Discovering Identity » CloudComputing

Perspectives on Identity and Cloud Computing

Mark Dixon — Wed, 19 May 2010 16:28:59 +0000

Dave Kearns indentified three separate focus areas for Identity and Cloud Computing in his Network World post today:

Identity-in-the-cloud, or Identity as a Service:

IdM services such as provisioning, governance, role management, compliance, etc. are hosted "in the cloud."

Identity-for-the-cloud:

Provisioning services for cloud apps provided by traditional, on-premise, provisioning vendors as well as other identity services (privileged user management, compliance, etc.) extended to the cloud from your data center.

Meshed, or integrated, on-premise/in-the-cloud:

Linking on-premises Identity Management infrastructure and cloud identity data from cloud-hosted applications.

More than anything, this points out that Identity Management and Cloud Computing is a multi-faceted issue. “Cloud” may refer to where the Identity Management services are hosted, as well as where the applications reside that consume Identity Management services – or a combination of both.

Certainly worth further exploration.

Technorati Tags: CloudComputing,IdentityManagement,DigitalIdentity

Identity Services for Cloud Computing

Mark Dixon — Tue, 09 Feb 2010 23:57:39 +0000

To support recent discussions about Identity Management and Cloud computing, I divided the types of Identity Services that might be needed to support Application services into three major categories as shown in the following diagram and explained in a bit more detail below:

The specific services provided in each category could include:

Identity Administration Services

Create, update, delete identities
Password/credential management
Entitlement definition/management
Provision/de-provision access privileges
Role engineering/management
Policy definition/management

Identity Enforcement Services

Authentication
Authorization
Access control
Federation
Web services security

Identity Audit Services

Reporting
Evaluation
Attestation
Validation
Remediation

Did I miss any services that you think should be present? Any input on the categories or types of services? Any input or criticism would be most welcome.

Technorati Tags: Identity, IdentityManagement, CloudComputing, IDaaS, SOA

Users of Cloud-based Services

Mark Dixon — Thu, 04 Feb 2010 16:54:19 +0000

The following chart may be helpful as we consider the different types of users that should be addressed by Identity and Access Management (IAM) technology and processes in cloud computing.

At the Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) layers, the only users are administrators of the platform or infrastructure services, respectively. However, these administrative users may be either on the provider side or on the recipient or enterprise side. End users, whether within the enterprise (employees or contractors) or external to the enterprise (customers and partners), only exist at the application layer or Software as as Service (SaaS) layer.

This illustrates how cloud computing introduces increased complexity into IAM. Not only do the different layers (PaaS, IaaS and SaaS) have unique requirements, but multiple organizations (e.g. provider and enterprise) need to be considered.

For example, the nature of PaaS services will require provider administrators to have root access to the operating system, while enterprise administrators at the SaaS level may only need access to application configuration functions and external SaaS users only need to access to selected application functions.

Hopefully, this provides food for thought as we explore IAM in cloud computing. I’d be grateful to hear your comments.

Technorati Tags: CloudComputing, Identity, IdentityManagement