Seite 85 - Cloud Migration Version 2012 english

85 
The second system does not require any roles for authorisation 
management, but rather the coupling of the system's users with the 
permissions schema.  
IAM products can, based on LDAP, cope with such system integration 
requirements and offer consolidated, clearly structured storage of the 
relevant information. The enterprise‐specific definition of such a scheme 
would necessitate a technical integration project in this case. Whilst one 
could also go into the individual needs of the enterprise's IT, it can be 
assumed from Cloud services, with their high claim to standardisation, that 
the systems destined for integration should align themselves to an IDaaS (at 
any rate, an IdM‐aaS provided with a Private Cloud approach which would 
offer a few more options). 
Passwords and certificates 
The aforementioned core schema also makes it possible to store passwords 
and user certificates. 
While storage of a password is essential for functions discussed below, the 
need for certificate storage will depend on the requirements of the 
surrounding systems. If your enterprise uses email signatures and email 
encryption, you cannot do without a PKI (Public Key Infrastructure). The 
private keys for asymmetric encryption algorithms could make up part of 
the user data in the LDAP in that case. 
As far as further mediations on IAM in Cloud services go, we can fortunately 
suffice with password storage in conjunction with the centralised 
management of identities. 
Secure authentication 
The reason that this aspect of IAM is so important in Cloud services is that 
more open access (especially for Public Cloud services) calls for a more 
secure method of data protection. 
'
Authentication' means nothing more and nothing less than checking 
whether a given username actually belongs to the person who just entered 
this username in the computer (in the application's user interface). The 
means of choice for performing this check has always been the password, 
which is assumed to be known to the above person only.