One alternative is to create a new "cloud" identity system. Given the current state of information technology investment, it will likely be a "hard sell" to design, build, and support a second identity management system. Another alternative is to adopt a combination of eXtensible Access Control Markup Language (XACML) and Security Assertion Markup Language (SAML). The latter provides a secure mechanism to exchange "assertations" for authentication. The former (XACML) offers the capability for a cloud provider to control access to cloud resources in a standard/non-proprietary fashion.
The guideline paper concludes with this thought: "Many of the features that make cloud computing attractive can also be at odds with traditional security models and controls."
Source: NIST Guidelines on Security and Privacy in Public Cloud Computing