I have a blog post over on the Cloud Access Security on FGA for Salesforce and Google Apps
Companies that move to Cloud Providers like Salesforce and Google apps quickly discover that part of the migration involves revisiting their security model. Authentication, authorization, account management, and federation are on the menu of activities for most organizations as they strive to garner the cost savings and distribution of the Cloud and retain some level of control of users and assets.
Cloud consumers can insulate their implementations from the vagaries of proprietary identity implementations through using standards. In most cases, SAML represents a logical starting point for conveying identity information from the Cloud Consumer to the Cloud Provider. SAML is a well adopted industry standard that is available in many commercial and open source implementations. SAML is referenced by many industry groups such as the Cloud Security Alliance.SAML’s architecture lends itself to Cloud scenarios, because the Cloud Consumer (enterprise) and Cloud Provider fit naturally into the core SAML roles. The primary roles in a SAML architecture are the Identity Provider (IdP) who asserts information about a user, and Relying Party (RP), who acts on the information for the service provider, such as the Cloud Provider. Because SAML was designed with this separation of roles in mind, it maps cleanly onto Cloud Deployment models.
Read the whole thing here
Comments