Hello, I am seeking advice regarding the quality and relevance (and any other tips for success) of the following presentation proposal for the upcoming CloudStack Collab conference:
Title: Who the frak are you? Integrated CloudStack Authentication John Burwell Abstract ======== As cloud providers and enterprises more deeply integrate CloudStack services, federation of authentication services becomes a critical operational requirement. While LDAP integration allows CloudStack to securely leverage shared authentication credentials, it does not address session management, goverance, account management, or advanced requirements such as multi-factor authentication. This talk will survey the available single sign-on (SSO) protocols and standards and implementations. It will also propose an architectural design for integrating SSO providers into CloudStack that will not impact smaller, simplier deployment models. Description =========== Following a brief introduction to the single sign-on (SSO) authenication model , the talk will explore the following benefits of integrating CloudStack with one or more SSO infrastructures: * Integration with end-user services (e.g. PaaS platforms and object stores) * Support for advanced authentication capabilities (e.g. multi-factor authentication and Kerberos) * Allow CloudStack implementations to leverage existing enterprise authentication infrastructures * Centralization of security policy and goverance -- reducing operational overhead for regulated organizations We will then survey the available authentication protocols (e.g. OAuth2, SASL, Keystone, OpenID, etc), and their implementations (e.g. CAS, JOSSO, etc.) and their suitability to realize these benefits for CloudStack. Finally, a candidate architecture will be presented supporting the current authentication model, as well as, SSO integration for more complex authentication infrastructures. This architecture employs Shiro security framework [1] and Spring to realize a cross layer security model with drivers for the current authentication system, as well as, an initial SSO integration. [1] http://shiro.apache.org Bio === John is a Consulting Engineer at Basho Technologies -- makers of the open source Riak distributed key value database and Riak CS object store. He is also a committer to the Apache CloudStack focused on storage architecture and security integration. His first CloudStack contribution, S3-backed Secondary Storage, will be included in the upcoming 4.1.0 release. An incurable chocoholic, John has spent the last 15 years designing and building distributed systems to solve physical security, cloud provisioning, and supply chain problems. Thank you for your assistance, -John
