InformationWeek Financial Services Special Reports

Managing Cloud Security Risks

Issue link:

Contents of this Issue


Page 16 of 16

over the years. In fact, Connect erases the sins and deficiencies of the past. The protocol is a simple identity layer built on top of the Internet Engineering Task Force standard OAuth 2.0. From a very high lev- el, OAuth is about granting access, while Connect is about authentication. Simply put, Connect provides the pattern for how to securely pass identity information. Both OAuth and Connect tuck into Web architectures and align with the Internet trend toward simple, light, and functional (including standards such as Representational State Transfer (REST) and JavaScript Object Notation (JSON), as opposed to heavy and highly architect- ed standards. These developments not only align with app developers, but also administrators, who can avoid punching holes in firewalls by using simple REST calls associated with Connect. In addition, Connect provides a single security protocol for both B2C and B2B environments, and offers multiple grades of authentication. The protocol is API friendly and adapts to native and mobile applications. It supports robust signing and encryption. Now that approval is imminent, I expect it to be an important building block in access control strategies going forward. Enterprise Building Block Enterprises are acutely aware that they need to address new security concerns in distributed architectures that fea- ture cloud services, transparent security boundaries, and untethered, device-crazy end-users. Connect will aid in reducing the num- ber of sign-on credentials end users must remember to a few secure accounts that are maintained by trusted identity pro- viders — including the enterprise. And it can be used by any number of clients for authentication to resources. The spec confines complexity to a single place and enables a consistent, secure, predictable experience that improves chances of detecting fraudulent use of identity. It has been in development for the past four years and has been tested in pro- duction environments at Salesforce, Goo- gle, Microsoft, Yahoo, and many others. The OpenID Foundation, which has fos- tered development of the standard, also has developed a common user interface, called Account Chooser, aimed at stan- dardizing sign-on procedures to reduce end-user confusion. It's true that no one buys protocols, but Connect is shaping up to be one import- ant building block and an area for enter- prises to explore.p 17 dark reading MUSTReads

Articles in this issue

view archives of InformationWeek Financial Services Special Reports - Managing Cloud Security Risks