[OpenID] Cloud computing portals: an opportunity for Chrome?

Johannes Ernst jernst+openid.net at netmesh.us
Wed Sep 3 18:32:13 UTC 2008 

Have you looked at VeriSign's recent incarnation of PIP? It sounds  
very much like what you are talking about. If not, please explain ;-)


On 2008/09/03, at 8:23, Neil Robinson wrote:

> Hi, guys.
>
> I've followed a lot of the exchanges regarding OpenID, though many  
> are rich and useful discussions and often too far outside my  
> technical knowledge!
>
> Here's something I'd like to throw into the mix. It concerns a  
> practical application for OpenID. We spend a lot of time talking  
> about internal functionality, but what about a real life application  
> of what we're building here?
>
> Cloud computing or Software as a Service (SaaS) is now so advanced  
> that it offers a virtual desktop, as powerful as the local desktop  
> many of us have used in corporate life. However, there are two vital  
> aspects missing that could threaten the adoption of this across the  
> business landscape as a whole. Management and security.
>
> Let's take a look at the local desktop to remind ourselves of what  
> that provides.
>
> A good desktop is designed to provide all the productivity  
> applications a user might need locally. If the right choices have  
> been made, this provides a cohesive and easy user experience. The  
> user logs in and each application opens on demand, taking the  
> credentials from Active Directory if Windows based, or some other  
> LDAP schema if not. Security is out of scope of this discussion, so  
> we'll leave it there.
>
> The local desktop falls apart and the user experience substantially  
> degrades when that user is mobile or uses another desktop. But we  
> all know that.
>
> Now, let's look at the web experience, assuming the user has the  
> same applications, but this time presented through the cloud. For  
> example, I use Zimbra, ProjectPlace and ZoHo Office. The user logs  
> in to a desktop and opens up a browser to launch the first  
> application. There are no credentials passed through, so the user  
> logins in again. OK, on to the next application. They close that  
> browser (maybe by accident) or open up another tab. They have to  
> sign in again. This process is repeated for each application.
>
> Ultimately, that is the cloud desktop's biggest disadvantage and one  
> criticism of it that will be thrown in our faces time and time  
> again. Also, there's no control over how many other applications the  
> user chooses to open and potentially load with company information.  
> So how will we secure such access if we allow login to remain manual?
>
> So finally, here is my point. I propose cloud users instead of  
> opening browsers as they do today, be presented with a portal page.  
> This lists the available cloud applications and manages the  
> authentication for each one, using OpenID. But instead of merely  
> passing the credentials to the application via the normal login  
> screen, it becomes a seamless part of the portal's operation.
>
> So, in summary, how far are we away from a portal that provides all  
> the features of a local managed desktop and offers:
>
> (1) Manages cloud application authentication
>
> (2) Restricts access to only authorised applications
>
> (3) Tears down the connection on network or session failure to leave  
> no footprint (essential for cyber cafes)
>
> (4) Imposes no operational bandwidth burden
>
> (5) has an admin facility where application and users can be added,  
> edited and deleted
>
> I know some may screem "off-topic", but we should never take any  
> technology (like OpenID) in isolation but always think about where  
> it fits into the Big Picture.
>
> Thoughts welcomed!
>
>
> Neil Robinson MBCS IAMCP
>
> strategy and architecture
>
> LANZen Limited
>
> http://www.lanzen.co.uk
>
> phone: 0126 029 0592
> mobile: 0771 063 4616
>
> s e c u r e    i n f o r m a t i o n    s o l u t i o n s
>
> securely sent using Zimbra collaboration suite – intelligent  
> messaging management
>
> This email is to be read by the designated original recipient only
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20080903/2f4e2ce1/attachment-0001.htm>

More information about the general mailing list