Cloud Computing, where computing resources are delivered as a service over the Internet, continues to gain momentum. Microsoft recently announced its big push in SaaS with Microsoft Online Services. In the buzz driven discussion of life in the cloud, however, there is limited discussion of Identity Management. Martin Kuppinger recently addressed this, noting as security, privacy and minimal disclosure of personal information become more important, few SaaS providers are ready to support the Identity Management and GRC requirements of their customers. He states there are no standards for auditing and alerting, or for handling authorization management issues in the cloud.
"To become successful as a provider in the cloud, the 'externalization' of the management of authentication and authorization as well as externalized auditing will become mandatory. Customers can't afford to manage authorizations per cloud service but will have to apply pre-defined policies. Thus, we need new standards and we need new semantics for existing standards like XACML on a much higher level than today."