Two major identity management companies are forging ahead with products designed to satisfy what a cloud-computing consortium calls one of the trickiest problems preventing secure and automated connections between internal IT infrastructures and external service providers: identity and authentication.

Last week at The Burton Group's Catalyst Conference, Novell demonstrated a pre-release version of its Cloud Security Service, designed to synchronize login and authentication data between external clouds and internal systems without exposing internal security data.

At the same conference, CA demonstrated a product called Federation Manager, designed to provide single sign-on across several internal and external cloud or SaaS applications.

The problem the two are offering to solve is federated identity management—the need to connect and synchronize user data between external service providers and internal IT security measures.

[For timely cloud computing news and expert analysis, see CIO.com's Cloud Computing Drilldown section. ]

Without external services managed by identity management specialists such as Novell, CA and others, use of cloud-computing services could get snarled in a web of manual updates and processes that are too much trouble to implement and present far too much potential for error, according to Rich Mogull, a former Gartner analyst who now runs the Securosis, L.L.C security consultancy.

"Managing user authentication internally is not that big a deal, and it's not a big problem services you log into over the Web or FTP or whatever, because you're using a single user credential to sign in to something," Mogull says. "With SaaS and cloud environments you're extending your infrastructure, which essentially means you'd have to manually recreate all your users in that cloud and synchronize all the changes manually as well."

Whose Identity Answer Looks Promising?

Both Microsoft and VMware have promised their own takes on identity management for cloud computing, but a host of third parties is also beginning to crowd the market.

Relative small fry such as Radiant Logic, for example, touts its RadiantOne Identity and Context Virtualization Platform as a two-part solution to identity management. Its Identity Correlation and Synchronization Server aggregates and synchronizes identity data from end-user and cloud organizations, while its Virtual Directory Server provides authentication and access control.

Others, such as PingIdentity take a tighter focus, providing secure single sign-on to one or two SaaS applications at a time.

"People don't think of it that way, but SaaS is as much a cloud environment as other cloud services," Mogull says.

In addition to specific products, OASIS and other standards organizations have been working on security specifications such as the Security Assertion Markup Language (SAML), the Web Services Federation Language (WS-Federation), or earlier Liberty Identity Federation Framework (ID-FF).