Speaker: Doron Grinstein (BiTKOO) (Involved with development of FastPass at Disney)
Cloud computing is not a server with a longer extension cord (co-location of our hardware).
Cloud computing definition (in his mind): Ability of 3rd party to store, process, search, compute, without being able to look at my data even with a court order. Algorithms should support this mechanism instead of just ‘trust’
Think: “Google for private data” Don’t have to know the background technologies.. Just ask for data and you get it back. This is what cloud computing is to him.
Real world example: why is there e-commerce? What enables e-commerce regarding the entry of credit card info? When you purchase online, you trust the protocol (SSL), don’t have to trust the intermediaries.
XACML helps enable such a situation for application access control.
Keystone is their application access control engine. it “provides fine-grained authorization using the XACML standard”.
Point: Security ‘goop’ of an app on average should take about 30% of the software development effort. That’s a lot and it gets done over an over again as new software application get developed. Why role this type of code into every new app, instead use the Keystone product to do it for you. Just have to setup a metadata db for your elements and security roles/etc, then hook up a authentication adapter based on your existing authentication process, and the tool will take care of the access control.
My comment right from notes while watching demo: Wow this tool is amazing. In essence allows for a person to setup a data dictionary via the cloud on application security.
By externalizing authentication and authorization, you are no longer reinventing the world. Just using this as a tool for authentication/authorization.
Tool enables federation without writing code.
Also showed tool: SecureWithin. “As secure as your weakest link”
“Traversing the firewall is a job for a 12 year old. Going to bypass the concrete wall, instead I will go through the window.” (Windows = endpoints… weakest link most of the time)
Endpoints need to be protected (properly from within)… if your trusting the infrastructure to protect them… your in trouble.. It’s not a matter of if, but when.
All functions available in the GUI are available via WCF Calls too.
Wow. This companies offerings are ground breaking. Challenge the norm thinking. Amazing.
Allow for 6 diff ways to get
1) Installable
2) Hardware appliance
3) VM Appliance (VMWare or Hyper-V)
4) Cloud (EC2, Azure)
5) Hybrid (1-3) + 4
6) Source
Most of the membership enforcement/etc is done via the ISAPI Filter type setup.
Products used by Disney, Time Warner, Department of Defense, many other large companies/organizations.
Overall, this one hour session challenged many concepts I thought I understood prior to this session. Authorization/Authentication via a product like Keystone is amazing, and can become a task for the more junior developer (to setup the metadata in the db in essence) as opposed to some of the most experience/important developers on your team, allowing them to focus on other important tasks.
BiTKOO looks to me to be a company to watch, and one I am wanting to talk to others I work with to start the buy-in process so we can possibly look into using such tools in the near future.