Infoworld: The looming cloud identity crisis

For now the answer to most identity problems is on-premises Active Directory integration. In an all-in cloud architecture, what do we do?

Love it or hate it, Microsoft is the de facto standard in corporate Identity. In truth, I think this is well deserved. Despite spotty support for standards, Microsoft's suite of products -- including Certificate Server, SCCM, the flagship Active Directory, and Active Directory Federation Services in combination with the core Windows login -- has long been the corporate identity standard.

As businesses move to the cloud, this situation will change. If you don't want to manage your own application servers, operating systems, and hardware and instead opt for the cloud, why would you want to manage an infrastructure for identity? This leaves us searching for the identity solution to what I call the "all-in" cloud architecture.

I hate to use the word "security" when talking about identity. But I often have to because it refers to a set of concepts that people understand. When I say "identity," I'm talking about the parts of security that are authentication and authorization -- who are you and what do you want? -- and how we provision that identity as a data construct.

XaaS identity scenarios

In the marketing avalanche of as-a-service acronyms (hereafter collectively referred to as XaaS), you'll find the emerging field of IDaaS, or identity as a service. The idea is that you can manage user identities with a Web application the way you'd manage prospects and sales in a CRM app.

But identity in the cloud is more than that. Let's say you created a user and declared her a salesperson with management responsibility. She might use for CRM, Google Apps for email and documents, and a custom application deployed on a PaaS such as Cloud Foundry. That PaaS app might even call services on Salesforce and Google Apps.

In general, your IDaaS will use the SAML protocol to handle authentication and authorization to your various XaaSes. In some cases, the user may authenticate to the IDaaS and authorize on the XaaSes with the Oauth protocol. But what exactly is this IDaaS thing?

You can read the rest of my article "The looming cloud identity crisis" over at Infoworld. It also has a companion article explaining the economics of cloud computing called "Cloudonomics" over at dZone.

Wait...there's more!

If you have other inquiries about this article or Open Software Integrators generally, you should contact

Follow us on Twitter @osintegrators and like Open Software Integrators on Facebook or add Open Software Integrators on Google+!


Post new comment

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

More information about formatting options

Are you for real?
Enter the characters shown in the image.