If you are at JavaOne and/or interested in Cloud Identity & Security, I recommend checking out my friend Farhang Kassaei's presentation - "Login Failed, Try Again: 10 Best Practices for Authentication in the Cloud." In the talk, Farhang describes an overall identity architecture for use in Cloud including the relationships between core constituents like STS and policy. Some notes I found interesting
Farhang believes that the majority of security issues are software architecture flaws with security consequences. I could not agree more, the security community gets wrapped around the axle chasing the taillights of the latest threat, but this completely misses the point of the design and implementation failures that caused it in the first place.
Farhang states that Applications in Cloud should not make assumptions about the source of identity or the authentication mechanisms that are used. Instead, the STS acts as the layer of indirection for the relevant policies, tokens, protocols and bindings. There are many reasons why this separation is essential, to give one example think of how many different ways a single user authenticates (hard tokens, smart cards, location-based, and a gajillion different passwords). Does anyone think authentication is solved? Of course not, it will continue to evolve and you don't want to have to rebuild your entire access control infrastructure every time it changes.
The boundary to keep in mind, as Farhang points out, is not the network firewall, but rather the logical and physical Security domains comprised of the relationship of the STS, IDP, and Service Provider based on policy.
The separation of concerns that Farhang describes enables a flexible Security Domain where the identity providers in one domain (like Cloud or Mobile) can use services in another domain, and the STS is responsible to validate and issue tokens.
Comments