When we look at authentication and authorization aspects of cloud computing, most discussions today point towards various forms of identity federation and claims-based authentication to facilitate transactions between service end points as well as intermediaries in the cloud. Even though they represent another form of paradigm shift from the self-managed and explicit implementations of user authentication and authorization, they have a much better chance at effectively managing access from the potentially large numbers of online users to an organization's resources.

So that represents using trust-based, identity assertion relationships to connect services in the cloud, but what do we do to authenticate end users to establish their identities? Most user-facing services today still use simple username and password type of knowledge-based authentication, with the exception of some financial institutions which have deployed various forms of secondary authentication (such as site keys, virtual keyboards, shared secret questions, etc.) to make it a bit more difficult for popular phishing attacks.

But identity theft remains one of the most prevalent issues in the cloud, and signs show that the rate and sophistication of attacks are still on the rise. The much publicized DNS poisoning type of flaws disclosed by Dan Kaminsky at the Black Hat conference (and related posts on C|Net News, InformationWeek, Wired, ZDNet, CIO, InfoWorld, PC World, ChannelWeb, etc.) earlier point out how fragile the cloud still is, from a security perspective, even at the network infrastructure level.

Strong User Authentication

Thus the most effective way to ensure users are adequately authenticated when using browsers to access services in the cloud, is to facilitate an additional authentication factor outside of the browser (in addition to username/password). Which is essentially multi-factor authentication, but available options today are rather limited when considering requirements of scalability and usability.

The aspect of designing and implementing effective user authentication, was the focus of my recently published article, "Strong User Authentication On the Web", as part of the 16th edition of the Architecture Journal. The article discussed a few viable options at implementing "strong" user authentication for end users in the cloud (not limited to multi-factor authentication), and an architectural perspective on many of the capabilities that together form a strong authentication system.

Just one of the many ways to compose these capabilities together. As we move towards cloud computing, the line between internal security infrastructure and public cloud-based services will continue to blur.

08.08.08 - after 7 years of preparation and anticipation, the XXIX Olympiad has finally opened in Beijing. What a spectacular opening ceremony it was. And such breathtaking architectures of the "Bird's Nest" National Stadium and "Water Cube" Aquatics Center. It's hard even just to imagine the amount of thought and hard work that went into creating these phenomenal achievements.

Side Note on Physical Structures

Just want to take the opportunity to talk a little about these two eye-popping buildings.

The "Bird's Nest", completed just in March 2008, at one point had more than 7,000 workers toiling around the clock. Its most significant feature is the seemingly random lattice of interwoven steel used for the stadium exterior, which resembles the structure of a bird's nest. The unconventional design also brought a set of new issues to address during its construction. For example, the activities of welding sections of the steel structures together had to take place during specific times of the day, such that the structure is put together at a temperature that can accommodate the wide range of expansions and contractions of the steel structures caused by temperature changes throughout the year in Beijing.

The "Water Cube", completed at the end of 2007, is very interesting from the perspective of its "green" design, with the use of ETFE (Ethylene Tetrafluoroethylene) air cushions for its enclosure (instead of concrete/steel and/or huge glass panels. ETFE is essentially a form of plastic but doesn't burn due to the existence of fluoride in the material which chemically shields oxygen molecules.

The "bubble" design was reportedly inspired by the natural geometric shapes formed by soap bubbles. It provides natural lighting, insulation, and requires less steel structure to support than glass panels. The insulation is achieved by a sophisticated air pump system that maintains the pressure in the ETFE bubbles, resulting in major savings in heating costs during snowy winters in Beijing. During the summer, a ventilation system is used.

In addition, the "Water Cube" was designed with water-saving and environmental protection efforts. According to statistics, the outer surface and roof facade can "collect" 10,000 tons of rain water, 70,000 tons of clean water and 60,000 tons of swimming pool water annually. And the venue can also save 140,000 tons of recycled water a year.

The Online Experience

In the online world, we also have the much publicized partnership between NBC and Microsoft to bring the Olympics event coverage on to the Internet. It is reported that NBC will be streaming more than 3,500 hours of video content, including live coverage of every minute of competition from 25 sports. The sheer scale and magnitude of this project makes it the largest media event on the Web, so far.

The NBC Olympics video site lives exclusively on the MSN network, and is designed to handle more than 2.3 terabytes/second of traffic. Silverlight 2 is the core technology behind the Olympics video player and provides the high-quality, interactive experience.

But that's not all. Here are all the ways you can experience the 2008 Summer Olympics from Microsoft and NBC:

• Online Video - Click http://www.nbcolympics.com/video to jump right in and experience high-quality, interactive video using Silverlight.  Get HD quality video on the web that’s optimized using Silverlight’s adaptive streaming capability, watch up to four live streams simultaneously in the same player, and get expert commentary, etc.
• MSN.com - MSN homepage will feature an Olympics module which will enable people to see results (or hide them if you don’t want any spoilers), get the latest news and see exclusive video coverage. Also implemented using Silverlight
• MSN Toolbar - Install the new MSN Toolbar that gives you one click access to the medal tally and many other highlights. Also implemented using Silverlight
• Live Search - Get the latest medal counts by sport or by country, or find out about all 10,000 of the athletes competing in the 2008 Summer Games
• Zune - Starting on 8/9, Zune Marketplace will kick off a series of daily 2008 Olympic Games videos from NBC Sports, giving viewers special on-the-go access to the 2008 Beijing Olympic Games
• XBOX - XBOX users will be able to purchase and download a daily wrap-up of the day’s events from NBC Sports, with a complete wrap-up at the end of the Games
• Windows Media Center - NBC Olympics On The Go provides downloads for 200+ hours of catch-up TV programming, with coverage of approximately 24 sports, the full opening ceremony, and a closing ceremony montage

Some screenshots of the Silverlight-based enhanced video player on nbcolympics.com.

Below is the enhanced player streaming the live men's cycling event, a separate concurrent video stream in picture-in-picture (PIP) mode, and live commentary on the lower right hand corner.

And the "Control Room" section (toggled by the top button on the left panel) which allows concurrent streaming of 4 separate live streams. I only have a 3MB pipe at home but they were all playing smoothly. Silverlight's adaptive streaming capability really helped in this case.

And look - DRM (Digital Rights Management)! ;)