0 11 11' class='marker cross flowchart-v2' id='mermaid-1_flowchart-v2-crossEnd'%3e%3cpath style='stroke-width: 2%3b stroke-dasharray: 1%2c 0%3b' class='arrowMarkerPath' d='M 1%2c1 l 9%2c9 M 10%2c1 l -9%2c9'/%3e%3c/marker%3e%3cmarker orient='auto' markerHeight='11' markerWidth='11' markerUnits='userSpaceOnUse' refY='5.2' refX='-1' viewBox='0 0 11 11' class='marker cross flowchart-v2' id='mermaid-1_flowchart-v2-crossStart'%3e%3cpath style='stroke-width: 2%3b stroke-dasharray: 1%2c 0%3b' class='arrowMarkerPath' d='M 1%2c1 l 9%2c9 M 10%2c1 l -9%2c9'/%3e%3c/marker%3e%3cg class='root'%3e%3cg class='clusters'/%3e%3cg class='edgePaths'/%3e%3cg class='edgeLabels'/%3e%3cg class='nodes'%3e%3cg transform='translate(0%2c 0)' class='root'%3e%3cg class='clusters'%3e%3cg data-look='classic' id='subGraph0' class='cluster'%3e%3crect height='129' width='547.203125' y='8' x='8' style=''/%3e%3cg transform='translate(241.875%2c 8)' class='cluster-label'%3e%3cforeignObject height='24' width='79.453125'%3e%3cdiv style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b' xmlns='http://www.w3.org/1999/xhtml'%3e%3cspan class='nodeLabel'%3e%3cp%3e%d8%ae%d8%af%d9%85%d8%a9 %d8%a3%d8%ad%d8%a7%d8%af%d9%8a%d8%a9%3c/p%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3c/g%3e%3cg class='edgePaths'/%3e%3cg class='edgeLabels'/%3e%3cg class='nodes'%3e%3cg transform='translate(110.2265625%2c 72.5)' id='flowchart-IdP-8' class='node default'%3e%3crect height='54' width='134.453125' y='-27' x='-67.2265625' style='' class='basic label-container'/%3e%3cg transform='translate(-37.2265625%2c -12)' style='' class='label'%3e%3crect/%3e%3cforeignObject height='24' width='74.453125'%3e%3cdiv style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b' xmlns='http://www.w3.org/1999/xhtml'%3e%3cspan class='nodeLabel'%3e%3cp%3e%d9%85%d8%b2%d9%88%d8%af %d8%a7%d9%84%d9%87%d9%88%d9%8a%d8%a9%3c/p%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg transform='translate(288.140625%2c 72.5)' id='flowchart-Module1-9' class='node default'%3e%3crect height='54' width='121.375' y='-27' x='-60.6875' style='' class='basic label-container'/%3e%3cg transform='translate(-30.6875%2c -12)' style='' class='label'%3e%3crect/%3e%3cforeignObject height='24' width='61.375'%3e%3cdiv style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b' xmlns='http://www.w3.org/1999/xhtml'%3e%3cspan class='nodeLabel'%3e%3cp%3eModule1%3c/p%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg transform='translate(459.515625%2c 72.5)' id='flowchart-Module2-10' class='node default'%3e%3crect height='54' width='121.375' y='-27' x='-60.6875' style='' class='basic label-container'/%3e%3cg transform='translate(-30.6875%2c -12)' style='' class='label'%3e%3crect/%3e%3cforeignObject height='24' width='61.375'%3e%3cdiv style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b' xmlns='http://www.w3.org/1999/xhtml'%3e%3cspan class='nodeLabel'%3e%3cp%3eModule2%3c/p%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/svg%3e)
نظرًا لتعقيد وأهمية إدارة الهوية، تميل التطبيقات الحديثة إلى استخدام مزودي هوية متخصصين يكونون خدمات مستقلة أو حلولًا من البائعين.
