[LINK] RFC: Cloud Computing

Stephen Wilson swilson at lockstep.com.au
Tue Nov 24 13:48:18 AEDT 2009


grove at zeta.org.au wrote:
 > One thing that Clouds will open up is the new realms of Identity 
Management.
 >
 > As we get more and more users onto Clouds, authorisation and 
authentication
 > is going to become extremely important, especially with respect to 
global
 > user access, directories (LDAP etc) and so.
 >
 > The old methods are not going to cut it.  I visualise in the near future,
 > authentication portals, a bit like the old Liberty Alliance or MS 
Passport,
 > will become quite important as users will want to be able to sign in to
 > different clouds, releasing or linking data between them transparently,
 > perhaps using certificates to authenticate individual data sets or even
 > documents.

I have a pragmatic view about authentication in the cloud, but a great 
dread that cloud schemes are going to complicate the quagmire of 
authentication even more.

If the cloud is just outsourced computer processing, then nothing should 
change in the relationship between end user and end service provider 
when either or both parties are using cloud-based computing.  The 
service needs to know who (and what) I am, and vice versa.  So if I 
have, for example, a meaningful employee ID, Medicare Number, bank 
account number, another bank account number, gmail account, a Google 
Health account, LinkedIn name, and World of Warcraft avatar, then all of 
these should work essentially the same as they do now, no matter where 
the computing is carried out. 

Of course, many existing authentication methods are flawed.  But the big 
problem in ID management, irrespective of the cloud, is that single 
factor digital ID data are replayable without me knowing.  Nothing in 
Federated Identity, Cardspace, OpenID, or any other newfangled identity 
system changes that problem.  In fact, many of these efforts exacerbate 
the problem.

For the cloud to be truly invisible and to not introduce yet more layers 
of complexity, legal arrangement and new risks, we should hope that new 
authentication portals are averted, and that instead we make efforts to 
shore up the useful plurality of digital identities we already have. 

In particular, we should be more wary of single sign on in the cloud (as 
per MS Passport or Liberty Alliance).  We don't have a single key today 
for our home, office and car.  It never ceases to amaze that many think 
automatically that a single key would be a crash hot idea for digital 
resources.

Cheers,

Steve Wilson.

Lockstep

www.lockstep.com.au <http://www.lockstep.com.au>

Lockstep Consulting provides independent specialist advice and analysis
on digital identity and privacy.  Lockstep Technologies develops unique
new smart ID solutions that enhance privacy and prevent identity theft.



Marghanita da Cruz wrote:
>>
>> I am wondering if Cloud computing at present takes this into account 
>> or is it just using the old school style methods of authz/authn?
>>
> <snip>
>
> There is Google OAuth:
> <http://code.google.com/apis/accounts/docs/OAuth.html>
>
> Marghanita




More information about the Link mailing list