Here is a new paper by Patrick Harding and I on Cloud Security and Federated Identity. It goes into the basic roles and operations in Federation for Cloud. What I hope is that people realize how redundant our title is. If you are in a Cloud, your identity is already federated. Its really only a question of whether the architecture supports strong tokens and protocols for communicating that identity between the Identity Providers and Relying Parties.
To federate or not is really a question, its a question of doing it consciously and well; or backing into a poor design.
Comments