Friday 15 July 2011

Tree-Of-Trust

Overview

Enterprise applications of today are no longer independent, but dependent on other applications, services and components for completing their functionality. Authenticating/Trusting another application typically requires having a new authentication/identity management module written for each new application that is integrated. With the advent of claims based/token based authentication, this pain has been eased very much for a developer. Supporting protocols, standards and frameworks such as SAML, WS-Security, WS-Federation, WIF, ADFS etc playing a huge role.

As of today, A developer for application A requiring access to use services of application B would configure the identity providers supported by B to trust A. As this task is most of the time manual and done as part of the deployment phase, the identity management today can be treated static as such. In a world where SOA is exploited, there comes a need to build trusts dynamically, in the same manner as a service is discovered dynamically.

Influences:
Similar to humans who build trust based on relationships, introductions, recommendations etc, what is proposed in the "dynamic tree of trust" topic area is to have a mechanism that includes new frameworks, protocols, markups, standards that collectively assist in building trust dynamically.

Possibility 1:
An application A wanting to access the functionality/services of an application B can claim that its trusted by another set of applications and provide this set of trust using a markup language to application B. Application B can go through its list of internal tree of trusts and figure out if the trust claims are authentic.

Possibility 2:
An application A wanting to access the functionality/services of an application B can send its identity to application B. Application B internally can apply its 'tree-of-trust' locator algorithm to check if there is any identity provider that appears to know this application A.

Ranking trust:
A ranking mechanism can be used by application B to get the effective-trust index using :
a.) Number of providers that support/trust application A
b.) Depth/level within the 'tree-of-trust'.

Research Possibilities:
1.) Research into dynamically building trust; devise a fool-proof mechanism.
2.) Research into developing a set of
(1.1) protocols
(1.2) standards
(1.3) markups and a
(1.4) sample framework for applications to more easily build trust dynamically without any human interventions, while considering any current trends in claims based authentication/WS-* standards. Especially WS-Federation, WS-Trust.
3.) Research into machine learning mechanisms can be included within the framework to have more robust trust learning mechanism such that the effective ranking is based on prior identity success/failures.
4.) Research into more effective traversal algorithms when the logical structure (not necessarily implementation) of the trust-tree is tree based.
4.1) Research into querying identity providers n level deep on the authenticity of the requestor.
5.) Research into applications in mobile devices.


Applicable thoughts:
1.) Hard Trust - A direct trust setup on an identity provider
2.) Soft Trust - A trust that was build up dynamically. ST (0.5), ST(0.8) etc, wherein the index indicates the effective trust index/rank
3.) On-Behalf-Of – A trust that is directly vouched by another.

Saturday 20 November 2010

Enterprise Architectures - skills, perspectives and insights - Tom Graves replies

Tom Graves has given deep insights (bit philosophical, but reality ) on building up skills on enterprise architecture from a professional and personal perspective; a query I had raised him earlier.

Read more here : http://weblog.tomgraves.org/index.php/2010/11/20/creating-a-career-in-enterprise-architecture/

Tuesday 5 October 2010

HoC is up on codeplex

HoC - A distributed cache implementation using .NET 4.0 is now available for download with source at http://hoc.codeplex.com/

HoC = Herd Of Cache.

Tuesday 13 July 2010

Azure opens up for Private cloud - Windows Azure Platform Appliance

MS announced yesterday that Azure would soon be available for deploying on your local datacenters. Effectively, you could soon create private clouds using MS Azure. This is a great move especially if you were concerned about data security in the public cloud and subscription costs.

But still, the upfront cost could be high; this is not yet published. Check more here

This is also interesting since my last blog entry did refer to this thought!

Tuesday 15 June 2010

Cloud Thoughts - 2

What if there was a mechanism to provision PaaS cloud environments (say MS Azure ) on public servers? Theoretically, if I had a free server(/cloud), I would install the "Azure runtimes" and add it to an existing cloud for others to use.

Registering a server to this free public cloud would then be a voluntary effort. This could have been a possibility if Azure allowed in-premise setup in the first place.

Can I call the end result as "Distributed Cloud Computing" ? Cloud computing that is distributed.

Monday 14 June 2010

Cloud Thoughts - 1

A few cloud related thoughts


Cloud Cumulus

A single cloud access point that internally seamlessly talks with the subscribed cloud providers. Eg:- Subscriber A could subscribe to the services of Amazon, Google and Micrsoft (yes, Subscriber A is quite well off) cloud services. Subscriber A would deploy the same app on each of these servers and provide a single service URI. Subscriber A's customers would be serviced by one of the cloud provider seamlessly - perhaps with parts of the request being handled by more than one provider. Session states, data etc being shared across clouds is interesting.

For A's customer, there is only one cloud. The cloud of cloud providers / Cumulus Cloud accessed with a single entry point.

Perhaps, once the Unified Cloud Interface (UCI) is in place, this could be built?


Upgrade Ease

How easy is it to upgrade a cloud based app that is actively serving hundreds of users? Came across this for Azure :  http://msdn.microsoft.com/en-us/library/ee517254.aspx

Not sure what happens to the application state. If an 'In-Place' upgrade is followed, does it mean that at a particular point in time there could be two instance of the same application running on different versions?


Chess On Cloud

Though there are numerous instances of distributed chess engines, has anyone attempted to get a chess engine on the cloud? I guess the only person who can try this out today is Bill with his Azure and his $'s.

Everyday Enterprise Architecture - The book - full download

It appears that Tom has put the full version of his new book for download for a limited period of time. Check out if it is still available here

Note: though the page might say its a preview edition, its actually the full book.