Here is a concrete example of capabilities in Web services that explain why the cloud != mainframe or client/server. In the cloud we expect to need different identity tokens and protocols whether its SAML (and several versions of this), oauth, Information Cards, Kerberos, and many other ways that identity is conveyed. To get interoperability, a security token server (STS) is used to exchange tokens and cross domains. Because by definition there are so many players and relationships in the cloud, a STS is simply a requirement to transact identity across these domains.
Recent Posts
- Process Improvement with Checklists
- 2008 Lessons Not Learnt
- I am a better Security Pro because I am an Investor & I am a better Investor Because I am a Security Pro
- Security Integration or How do we make Gene Spafford Smile?
- Who Manages App Gateways? Who Indeed? Yo La Tengo - Call in Security DevOps
- Dreaming a Little Appsec Dream
- Making a *Gasp* Tech Dividend Growth Fund
- Infosec Mindset
- Security Failure Scenarios
- Trust
Blogroll
- Adding Simplicity - An Engineering Mantra
- Adventures of an Eternal Optimist
- Andy Steingruebl
- Andy Thurai
- Anton Chuvakin
- Arnon Rotem-Gal-Oz's Cirrus Minor
- Beyond the Beyond
- cat slave diary
- Ceci n'est pas un Bob
- cgisecurity
- ConnectID
- Cryptosmith
- Diggings
- Emergent Chaos: Musings from Adam Shostack on security, privacy, and economics
- Enterprise Integration Patterns: Gregor's Ramblings
- Financial Cryptography
- Global Guerrillas
- infosec daily: blogs
- James Kobielus
- James McGovern
- John Hagel
- Justice League [Cigital]
- Kim Cameron's Identity Weblog
- Krypted - Charles Edge's Notes from the Field
- Light Blue Touchpaper
- MAKE: Blog
- Mark O'Neill
- O'Reilly Radar
- Off by On
- ongoing
- Patrick Harding
- Perilocity
- Pushing String
- Rational Survivability
- rdist: setuid just for you
- Rich Salz
- RiskAnalys.is
- Ross Mayfield's Weblog
- Rudy Rucker
- Software For All Seasons
- Spire Security Viewpoint
- TaoSecurity
- The New School of Information Security
- Thomas P.M. Barnett :: Weblog
- Windley's Technometria
- WorldChanging: Tools, Models and Ideas for Building a Bright Green Future
- zenpundit
« Cloud is New, Infosec Isn't | Main | Seamless web of deserved trust »
The comments to this entry are closed.
SOS: Service Oriented Security
- Security > 140
- Open Group Security Architecture
- Reference Monitor for the Internet of Things
- Cloud Security: The Identity Factor
- Don't Trust. And Verify.
- Monitoring Up the Stack
- Security Gateway Buyer's Guide
- How to Do Application Logging Right
- 10 Quick, Dirty, & Cheap Things You Can Do to Improve Enterprise Security
- Thinking Person's Guide to the Cloud, Part 1
- Software Assumptions Lead to Preventable Errors
- Logging in the Age of Web Services
- Service-Oriented Security Indications for Use
- The Economics of Finding and Fixing Vulnerabilities in Distributed Systems
- Silver Bullet Security Podcast
Comments