O'Reilly logo

Cloud Computing by James F. Ransome, John W. Rittinghouse

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

129
Chapter 5
Federation, Presence, Identity,
and Privacy in the Cloud
5.1 Chapter Overview
Building a seamless federated communications capability in a cloud envi-
ronment, one that is capable of supporting people, devices, information
feeds, documents, application interfaces, and other entities, is affected by
the architecture that is implemented. The solution chosen must be able to
find such entities, determine their purpose, and request presence data so
that others can interact with them in real time. This process is known as dis-
covery. Providing discovery information about the availability of various
entities enables organizations to deploy real-time services and achieve signif-
icant revenue opportunities and productivity improvements.
The advent of on-demand cloud services is changing the landscape for
identity management because most current identity management solutions
are focused on the enterprise and/or create a very restrictive, controlled, and
static environment. We are now moving into a new world, where cloud ser-
vices are offered on demand and they continuously evolve to meet user
needs. Previous models are being challenged by such innovations. For exam-
ple, in terms of trust assumptions, privacy implications, and operational
aspects of authentication and authorization, solutions that seemed to work
before are now considered old, outdated, and clunky fixes to identity man-
agement. The fluid and omnipresent aspects of federation, presence, and
identity in the cloud create new opportunities for meeting the challenges
that businesses face in managing security and privacy in the cloud.
5.2 Federation in the Cloud
One challenge in creating and managing a globally decentralized cloud
computing environment is maintaining consistent connectivity between
untrusted components while remaining fault-tolerant. A key opportunity
Chap5.fm Page 129 Friday, May 22, 2009 11:25 AM
130 Cloud Computing
for the emerging cloud industry will be in defining a federated cloud ecosys-
tem by connecting multiple cloud computing providers using a common
standard.
A notable research project being conducted by Microsoft, called the
Geneva Framework, focuses on issues involved in cloud federation. Geneva
has been described as a claims-based access platform and is said to help sim-
plify access to applications and other systems. The concept allows for multi-
ple providers to interact seamlessly with others, and it enables developers to
incorporate various authentication models that will work with any corpo-
rate identity system, including Active Directory, LDAPv3-based directories,
application-specific databases, and new user-centric identity models such as
LiveID, OpenID, and InfoCard systems. It also supports Microsoft’s Card-
Space and Novells Digital Me.
The remainder of this section focuses on federation in the cloud
through use of the Internet Engineering Task Force (IETF) standard Exten-
sible Messaging and Presence Protocol (XMPP) and interdomain federation
using the Jabber Extensible Communications Platform (Jabber XCP),
1
because this protocol is currently used by a wide range of existing services
offered by providers as diverse as Google Talk, Live Journal, Earthlink, Face-
book, ooVoo, Meebo, Twitter, the U.S. Marines Corps, the Defense Infor-
mation Systems Agency (DISA), the U.S. Joint Forces Command
(USJFCOM), and the National Weather Service. We also look at federation
with non-XMPP technologies such as the Session Initiation Protocol (SIP),
which is the foundation of popular enterprise messaging systems such as
IBM’s Lotus Sametime and Microsoft’s Live Communications Server (LCS)
and Office Communications Server (OCS).
Jabber XCP is a highly scalable, extensible, available, and device-agnos-
tic presence solution built on XMPP and supports multiple protocols such
as Session Initiation Protocol for Instant Messaging and Presence Leverag-
ing Extensions (SIMPLE) and Instant Messaging and Presence Service
(IMPS). Jabber XCP is a highly programmable platform, which makes it
ideal for adding presence and messaging to existing applications or services
and for building next-generation, presence-based solutions.
Over the last few years there has been a controversy brewing in web ser-
vices architectures. Cloud services are being talked up as a fundamental shift
in web architecture that promises to move us from interconnected silos to a
1. Jabberwas acquired by Cisco Systems in November 2008.
Chap5.fm Page 130 Friday, May 22, 2009 11:25 AM

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required