This is not a paper about why or if you should migrate to a cloud environment, whether for one particular application or for your entire infrastructure, or for something in-between. Nor is it a paper about which provider of cloud infrastructure, applications or services you should choose to partner with. What this paper is about are the technical considerations that you should bear in mind during the process of moving to, or implementing, products or solutions that are cloud based. Note that we are specifically concerned with technical issues rather than with any personal, political or other concerns that may arise. In other words, we are principally concerned with "what" and "how": what issues you need to think about and, how, in general terms, these can be resolved.
Cloud-based applications and services, and software-as-a-service applications in particular, are coming into widespread use by organisations of all sizes. Such applications are used to process and store sensitive information making it imperative that user access rights are tightly controlled to ensure that information is secure from loss or theft and remains private. This paper discusses recent developments in identity and access management technologies that aim to extend such controls to services provided from external sources.