%3btext-align:center%3b%7d%23mermaid-2 .edgeLabel p%7bbackground-color:rgba(232%2c232%2c232%2c 0.8)%3b%7d%23mermaid-2 .edgeLabel rect%7bopacity:0.5%3bbackground-color:rgba(232%2c232%2c232%2c 0.8)%3bfill:rgba(232%2c232%2c232%2c 0.8)%3b%7d%23mermaid-2 .labelBkg%7bbackground-color:rgba(232%2c 232%2c 232%2c 0.5)%3b%7d%23mermaid-2 .cluster rect%7bfill:%23ffffde%3bstroke:%23aaaa33%3bstroke-width:1px%3b%7d%23mermaid-2 .cluster text%7bfill:%23333%3b%7d%23mermaid-2 .cluster span%7bcolor:%23333%3b%7d%23mermaid-2 div.mermaidTooltip%7bposition:absolute%3btext-align:center%3bmax-width:200px%3bpadding:2px%3bfont-family:arial%2csans-serif%3bfont-size:12px%3bbackground:hsl(80%2c 100%25%2c 96.2745098039%25)%3bborder:1px solid %23aaaa33%3bborder-radius:2px%3bpointer-events:none%3bz-index:100%3b%7d%23mermaid-2 .flowchartTitleText%7btext-anchor:middle%3bfont-size:18px%3bfill:%23333%3b%7d%23mermaid-2 rect.text%7bfill:none%3bstroke-width:0%3b%7d%23mermaid-2 .icon-shape%2c%23mermaid-2 .image-shape%7bbackground-color:rgba(232%2c232%2c232%2c 0.8)%3btext-align:center%3b%7d%23mermaid-2 .icon-shape p%2c%23mermaid-2 .image-shape p%7bbackground-color:rgba(232%2c232%2c232%2c 0.8)%3bpadding:2px%3b%7d%23mermaid-2 .icon-shape rect%2c%23mermaid-2 .image-shape rect%7bopacity:0.5%3bbackground-color:rgba(232%2c232%2c232%2c 0.8)%3bfill:rgba(232%2c232%2c232%2c 0.8)%3b%7d%23mermaid-2 :root%7b--mermaid-font-family:arial%2csans-serif%3b%7d%3c/style%3e%3cg%3e%3cmarker orient='auto' markerHeight='8' markerWidth='8' markerUnits='userSpaceOnUse' refY='5' refX='5' viewBox='0 0 10 10' class='marker flowchart-v2' id='mermaid-2_flowchart-v2-pointEnd'%3e%3cpath style='stroke-width: 1%3b stroke-dasharray: 1%2c 0%3b' class='arrowMarkerPath' d='M 0 0 L 10 5 L 0 10 z'/%3e%3c/marker%3e%3cmarker orient='auto' markerHeight='8' markerWidth='8' markerUnits='userSpaceOnUse' refY='5' refX='4.5' viewBox='0 0 10 10' class='marker flowchart-v2' id='mermaid-2_flowchart-v2-pointStart'%3e%3cpath style='stroke-width: 1%3b stroke-dasharray: 1%2c 0%3b' class='arrowMarkerPath' d='M 0 5 L 10 10 L 10 0 z'/%3e%3c/marker%3e%3cmarker orient='auto' markerHeight='11' markerWidth='11' markerUnits='userSpaceOnUse' refY='5' refX='11' viewBox='0 0 10 10' class='marker flowchart-v2' id='mermaid-2_flowchart-v2-circleEnd'%3e%3ccircle style='stroke-width: 1%3b stroke-dasharray: 1%2c 0%3b' class='arrowMarkerPath' r='5' cy='5' cx='5'/%3e%3c/marker%3e%3cmarker orient='auto' markerHeight='11' markerWidth='11' markerUnits='userSpaceOnUse' refY='5' refX='-1' viewBox='0 0 10 10' class='marker flowchart-v2' id='mermaid-2_flowchart-v2-circleStart'%3e%3ccircle style='stroke-width: 1%3b stroke-dasharray: 1%2c 0%3b' class='arrowMarkerPath' r='5' cy='5' cx='5'/%3e%3c/marker%3e%3cmarker orient='auto' markerHeight='11' markerWidth='11' markerUnits='userSpaceOnUse' refY='5.2' refX='12' viewBox='0 0 11 11' class='marker cross flowchart-v2' id='mermaid-2_flowchart-v2-crossEnd'%3e%3cpath style='stroke-width: 2%3b stroke-dasharray: 1%2c 0%3b' class='arrowMarkerPath' d='M 1%2c1 l 9%2c9 M 10%2c1 l -9%2c9'/%3e%3c/marker%3e%3cmarker orient='auto' markerHeight='11' markerWidth='11' markerUnits='userSpaceOnUse' refY='5.2' refX='-1' viewBox='0 0 11 11' class='marker cross flowchart-v2' id='mermaid-2_flowchart-v2-crossStart'%3e%3cpath style='stroke-width: 2%3b stroke-dasharray: 1%2c 0%3b' class='arrowMarkerPath' d='M 1%2c1 l 9%2c9 M 10%2c1 l -9%2c9'/%3e%3c/marker%3e%3cg class='root'%3e%3cg class='clusters'/%3e%3cg class='edgePaths'%3e%3cpath marker-end='url(%23mermaid-2_flowchart-v2-pointEnd)' marker-start='url(%23mermaid-2_flowchart-v2-pointStart)' style='' class='edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link' id='L_IdP_SP1_0' d='M126.598%2c58.035L133.407%2c54.196C140.216%2c50.357%2c153.835%2c42.678%2c162.727%2c38.839C171.62%2c35%2c175.786%2c35%2c179.286%2c35C182.786%2c35%2c185.62%2c35%2c187.036%2c35L188.453%2c35'/%3e%3cpath