I just added a Firefox plugin that:

Adds a button to Firefox which starts a new Windows Live Writer blog post prepopulated with content and title from the current web page. Blog the whole page, or just selected snippets. …

I started this post using the new plugin.  Pretty cool.

While listening this morning to Glenn Brunette’s excellent webinar entitled, “Safety First: Protecting Your Services in the Cloud,” I was introduced to the Cloud Security Alliance, of which Glenn is a founding member.  I was intrigued by the document published by the Alliance in April 2009, entitled, “Security Guidance for Critical Areas of Focus in Cloud Computing.”  This initial report from the Alliance outlines “areas of concern and guidance for organizations adopting cloud computing. The intention is to provide security practitioners with a comprehensive roadmap for being proactive in developing positive and secure relationships with cloud providers.”  The report outlines 15 domains or areas of concerns that should be addressed by stakeholders in cloud computing initiatives.

I focused primarily on the section entitled “Domain 13: Identity and Access Management, “ authored by Subra Kumaraswamy, Senior Security Manager, Sun Microsystems and Jim Reavis, Co-founder & Acting Executive Director, Cloud Security Alliance.  The executive summary of the document provided five key recommendations regarding IAM in the cloud:

• The key critical success factor to managing identities at cloud providers is to have a robust federated identity management architecture and strategy internal to the organization.
• Insist upon standards enabling federation: primarily SAML, WS-Federation and Liberty ID-FF federation
• Validate that cloud provider either support strong authentication natively or via delegation and support robust password policies that meet and exceed cloud customer internal policies.
• Understand that the current state of granular application authorization on the part of cloud providers is non-existent or proprietary.
  Consider implementing Single Sign-on (SSO) for internal applications and leveraging this architecture for cloud applications.
• Using cloud-based “Identity as a Service” providers may be a useful tool for outsourcing some identity management capabilities and facilitating federated identity management with cloud providers. For example, they may be useful for abstracting and managing complexities such as differing versions of SAML, etc. Be aware that they become a critical new cloud provider for your organization and must be vetted with this broad guidance document.

Some of the key points I gleaned from the IAM section include:

Supporting today’s aggressive adoption by the business of an admittedly immature cloud ecosystem requires an honest assessment of an organization’s readiness to conduct cloud-based Identity and Access Management (IAM), as well as understanding the capabilities of that organization’s cloud computing providers. …

Standards support for achieving IdM federation with your cloud providers is crucial. … It appears as though SAML is emerging as the leading standard that enables single sign-on (SSO). …

You should understand the cloud provider’s support for user management processes including user provisioning, de-provisioning and overall lifecycle management of users and access in the cloud in an automated way. …

You also need to perform due diligence to assure that the cloud provider’s password policies and strong authentication capabilities meet or exceed your own policies and requirements. …

As a long term strategy, customers should be advocating for greater support of XACML-compliant entitlement management on the part of cloud providers, even if XACML has not been implemented internally. …

A good strategy towards the maturation of your own IdM in order to make it “cloud friendly” is to start enabling SSO within your own enterprise applications, for your existing user base of employees, partners and contractors. …

One of the investments you may consider is an Identity as a Service solution to bridge between cloud providers or even outsource some Identity Mgt functions. …

I will join Sun colleagues on a conference call tomorrow to explore the topic: “What is the same and what is different about the task of integrating a new app when it is in the cloud vs. internal?”  I’ll report back on what we learn from each other.

I opened my copy of the Arizona Republic today to read an interesting Associated Press Article entitled “Internet turns 40; barriers imperil its growth.”  I was a junior in high school way back in the day when, on September 2, 1969, “about 20 people gathered in Kleinrock’s lab at the University of California, Los Angeles, to watch as two bulky computers passed meaningless test data through a 15-foot gray cable.”  I was oblivious to it then, and little did I realize how my entire career would be affected so profoundly by that pioneering work.

Despite the challenges that face the Internet now, a few of which are pointed out in the article, it has been enjoyable to pause a few minutes to reflect on the advances in technology over that span of time and try to anticipate what the next 40 years may bring.

In the photo above, “Internet pioneer Len Kleinrock poses next to an Interface Message Processor, a device used to develop the Internet 40 years ago at UCLA.”  Gotta love all those switches on the front panel!

A related article published in the Globe and Mail includes a summary time line of key milestones in the development of the Internet.