[OpenID] Cloud computing portals: an opportunity for Chrome?

Wed Sep 3 15:23:06 UTC 2008

Hi, guys. 

I've followed a lot of the exchanges regarding OpenID, though many are rich and useful discussions and often too far outside my technical knowledge! 

Here's something I'd like to throw into the mix. It concerns a practical application for OpenID. We spend a lot of time talking about internal functionality, but what about a real life application of what we're building here? 

Cloud computing or Software as a Service (SaaS) is now so advanced that it offers a virtual desktop, as powerful as the local desktop many of us have used in corporate life. However, there are two vital aspects missing that could threaten the adoption of this across the business landscape as a whole. Management and security. 

Let's take a look at the local desktop to remind ourselves of what that provides. 

A good desktop is designed to provide all the productivity applications a user might need locally. If the right choices have been made, this provides a cohesive and easy user experience. The user logs in and each application opens on demand, taking the credentials from Active Directory if Windows based, or some other LDAP schema if not. Security is out of scope of this discussion, so we'll leave it there. 

The local desktop falls apart and the user experience substantially degrades when that user is mobile or uses another desktop. But we all know that. 

Now, let's look at the web experience, assuming the user has the same applications, but this time presented through the cloud. For example, I use Zimbra, ProjectPlace and ZoHo Office. The user logs in to a desktop and opens up a browser to launch the first application. There are no credentials passed through, so the user logins in again. OK, on to the next application. They close that browser (maybe by accident) or open up another tab. They have to sign in again. This process is repeated for each application. 

Ultimately, that is the cloud desktop's biggest disadvantage and one criticism of it that will be thrown in our faces time and time again. Also, there's no control over how many other applications the user chooses to open and potentially load with company information. So how will we secure such access if we allow login to remain manual? 

So finally, here is my point. I propose cloud users instead of opening browsers as they do today, be presented with a portal page. This lists the available cloud applications and manages the authentication for each one, using OpenID. But instead of merely passing the credentials to the application via the normal login screen, it becomes a seamless part of the portal's operation. 

So, in summary, how far are we away from a portal that provides all the features of a local managed desktop and offers: 

(1) Manages cloud application authentication 

(2) Restricts access to only authorised applications 

(3) Tears down the connection on network or session failure to leave no footprint (essential for cyber cafes) 

(4) Imposes no operational bandwidth burden 

(5) has an admin facility where application and users can be added, edited and deleted 

I know some may screem "off-topic", but we should never take any technology (like OpenID) in isolation but always think about where it fits into the Big Picture. 

Thoughts welcomed! 

Neil Robinson MBCS IAMCP 

strategy and architecture 

LANZen Limited 

http://www.lanzen.co.uk 

phone: 0126 029 0592 
mobile: 0771 063 4616 

s e c u r e i n f o r m a t i o n s o l u t i o n s 

securely sent using Zimbra collaboration suite – intelligent messaging management 

This email is to be read by the designated original recipient only 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20080903/d9373ff0/attachment-0002.htm>