marker-end='url(%23mermaid-2_flowchart-v2-pointEnd)' marker-start='url(%23mermaid-2_flowchart-v2-pointStart)' style='' class='edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link' id='L_IdP_SP2_1' d='M126.598%2c115.965L133.407%2c119.804C140.216%2c123.643%2c153.835%2c131.322%2c162.727%2c135.161C171.62%2c139%2c175.786%2c139%2c179.286%2c139C182.786%2c139%2c185.62%2c139%2c187.036%2c139L188.453%2c139'/%3e%3c/g%3e%3cg class='edgeLabels'%3e%3cg class='edgeLabel'%3e%3cg transform='translate(0%2c 0)' class='label'%3e%3cforeignObject height='0' width='0'%3e%3cdiv style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b' class='labelBkg' xmlns='http://www.w3.org/1999/xhtml'%3e%3cspan class='edgeLabel'%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg class='edgeLabel'%3e%3cg transform='translate(0%2c 0)' class='label'%3e%3cforeignObject height='0' width='0'%3e%3cdiv style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b' class='labelBkg' xmlns='http://www.w3.org/1999/xhtml'%3e%3cspan class='edgeLabel'%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3c/g%3e%3cg class='nodes'%3e%3cg transform='translate(75.2265625%2c 87)' id='flowchart-IdP-11' class='node default'%3e%3crect height='54' width='134.453125' y='-27' x='-67.2265625' style='' class='basic label-container'/%3e%3cg transform='translate(-37.2265625%2c -12)' style='' class='label'%3e%3crect/%3e%3cforeignObject height='24' width='74.453125'%3e%3cdiv style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b' xmlns='http://www.w3.org/1999/xhtml'%3e%3cspan class='nodeLabel'%3e%3cp%3e%d9%85%d8%b2%d9%88%d8%af %d8%a7%d9%84%d9%87%d9%88%d9%8a%d8%a9%3c/p%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg transform='translate(270.3515625%2c 35)' id='flowchart-SP1-12' class='node default'%3e%3crect height='54' width='155.796875' y='-27' x='-77.8984375' style='' class='basic label-container'/%3e%3cg transform='translate(-47.8984375%2c -12)' style='' class='label'%3e%3crect/%3e%3cforeignObject height='24' width='95.796875'%3e%3cdiv style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b' xmlns='http://www.w3.org/1999/xhtml'%3e%3cspan class='nodeLabel'%3e%3cp%3e%d9%85%d8%b2%d9%88%d8%af %d8%a7%d9%84%d8%ae%d8%af%d9%85%d8%a9 1%3c/p%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg transform='translate(270.3515625%2c 139)' id='flowchart-SP2-14' class='node default'%3e%3crect height='54' width='155.796875' y='-27' x='-77.8984375' style='' class='basic label-container'/%3e%3cg transform='translate(-47.8984375%2c -12)' style='' class='label'%3e%3crect/%3e%3cforeignObject height='24' width='95.796875'%3e%3cdiv style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b' xmlns='http://www.w3.org/1999/xhtml'%3e%3cspan class='nodeLabel'%3e%3cp%3e%d9%85%d8%b2%d9%88%d8%af %d8%a7%d9%84%d8%ae%d8%af%d9%85%d8%a9 2%3c/p%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/svg%3e)
ميزات مزود الهوية
تقدم مزودات الهوية الحديثة مجموعة واسعة من الميزات لدعم حالات استخدام ومتطلبات مختلفة. هذه بعض الميزات الشائعة:
- مصادقة (Authentication) : التحقق من هوية المستخدمين باستخدام طرق مختلفة (مثل اسم المستخدم وكلمة المرور، تسجيل الدخول الاجتماعي، المصادقة متعددة العوامل (Multi-factor authentication, MFA) ).
- التفويض (Authorization) : تطبيق سياسات الوصول وإدارة أذونات المستخدم (مثل التحكم في الوصول بناءً على الأدوار (Role-based access control, RBAC) ، التحكم في الوصول المستند إلى السمة (Attribute-based Access Control, ABAC) ).
- إدارة المستخدم: إنشاء وتحديث وحذف حسابات وملفات تعريف المستخدمين؛ توفير بيانات المستخدم لـ مزودي الخدمة .
- إدارة الرموز: إصدار وإدارة رموز الهوية (مثل رمز الهوية، رمز الوصول، رمز التحديث).
- تسجيل الدخول الموحد (SSO) : تمكين المستخدمين من المصادقة مرة واحدة والوصول إلى تطبيقات متعددة.
- التعددية المستأجرة (Multi-tenancy) : دعم منظمات أو مستأجرين متعددين ببيانات مستخدم وتكوينات معزولة.