Cloud Computing and User Authentication

When we look at authentication and authorization aspects of cloud computing, most discussions today point towards various forms of identity federation and claims-based authentication to facilitate transactions between service end points as well as intermediaries in the cloud. Even though they represent another form of paradigm shift from the self-managed and explicit implementations of user authentication and authorization, they have a much better chance at effectively managing access from the potentially large numbers of online users to an organization’s resources.

So that represents using trust-based, identity assertion relationships to connect services in the cloud, but what do we do to authenticate end users to establish their identities? Most user-facing services today still use simple username and password type of knowledge-based authentication, with the exception of some financial institutions which have deployed various forms of secondary authentication (such as site keys, virtual keyboards, shared secret questions, etc.) to make it a bit more difficult for popular phishing attacks.

But identity theft remains one of the most prevalent issues in the cloud, and signs show that the rate and sophistication of attacks are still on the rise. The much publicized DNS poisoning type of flaws disclosed by Dan Kaminsky at the Black Hat conference (and related posts on C|Net News, InformationWeek, Wired, ZDNet, CIO, InfoWorld, PC World, ChannelWeb, etc.) earlier point out how fragile the cloud still is, from a security perspective, even at the network infrastructure level.

Strong User Authentication

Thus the most effective way to ensure users are adequately authenticated when using browsers to access services in the cloud, is to facilitate an additional authentication factor outside of the browser (in addition to username/password). Which is essentially multi-factor authentication, but available options today are rather limited when considering requirements of scalability and usability.

The aspect of designing and implementing effective user authentication, was the focus of my recently published article, "Strong User Authentication On the Web", as part of the 16th edition of the Architecture Journal. The article discussed a few viable options at implementing "strong" user authentication for end users in the cloud (not limited to multi-factor authentication), and an architectural perspective on many of the capabilities that together form a strong authentication system.

Just one of the many ways to compose these capabilities together. As we move towards cloud computing, the line between internal security infrastructure and public cloud-based services will continue to blur.

Cross-posted from my blog at http://blogs.msdn.com/dachou

Olympics on Silverlight

08.08.08 – after 7 years of preparation and anticipation, the XXIX Olympiad has finally opened in Beijing. What an amazing opening ceremony. And such breathtaking architectures of the "Birds Nest" National Stadium and "Water Cube" Aquatics Center. It’s hard even just to imagine the amount of thought and hard work that went into creating these phenomenal achievements.

The "Water Cube" is very interesting from the perspective of its "green" design, with the use of ETFE (Ethylene Tetrafluoroethylene) air cushions. ETFE is essentially a form of plastic but doesn’t burn due to the existence of fluoride in the material which chemically shields oxygen molecules.

The "bubble" design was reportedly inspired by the natural geometric shapes generated by water bubbles. It provides natural lighting, insulation, and requires less steel structure to support than glass panels. The insulation is achieved by a sophisticated air pump system that maintains the pressure in the ETFE bubbles, resulting in major savings in heating costs during snowy winters in Beijing. During the summer, a ventilation system is used.

In addition, the "Water Cube" was designed with water-saving and environmental protection efforts. According to statistics, the outer surface and roof facade can "collect" 10,000 tons of rain water, 70,000 tons of clean water and 60,000 tons of swimming pool water annually. And the venue can also save 140,000 tons of recycled water a year.

In the online world, we also have the much publicized partnership between NBC and Microsoft to bring the Olympics event coverage on to the Internet. It is reported that NBC will be streaming more than 3,500 hours of video content, including live coverage of every minute of competition from 25 sports. The sheer scale and magnitude of this project makes it the largest media event on the Web, so far.

The NBC Olympics video site lives exclusively on the MSN network, and is designed to handle more than 2.3 terabytes/second of traffic. Silverlight 2 is the core technology behind the Olympics video player and provides the high-quality, interactive experience.

But that’s not all. Here are all the ways you can experience the 2008 Summer Olympics from Microsoft and NBC:

• Online Video – Click http://www.nbcolympics.com/video to jump right in and experience high-quality, interactive video using Silverlight.  Get HD quality video on the web that’s optimized using Silverlight’s adaptive streaming capability, watch up to four live streams simultaneously in the same player, and get expert commentary, etc.
• MSN.com – MSN homepage will feature an Olympics module which will enable people to see results (or hide them if you don’t want any spoilers), get the latest news and see exclusive video coverage. Also implemented using Silverlight
• MSN Toolbar – Install the new MSN Toolbar that gives you one click access to the medal tally and many other highlights. Also implemented using Silverlight
• Live Search – Get the latest medal counts by sport or by country, or find out about all 10,000 of the athletes competing in the 2008 Summer Games
• Zune – Starting on 8/9, Zune Marketplace will kick off a series of daily 2008 Olympic Games videos from NBC Sports, giving viewers special on-the-go access to the 2008 Beijing Olympic Games
• XBOX – XBOX users will be able to purchase and download a daily wrap-up of the day’s events from NBC Sports, with a complete wrap-up at the end of the Games

Some screenshots of the Silverlight-based enhanced video player on nbcolympics.com.

Below is the normal player streaming the live men’s cycling event, a separate concurrent video stream in picture-in-picture (PIP) mode, and live commentary on the lower right hand corner.

And the "Control Room" section (toggled by the top button on the left panel) which allows concurrent streaming of 4 separate live streams. I only have a 3MB pipe at home but they were all playing smoothly. The adaptive streaming capability really helped in this case.

And look – DRM (Digital Rights Management)!

Cross-posted from my blog at http://blogs.msdn.com/dachou