About this talk• Concept of Identity in Cloud Computing• Experiences as – Co-chair, Oasis Identity In The Cloud TC.
Cloud• NIST Definition• Computing model enabling – convenient, on-demand n/w access to shared pool of configurable compute resources.
Cloud• NIST Definition – Service Models – Software as a Service (SaaS) – Platform as a Service (Paas) – Infrastructure as a Service (IaaS)
Cloud• NIST Definition – Deployment Models – Private Cloud – Community Cloud – Public Cloud – Hybrid Cloud
General Cloud Identities Issues• Administrative Accounts – Identities with special attributes – Escalated Privileges • Dangerous? • Controls available?
Identity - SaaS• Identities local to the SaaS environment• Identities from federations – Private Trust Federations – Community Trust Federations – Social Identities as a Service • Facebook, Google, Twitter• Identities with delegated intermediaries – Identity Brokers
Identity - IaaS• Application Identities• Platform Identities• Infrastructure Identities – Server Identities – VM Identities • Current approach is UUIDs by vendors • What happens when VM migrates
Identity – Hybrid Cloud• Directory Services – Identities all available in cloud directory? – Access the enterprise directories? – General fear to expose enterprise directory externally.
Closing Thoughts• A large number of people are likely to remember their Facebook, Gmail, Yahoo, Twitter etc. passwords than their corporate passwords to Benefits, Payroll etc.• Try to remember the IRS pin you use to e-file?• NIST 4 LOA is flattening?