Silo Based Identity Providers
In a silo-based approach to identity management in the cloud, each user account in the enterprise system is replicated into a repository of users in the cloud system. Examples of a silo-based identity approach to managing identity are:
- A database that stores identity information for a Web application that uses forms-based authentication. The database is controlled by the application.
- A directory service store that only provides identity services for a small number of services or applications hosted in the cloud.
Silo-based provider may present significant limitations in a hybrid cloud scenario. First, the using such a provider does not scale as the corporation migrates more of its services or applications to the public cloud. Every time another service is added to the public cloud, you will have to add another user repository to support the service.
Not only does this cause a proliferation of identity and permissions stores, this solution could prove to be difficult to manage in an enterprise-level environment. The stores not only would need to be synchronized regularly, but you would have to work with the provider to integrate the identity, authorization and user lifecycle processes across every identity store. This approach might only end up being less secure and introduce higher administrative overhead, but it also would not build on any current investments in Active Directory.
Note:
This document is part of a collection of documents that comprise the Reference Architecture for Private Cloud document set. The Reference Architecture for Private Cloud documentation is a community collaboration project. Please feel free to edit this document to improve its quality. If you would like to be recognized for your work on improving this article, please include your name and any contact information you wish to share at the bottom of this page.
REFERENCES:
Breaking Down the Silos: An Introduction to Federated Identity
ACKNOWLEDGEMENTS LIST:
If you edit this page and would like acknowledgement of your participation in the v1 version of this document set, please include your name below:
[Enter your name here and include any contact information you would like to share]