Authentication blues? Consider cloud identity management
A comprehensive collection of articles, videos and more, hand-picked by our editors
Cloud-based applications are the future. Soon, cloud apps that are accessed using any device with a Web browser and Internet access will replace traditional legacy apps. But with so many applications coming from different providers, how will end users' personal information transfer from one cloud app to another?
In the post-PC era, computing is about the user rather than the device. What cloud applications know about users and how that knowledge is transmitted is a vital part. For example, I shouldn't have to enter my personal information every time I sign up for a different application; if I change my address or cell phone number in one application, all cloud apps should recognize that change. In addition, personal preferences, such as how the date appears, should override device settings.
As we move from a PC-centric world to a person-centric world, there should be a centralized record of a user's identity in the cloud -- similar to a Windows user roaming profile. This record wouldn't reside in a single database for everyone, although I'm sure Google, Facebook and Microsoft would each want access to that if it existed. Instead, users subscribe to a preferred provider with a standard for accessing personal information. In this case, when an end user signs up for a cloud application, the app would query his or her information from the cloud provider -- rather than offer a multipage signup form.
In the post-PC era, computing is about the user rather than the device.
Google, Facebook and Microsoft already have some of my personal information, and they make it available across their estates of cloud services. To be truly useful, users' information should be available across different companies' estates. If Google is where I primarily store data, then Microsoft and Facebook should also have access to that data, along with DropBox, Salesforce and every other cloud application to which I subscribe.
Once users have a central record of personal preferences and information, then we should see extensions to other types of information. The profile could include citizenship information as well as driver's license and organ donor status, for example. Social media accounts could be set up so users can follow any cloud application they sign into.
Having a single authoritative record for details about users, in addition to simplifying access for end users, would make information management simpler. In New Zealand, for example, we have different privacy and disclosure laws from other jurisdictions; these differences should be taken into account. Employers should be able to access some information, and the government should be able to access a separate set of data. We also need some serious security controls here to prevent unintended disclosure.
But cloud providers seem to be opposed to what users want from cloud-based applications; Amazon Web Services and other major cloud service providers don't see value in facilitating user mobility among cloud services. And end users are unlikely to pay for a service unless it works across all cloud applications they want to access. For now, users are left with "islands" of identity with each of the main cloud service providers -- and a form-filling application on their laptops to take the drudgery out of those long signup pages.
About the author
Alastair Cooke is a freelance trainer, consultant and blogger specializing in server and desktop virtualization. Known in Australia and New Zealand for the APAC virtualization podcast and regional community events, Cooke was awarded VMware Inc.'s vExpert status for his 2010 efforts.