Novell Cloud Security Service (NCSS) is a Web-based (SaaS) identity and access management solution, currently in private beta but scheduled for release in early 2010. NCSS allows SaaS, PaaS, and IaaS providers to offer their enterprise customers the ability to deploy their existing identity infrastructure in the cloud.
At the core of NCSS is the Cloud Security Broker, a collection of cloud elements that work together to provide a secure place for cloud workloads and cloud storage. SaaS and PaaS platforms access the Security Broker via identity and event connectors provided by NCSS, while the enterprise accesses the broker via an on-premise secure bridge run from the data center. This secure bridge, which is firewall friendly, provides a protocol proxy, policy agent, audit agent, secure communication manager and key agent. The broker ensures that sensitive information always remains behind the firewall.
When an enterprise engages a SaaS provider that uses Novell Cloud Security Service, a user at that enterprise will either log on to the service directly or via the enterprise’s existing identity systems. A "Cloud Security Broker" will then verify the identity of the user. If the user is valid, the broker generates and passes an identity token in the format requested by the cloud provider. NCSS supports multiple industry standards and identity management systems enabling different SaaS vendors to connect to different enterprise identity systems easily. NCSS also provides connectors on the SaaS provider side that provide deep audit tracking logs that enterprises can use for compliance purposes.
NCSS features a graphical dashboard interface for providers and their customers to easily manage all their connections via a single unified interface. It also includes a key management functionality that maintains the cryptographic keys necessary for communication between the various components.