Monday, November 7, 2011

Moved to a new blog

I've moved to a new blogging platform provided by my employer Intel at http://blogs.intel.com/cloud-access-security/

Hope, you will follow my posts there.

Thursday, October 14, 2010

Netflix in the Cloud

Netflix is adopting (public) cloud with full force. Check out these few slides around the drivers and their roadmap for such move. Does it mean in the future IaaS providers will start to provision nVidia/ATI GPU based machines for faster video codec processing?

Thursday, October 7, 2010

Cloud SSO heating up

In the early part of this decade, SSO vendors (Oblix, Netegrity, Tivoli, etc.) provided solution that made life simple and brought efficiencies for both employees and IT by eliminating the need to remember and maintain/reset tens if not hundreds of username/password combinations that allowed employees to access internal applications needed for their job.

In the next wave, these SSO solutions moved into partner and consumer facing applications where federation was brought in to mediate between different security systems leading to popularization of SAML standard.

Fast forward to now - As new set of applications get delivered as SaaS, SSO had to catch-up with this new deployment model, and new products/solutions are emerging to solve these challenges.

  • TriCipher (acquired by VmWare) - VmWare saw this need early on as it tries to deliver the vCloud platform. This piece may also become the security mediator between vCloud deployments and external SaaS/cloud offerings. Will have to watch what VmWare does with it.
  • PingIdentity - The PingFederate solution addresses this need. PingIdentity has been a pioneer in the SAML federation space.
  • Symplified - Started by ex-PingIdentity folks, it has quickly earned a name for itself in this space.
  • Vordel - It's Cloud Service Broker provides solution in this space.
  • Citrix OpenCloud Access - This is the latest addition to this space, available as an optional module for Citrix Netscaler. Announced yesterday at Citrix Synergy (Citrix's annual user conference), this should also help Citrix implicitly sell more of it's GoToMeeting product line.
As you can see the market for Cloud SSO is heating up ...

Access Google address book via LDAP using OVD

My colleague Mark Wilcox who also runs a blog created an integration between Oracle Virtual Directory (OVD) and Google address book.
This solves use cases for customers who use Google Apps for business, and would also like to use Google as their source of identity instead of maintaining user profiles in their own LDAP stores. OVD provides a nice virtual LDAP interface on top of this Google identity store. Customers can leverage it for SSO of their enterprise apps using Google identities. Where there's a need to add custom attributes to the user's Google profile, OVD has a provision to allow addition of such attributes without modifying the schema of Google identity store (which anyways is inaccessible).

Note that this is different from the SAML federation that Google supports for access to "Google Apps" using enterprise identities that come from enterprise LDAP.

Monday, September 20, 2010

OWSM optimized for Oracle SPARC T3 server

Oracle's Executive VP John Fowler in his keynote at Oracle OpenWorld conference, announced release of Oracle SPARC T3 server.
The SPARC T3 processors pack 16 cores and 16 on-chip CMT crypto accelerators in a single socket.

OWSM has been optimized to take full advantage of such hardware acceleration by integrating with Solaris Cryptographic Framework that provides crypto acceleration passthrough into the hardware for both SPARC and Intel processors.

See integration whitepaper: High Performance Security for SOA and XML Web Services using Oracle Web Services Manager and Oracle SPARC Enterprise T-Series Servers

OWSM indeed is delivering the promise of Hardware and software engineered to work together.

Tuesday, September 14, 2010

OWSM at Oracle OpenWorld and JavaOne 2010

Oracle OpenWorld and JavaOne 2010 is coming up next week.
Listed below is OWSM's presence at the conference.

Demo Pod:

Title: SOA Security

Demo Area: Middleware
Pod #: W-177

ID#: S317146

Title: Securing Web Services: Solutions, Best Practices, and More

Track: OpenWorld: Middleware: Identity Management

Date: Tue, 21-Sep-10

Time: 12:30-13:30

Venue: Moscone South, Room: 309


Title: Security Threats and Countermeasures for REST and Cloud Services

Track: JavaOne: Enterprise Service Architectures and the Cloud

Date: Wed, 22-Sep-10

Time: 10:00-11:00

Venue: Parc 55

Room: Cyril Magnin II

ID#: S316710
Title: Analysis of Security & Compliance on Sun SPARC Enterprise T-Series Servers
Track: Sun SPARC Servers
Date: Thu, 23-SEP-10
Time: 12:00 - 13:00
Venue: Moscone South, Room: 252


ID# S314098

Title: Securing Web Services

Track: Java One: Java EE Web Profile and Platform Technologies

Date: Wed, 22-Sep-10

Time: 12:30-14:30

Venue: Hilton San Francisco, Room: Plaza A

Focus On documents:

Highly recommended to navigate through the maze

Identity Management


Service Oriented Architecture
Central link to all focus on documents

Hope to see you there.

Oracle Identity Management (IdM) 11g learn more resources

Returning back to blogging from hiatus. Have been super busy lately. Fist post after this gap has to be on Oracle IdM 11g which was released 2 months back. Note that OWSM 11g was released earlier with SOA 11g last year.
If you haven't had a chance to view details on Oracle IdM 11g, here's a quick list that can get you started.