All postings/content on this blog are provided "AS IS" with no warranties, and confer no rights. All entries in this blog are my opinion and don't necessarily reflect the opinion of my employer.
When we look at authentication and authorization aspects of cloud computing, most discussions today point towards various forms of identity federation and claims-based authentication to facilitate transactions between service end points as well as intermediaries in the cloud. Even though they represent another form of paradigm shift from the self-managed and explicit implementations of user authentication and authorization, they have a much better chance at effectively managing access from the potentially large numbers of online users to an organization's resources.
So that represents using trust-based, identity assertion relationships to connect services in the cloud, but what do we do to authenticate end users to establish their identities? Most user-facing services today still use simple username and password type of knowledge-based authentication, with the exception of some financial institutions which have deployed various forms of secondary authentication (such as site keys, virtual keyboards, shared secret questions, etc.) to make it a bit more difficult for popular phishing attacks.
But identity theft remains one of the most prevalent issues in the cloud, and signs show that the rate and sophistication of attacks are still on the rise. The much publicized DNS poisoning type of flaws disclosed by Dan Kaminsky at the Black Hat conference (and related posts on C|Net News, InformationWeek, Wired, ZDNet, CIO, InfoWorld, PC World, ChannelWeb, etc.) earlier point out how fragile the cloud still is, from a security perspective, even at the network infrastructure level.
Strong User Authentication
Thus the most effective way to ensure users are adequately authenticated when using browsers to access services in the cloud, is to facilitate an additional authentication factor outside of the browser (in addition to username/password). Which is essentially multi-factor authentication, but available options today are rather limited when considering requirements of scalability and usability.
The aspect of designing and implementing effective user authentication, was the focus of my recently published article, "Strong User Authentication On the Web", as part of the 16th edition of the Architecture Journal. The article discussed a few viable options at implementing "strong" user authentication for end users in the cloud (not limited to multi-factor authentication), and an architectural perspective on many of the capabilities that together form a strong authentication system.
Just one of the many ways to compose these capabilities together. As we move towards cloud computing, the line between internal security infrastructure and public cloud-based services will continue to blur.
08.08.08 - after 7 years of preparation and anticipation, the XXIX Olympiad has finally opened in Beijing. What a spectacular opening ceremony it was. And such breathtaking architectures of the "Bird's Nest" National Stadium and "Water Cube" Aquatics Center. It's hard even just to imagine the amount of thought and hard work that went into creating these phenomenal achievements.
Side Note on Physical Structures
Just want to take the opportunity to talk a little about these two eye-popping buildings.
The "Bird's Nest", completed just in March 2008, at one point had more than 7,000 workers toiling around the clock. Its most significant feature is the seemingly random lattice of interwoven steel used for the stadium exterior, which resembles the structure of a bird's nest. The unconventional design also brought a set of new issues to address during its construction. For example, the activities of welding sections of the steel structures together had to take place during specific times of the day, such that the structure is put together at a temperature that can accommodate the wide range of expansions and contractions of the steel structures caused by temperature changes throughout the year in Beijing.
The "Water Cube", completed at the end of 2007, is very interesting from the perspective of its "green" design, with the use of ETFE (Ethylene Tetrafluoroethylene) air cushions for its enclosure (instead of concrete/steel and/or huge glass panels. ETFE is essentially a form of plastic but doesn't burn due to the existence of fluoride in the material which chemically shields oxygen molecules.
The "bubble" design was reportedly inspired by the natural geometric shapes formed by soap bubbles. It provides natural lighting, insulation, and requires less steel structure to support than glass panels. The insulation is achieved by a sophisticated air pump system that maintains the pressure in the ETFE bubbles, resulting in major savings in heating costs during snowy winters in Beijing. During the summer, a ventilation system is used.
In addition, the "Water Cube" was designed with water-saving and environmental protection efforts. According to statistics, the outer surface and roof facade can "collect" 10,000 tons of rain water, 70,000 tons of clean water and 60,000 tons of swimming pool water annually. And the venue can also save 140,000 tons of recycled water a year.
The Online Experience
In the online world, we also have the much publicized partnership between NBC and Microsoft to bring the Olympics event coverage on to the Internet. It is reported that NBC will be streaming more than 3,500 hours of video content, including live coverage of every minute of competition from 25 sports. The sheer scale and magnitude of this project makes it the largest media event on the Web, so far.
The NBC Olympics video site lives exclusively on the MSN network, and is designed to handle more than 2.3 terabytes/second of traffic. Silverlight 2 is the core technology behind the Olympics video player and provides the high-quality, interactive experience.
But that's not all. Here are all the ways you can experience the 2008 Summer Olympics from Microsoft and NBC:
Some screenshots of the Silverlight-based enhanced video player on nbcolympics.com.
Below is the enhanced player streaming the live men's cycling event, a separate concurrent video stream in picture-in-picture (PIP) mode, and live commentary on the lower right hand corner.
And the "Control Room" section (toggled by the top button on the left panel) which allows concurrent streaming of 4 separate live streams. I only have a 3MB pipe at home but they were all playing smoothly. Silverlight's adaptive streaming capability really helped in this case.
And look - DRM (Digital Rights Management)! ;)