83
Authentication level (single‐factor, multiple‐factor, biometric)
Is an identity management system used? If so, does it support highly
secure authentication methods?
Enterprises that are braving their way in the Cloud today are justified in
demanding high quality, in all areas, from their providers. While not so long
ago the introduction of a new service (whether Cloud or on‐premise)
automatically included the introduction of the identity management system
necessary for that system (including role and permission management and
separate authentication) as a matter of course.
In this chapter we deal with several issues and challenges which Cloud
providers must face for successful service. Users of Cloud services must
judge their providers in order to obtain the best possible quality and
integrability of the offered services for their enterprise.
What is IAM?
IAM (Identity and Access Management) or IdM (Identity Management)
encompasses the management and provision of user data for
authentication, access control and authorisation purposes.
3738
Wikipedia provides a rather cumbersome definition: 'Identity management
(
IdM) is a term related to how humans are authenticated (identified) and
their actions authorised across computer networks. In general, an entity can
have multiple identities, and each identity can consist of multiple attributes
or identifiers, some of which are shared and some of which are unique
within a given name space.
We see IAM from the following perspective:
Centralised management of identities and authorisation
Secure authentication
Federation, centralised authentication and single sign‐on
For the integration of Cloud services using an enterprise's own identity
management system is first and foremost about providing users with a
37
AAA (Authentication, Authorisation and Access Control) is the alpha and omega of IAM. Here is
it important to recognise the difference between authentication and authorisation. The former
means verification of the user's identity, the latter fulfils the request for permissions in the
relevant system.
38
An expanded version of this chapter can be found under