Provisioning in the cloud

I would like to draw everyone’s attention  to a Dave Kearns Newsletter of June 21st, which in turn points to a very relevant Oracle blog which is worth reading.

http://www.networkworld.com/newsletters/dir/2010/062110id1.html?source=NWWNLE_nlt_security_identity_2010-06-21

The conclusions drawn in a set of four separate blogs on this subject do coincide with my own as recently presented to the CloudSecurity Alliance in Barcelona, with perhaps the difference that oracle’s Nishant Kaushik  really doesn’t offer a solution, which is not surprising, because Oracle is not likely to ever become an Identity Service Provider like Verizon.  His ‘Just in time provisioning’ ideas and reservations about SPML and SAML in this space are spot on though  It is also surprising that he doesn’t really mention Information Cards. Maybe because Oracle Software doesn’t support them yet? An Information Card with all the right claims up front for the cloud provider to create an account ‘on the fly’ seems a much better idea than a SAML attribute query or OpenID Attribute Exchange, which requires the federation service to request additional attributes from the OpenID Provider during the authentication flow and pretty much out of user control.

Advertisements

About lasancmt

Passionate about Identity Management Disgusted at #ukip and #brexit
This entry was posted in Identity Providers and tagged . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s