Friday, 14 November 2008

Day 5 - 09:00 : Identity and cloud services (ARC302)

Vittorio Bertocci presented this session on how to work with identity across services and environments using the cloud.

Traditionally in enterprise we have a set of users and a set of resources that they can access. Each time the user accesses a resource, the user is validated against this source and granted or denied access etc. This scenario starts to become more complex when you wish to allow other environments to access your resources or for your users to access resources in other environments.

The solution is to outsource aspects of identity management to the cloud, allowing relationships and credentials to be managed across technologies, services and environments. Where two systems, organisations or environments have no trust between them, we can use a claims transformer or resource security token system (R-STS) in the cloud that is trusted by both.

This provides a natural point of trust brokering with customers and partners along with a natural point of authorisation evaluation and enforcement.

Azure provides this type of service through the .NET services access control service. In this service, every solution gets a dedicated R-STS instance. The application has it's own policy which remains the same, whilst rules are created for how to transform between your various customers or partners tokens (or windows live credentials etc) to your own through the R-STS.

No comments:

Post a comment