Strategy Research On Implementation Of Identity And Access Management In Enterprise Cloud

With the development of Information Technology, computing Resource is becoming more and more indispensible in our daily life, thus much convenient ways of helping people find what they want are taken more and more attention, and these have become hot topics in the scholars and practitioners. Cloud Computing wins the publics pursuit and enthusiasm with its large hyper-scale, high-reliability, affordability and its On-demand Service, and it also brings much more challenges to the enterprises and other organizations. For example, the data information stored in enterprises before and the personal information should be kept will be exposed in more risks.Identity and Access Management deserves its due attention in the current research atmosphere of the enterprise application systems as the first Safe Protection Layer. This paper is focusing on Strategy of Identity and Access Management of enterprise application systems in the cloud, and through analyzing and improving two aspects of the management respectively, we can make a policy to make a safe identity authentication and efficient access.Firstly, this paper proposes an improved scheme which uses USBKEY authentication technology and Elliptic Curve Cryptography (ECC) as remedy of the Kerberos protocol when applying in the authentication part of a system, and this scheme can also be applicable to the Cross-Domain situation, additional solutions for which is also illustrated in the following.After the entrance of users in the application systems under certain situation, we use a flexible access control strategy which is based on the RBAC (Role-based Access Control) model, and is integrated with a series of security attributes and organization labels for enterprise applications. This strategy subdivides the roles and their corresponding permissions into smaller fractions so as to realize the dynamic performance and fine-grained assignment of an application on the assumption of the reliance of the Third Party. Finally, an analysis combined with one actual implementation is provided to show its effectiveness and practicality in the process of access control while applied in the enterprise-like corporation systems.