[LINK] RFC: Cloud Computing
Stephen Wilson
swilson at lockstep.com.au
Tue Nov 24 13:48:18 AEDT 2009
grove at zeta.org.au wrote:
> One thing that Clouds will open up is the new realms of Identity
Management.
>
> As we get more and more users onto Clouds, authorisation and
authentication
> is going to become extremely important, especially with respect to
global
> user access, directories (LDAP etc) and so.
>
> The old methods are not going to cut it. I visualise in the near future,
> authentication portals, a bit like the old Liberty Alliance or MS
Passport,
> will become quite important as users will want to be able to sign in to
> different clouds, releasing or linking data between them transparently,
> perhaps using certificates to authenticate individual data sets or even
> documents.
I have a pragmatic view about authentication in the cloud, but a great
dread that cloud schemes are going to complicate the quagmire of
authentication even more.
If the cloud is just outsourced computer processing, then nothing should
change in the relationship between end user and end service provider
when either or both parties are using cloud-based computing. The
service needs to know who (and what) I am, and vice versa. So if I
have, for example, a meaningful employee ID, Medicare Number, bank
account number, another bank account number, gmail account, a Google
Health account, LinkedIn name, and World of Warcraft avatar, then all of
these should work essentially the same as they do now, no matter where
the computing is carried out.
Of course, many existing authentication methods are flawed. But the big
problem in ID management, irrespective of the cloud, is that single
factor digital ID data are replayable without me knowing. Nothing in
Federated Identity, Cardspace, OpenID, or any other newfangled identity
system changes that problem. In fact, many of these efforts exacerbate
the problem.
For the cloud to be truly invisible and to not introduce yet more layers
of complexity, legal arrangement and new risks, we should hope that new
authentication portals are averted, and that instead we make efforts to
shore up the useful plurality of digital identities we already have.
In particular, we should be more wary of single sign on in the cloud (as
per MS Passport or Liberty Alliance). We don't have a single key today
for our home, office and car. It never ceases to amaze that many think
automatically that a single key would be a crash hot idea for digital
resources.
Cheers,
Steve Wilson.
Lockstep
www.lockstep.com.au <http://www.lockstep.com.au>
Lockstep Consulting provides independent specialist advice and analysis
on digital identity and privacy. Lockstep Technologies develops unique
new smart ID solutions that enhance privacy and prevent identity theft.
Marghanita da Cruz wrote:
>>
>> I am wondering if Cloud computing at present takes this into account
>> or is it just using the old school style methods of authz/authn?
>>
> <snip>
>
> There is Google OAuth:
> <http://code.google.com/apis/accounts/docs/OAuth.html>
>
> Marghanita
More information about the Link
mailing list