Information Technology Reference
In-Depth Information
IAM and Cloud Computing
When Yoda said, “Clouded our vision was,” he did so ruefully. But today, the
vision for any software system must include the Cloud!
For end-user organisations that rely on Infrastructure as a Service (IaaS)
clouds, IAM is something they would need to set up themselves to protect
the applications they upload to it
30
.
Cloud providers who offer a Platform as a Service (PaaS) need to worry
about setting up a supporting set of shared services on top of a basic IaaS for
client applications that are deployed on their platform, and IAM is a c lassic
shared service that they would need to configure
31
.
Both groups of people need to understand how IAM plays in the cloud.
One may be tempted to ask, “Is CAS or Shibboleth the better product for the
Cloud?”
The question, however, is misguided. The important factor to consider is
where users are provisioned relative to where the applications they access
are hosted.
If the user repository is hosted on the same cloud that hosts the
applications those users access, then this is a case of local identity
management, and CAS will do nicely.
If the user repository and the applications that users access are hosted
on
different
clouds,
then
this
is
a
case
of
federated
identity
management, and Shibboleth is the better fit.
The following diagram illustrates this rule with the help of a mnemonic.
C: Co-located user repository and applications - use CAS
S: Separately located user repository and applications - use Shibboleth
30
End-users of Platform as a Service (PaaS) clouds don't have to worry about
designing IAM configurations. They would just use the IAM-equivalent services
provided by their vendor. The design of IAM is even less relevant for end-users of
Software as a Service (SaaS) platforms.
31
E.g., Amazon Web Services include IAM, which is leveraged in their Beanstalk PaaS
offering.
