Comments on: Identity Management and the Cloud http://blogs.kuppingercole.com/kuppinger/2009/04/14/identity-management-and-the-cloud/ KuppingerCole Wed, 08 Feb 2012 09:08:03 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Eve Maler http://blogs.kuppingercole.com/kuppinger/2009/04/14/identity-management-and-the-cloud/comment-page-1/#comment-101 Eve Maler Tue, 14 Apr 2009 21:58:54 +0000 http://blogs.kuppingercole.com/kuppinger/?p=166#comment-101 There is promise, I believe, in distributed authorization in the style of OAuth (perhaps more properly called web services single sign-on, depending on your perspective). OAuth lets you authorize a pair of services to interact on your behalf without requiring explicit SSO, though the access token exchanged during service introduction can be seen as a pairwise pseudonym. The ProtectServe work I've been involved in (<a href="http://www.xmlgrrl.com/blog/categories/protectserve/)," target="_blank">http://www.xmlgrrl.com/blog/categories/protectser...</a> which leverages OAuth, attempts to provide dynamic authorization management of roughly the sort you called for in your March 18th post, and we're seeing some cloud-computing potential in the idea. I believe XACML may have a role to play here, and/or perhaps some of the higher-order XACML-based specs like CARML and Privacy Constraints, depending on the sorts of policy and data-sharing contract terms the "user" (cloud developer?) might want to impose. I would be very interested in collecting specific cloud-computing and GRC use cases that might shed light on ProtectServe requirements. (I hope we can chat about this at EIC!...) There is promise, I believe, in distributed authorization in the style of OAuth (perhaps more properly called web services single sign-on, depending on your perspective). OAuth lets you authorize a pair of services to interact on your behalf without requiring explicit SSO, though the access token exchanged during service introduction can be seen as a pairwise pseudonym.

The ProtectServe work I've been involved in (http://www.xmlgrrl.com/blog/categories/protectser… which leverages OAuth, attempts to provide dynamic authorization management of roughly the sort you called for in your March 18th post, and we're seeing some cloud-computing potential in the idea. I believe XACML may have a role to play here, and/or perhaps some of the higher-order XACML-based specs like CARML and Privacy Constraints, depending on the sorts of policy and data-sharing contract terms the "user" (cloud developer?) might want to impose.

I would be very interested in collecting specific cloud-computing and GRC use cases that might shed light on ProtectServe requirements. (I hope we can chat about this at EIC!…)

]]>