New Guidance for Identity & Access Management from the Cloud Security Alliance

This month the Cloud Security Alliance released a document outlining guidance for Identity and Access Management for the cloud, along these points:

- Identity Provisioning
- Authentication
- Federation
- Access Control and User Profile Management
- Identity as a Service (IDaaS)

The document is very good overall. If I had one comment, I'd say it's rather idealistic how it starts from the standards and builds out from there. Many identity management and access control products had APIs other than XACML and SPML, and it could be argued that the real value of a product such as a Cloud Service Broker is that it understands the proprietary protocols used by IdM tools, not just the standards [which the document acknowledges are not always implemented by IdM products].

Today Vordel announced membership of the Cloud Security Alliance, and we're looking forward to helping work on work such as this in the future.