Identity Management and Control for Clouds [chapter]

Raghu Yeluri, Enrique Castro-Leon
2014 Building the Infrastructure for Cloud Security  
In the last few chapters we covered the technologies, usage models, and capabilities that are required to enable trusted infrastructure in the cloud-one of the foundation pillars for trusted clouds. We looked at the concepts, solution architectures, and ISV components that establish and propagate platform trust, attestation, and boundary control, all of which are required to enable the trusted clouds. The other foundational pillar to enable them is identity management, and that is the focus on
more » ... his chapter. Identity management encompasses the management of individual identities and their authentication, authorization, roles, and privileges and permissions within or across system and enterprise boundaries, with the goal of increasing security and productivity while decreasing cost, downtime, and repetitive tasks. Identity management thus constitutes an essential capability for attaining trusted clouds. From a cloud security perspective, and given the distributed nature of the cloud, questions like, "How do I control passwords and access tokens in the cloud?" and "How do I federate identity in the cloud?" are very real and thorny ones for cloud providers and subscribers. In this chapter, we will provide a broad introduction to identity, survey the challenges and requirements for identity management systems, and describe a set of technologies from Intel and McAfee that address identity requirements. The emerging cloud infrastructure connects remote parties worldwide through the use of large-scale networks and through a diverse and complex set of hardware and software technologies. Activities in various domains, such as e-commerce, entertainment, social networking, collaboration, and health care are increasingly being implemented by diverse sets of resources and services. These resources and services are engaged at various levels within those domains. The interactions between different parties at remote locations may be (and sometimes should be) based on the information that's needed to carry out specific transactions with little knowledge about each other beyond that. To better support these activities and collaborations, it is essential there be an information technology infrastructure with a simple-to-use identity management system. We expect, for example, that personal preferences and profiles of individuals be readily available as a cloud service when shopping over the Internet or with the use of mobile devices. Extensive use of cloud services involving sensitive computation and storage should be done without the need for individuals to repeatedly enter user credentials. In this scenario, the technology for digital identity management (IdM) is fundamental in customizing the user experience, underpinning accountability in the transactions, and
doi:10.1007/978-1-4302-6146-9_7 fatcat:7rqnbfyfxbhrdkh2zgnfeupihy