Cloud Computing Conference 2009 – OpenID – Identity in the Cloud?

Nat Sakimura – Founder of OpenID Japan – Senior Researcher

http://www.sakimura.org/en

Cloud makes solutions

  • Faster
  • Cheaper
  • Safer
    • Well, System is but what about account Management? We need some kind of Federated Identity

Two Types of Federation

  • Closed Federation
    • Out of  bound trust exchange
  • Open Federation
    • Dynamic

OpenID

  • Assertion Format: Tag=Value
  • Protocol for request/response of the Assertion
    • Discovery of IdP through XDRS
    • Dynamic association through DH
  • Supported by AOL, Yahoo!, France Telecom, Goolge, Facebook
    • Soon to come? Microsoft , NTT

Is this enough?

  • No. In cloud computing we also need the following
    • Roles and Authorization
      • We need to extract attributed from the authoritative sources
        • In Real-Tiime
    • Audit and Trust Formation
      • OpenId is Dynamic
        • Federation – Out of bound TRUST formation
        • OpenID is “Open” = “Promiscuous”
    • Relationship Management and Non-repudiation
      • CX Features
        • Non-repudiation and Integrity
        • Confidentiality
        • Extensible Context
        • Applicable to limited functionality user agents such as Mobile fones
        • Asynchronous Messaging
    • Connect different protocols
      • LDAP + OpenID
      • SAML + OpenID
      • WS-* + OpenID

Very similar to OAuth

No Comments