Identity Federation-A boon for “MLaaS”
Machine Learning has become an integral part of our lives. We are not even aware of the various touchpoints where we interact or use artificial intelligence (AI) or machine learning (ML) in our day-to-day activities, be it chatting with a Chatbot, looking up for a credit score, performing a bank transaction, shopping online and the list can go on. Many organizations have invested heavily in the machine learning space and are reaping the benefits gaining vital business intelligence and predictions. Such investments could be quite heavy to the pocket of medium or small scale organizations as it demands skilled resources, infrastructure and time.
What is MLaaS?
MLaaS (Machine Learning as a Service) is a machine-learning service provided by various CSPs which enables a range of ready to use machine learning models, visualization tools & APIs which can be leveraged by organizations to gain meaningful insights from their data instead of reinventing the wheel by developing their own platform. Small & medium sized organizations can benefit a lot from MLaaS in quick time.
How Federation fits into the picture?
Be it building an complete independent machine learning platform or leveraging MLaaS, what purpose would it serve if it is not accessed by the right applications or tools? Or on the other hand, what if the platform is accessed by any unauthorized user?
The ML models created or part of any MLaaS are accessible through APIs, mostly REST. These models need to be accessed by a variety of consumers internal as well as external like internal business analysts, data scientists, business applications or 3rd party applications, dealer/supplier systems, customers and so on. It would have been a havoc to manage access of these heterogenous channels if it wasn’t for “Federation”.
Identity Federation along with the API gateway would provide a secured single point of entry to all the different channels to access the ML models. These entities from different channels would authenticate to the respective Identity Providers (IDP) and would be able to authenticate to the API Gateway using “Access Tokens” thereby leveraging the core concept of “Federation”.
Let us look at such a scenario with the help of an example which leverages Oracle Cloud (OCI).
Example:-
ML Platform: Oracle’s Autonomous Data Warehouse (ADW) or Oracle’s database in cloud (DBCS) would provide a robust platform for machine learning. The ML objects (models) can be created by the database users using the array of built-in algorithms and various tools. These ML objects would then be exposed as a REST service using Oracle ML Service.
API Gateway: Oracle’s API Gateway would act as a single entry point for various tools/applications trying to access the ML REST services. It would ensure that only authenticated and legitimate entities access the services. Also, it can rate limit the requests to the services avoiding DDoS attacks.
Token Validator: OCI provides capabilities to create “Serverless Functions” leveraging the open source “Fn Project”. A custom serverless function named “Token Validator” would be created which would validate the access tokens received by the API Gateway. The “Token Validator” would act as a Service Provider (SP) and federate with the multiple Identity Providers (IDP) which would issue the tokens using well-known standards like OAuth.
Identity Providers (IDP): Every user trying to access the ML Services through the API Gateway would need to authenticate. The list of such users can be vast and a mix of population. Using “Federation” such users can authenticate to their own IDPs through whichever mechanism pre-configured and can generate a “Access Token” which can be produced at the API Gateway as a sign of been already authenticated by a trusted entity.
Conclusion:-
MLaaS is definitely the future where organizations would be able to focus more on the business actions to be performed from the intelligence obtained from machine learning by outsourcing the painstaking & high skilled activities of created the ML Algorithms & Models to third party providers. At the same time, “Identity Federation” would act as a security backbone for MLaaS along with API Gateway to ensure that the right people have the right access to the ML Platform.
