Seite 83 - Cloud Migration Version 2012 english

83 
Authentication level (single‐factor, multiple‐factor, biometric) 
Is an identity management system used? If so, does it support highly 
secure authentication methods? 
Enterprises that are braving their way in the Cloud today are justified in 
demanding high quality, in all areas, from their providers. While not so long 
ago the introduction of a new service (whether Cloud or on‐premise) 
automatically included the introduction of the identity management system 
necessary for that system (including role and permission management and 
separate authentication) as a matter of course.  
In this chapter we deal with several issues and challenges which Cloud 
providers must face for successful service. Users of Cloud services must 
judge their providers in order to obtain the best possible quality and 
integrability of the offered services for their enterprise. 
What is IAM? 
IAM (Identity and Access Management) or IdM (Identity Management) 
encompasses the management and provision of user data for 
authentication, access control and authorisation purposes.
3738
Wikipedia provides a rather cumbersome definition: 'Identity management 
(
IdM) is a term related to how humans are authenticated (identified) and 
their actions authorised across computer networks. In general, an entity can 
have multiple identities, and each identity can consist of multiple attributes 
or identifiers, some of which are shared and some of which are unique 
within a given name space. 
We see IAM from the following perspective: 
Centralised management of identities and authorisation 
Secure authentication 
Federation, centralised authentication and single sign‐on 
For the integration of Cloud services using an enterprise's own identity 
management system is first and foremost about providing users with a 
37
AAA (Authentication, Authorisation and Access Control) is the alpha and omega of IAM. Here is 
it important to recognise the difference between authentication and authorisation. The former 
means verification of the user's identity, the latter fulfils the request for permissions in the 
relevant system. 
38
An expanded version of this chapter can be found under