cloudstack-marketing mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John Burwell <>
Subject Advice Regarding Presentation Proposal
Date Thu, 09 May 2013 11:14:20 GMT

I am seeking advice regarding the quality and relevance (and any other tips for success) of
the following presentation proposal for the upcoming CloudStack Collab conference: 

Title: Who the frak are you? Integrated CloudStack Authentication 
John Burwell


As cloud providers and enterprises more deeply integrate CloudStack services, federation of
authentication services becomes a critical operational requirement.  While LDAP integration
allows CloudStack to securely leverage shared authentication credentials, it does not address
session management, goverance, account management, or advanced requirements such as multi-factor
authentication.  This talk will survey the available single sign-on (SSO) protocols and standards
and implementations.  It will also propose an architectural design for integrating SSO providers
into CloudStack that will not impact smaller, simplier deployment models.


Following a brief introduction to the single sign-on (SSO) authenication model , the talk
will explore the following benefits of integrating CloudStack with one or more SSO infrastructures:

  * Integration with end-user services (e.g. PaaS platforms and object stores)
  * Support for advanced authentication capabilities (e.g.  multi-factor authentication and
  * Allow CloudStack implementations to leverage existing enterprise authentication infrastructures
  * Centralization of security policy and goverance -- reducing operational overhead for regulated

We will then survey the available authentication protocols (e.g. OAuth2, SASL, Keystone, OpenID,
etc), and their implementations (e.g. CAS, JOSSO, etc.) and their suitability to realize these
benefits for CloudStack.  Finally, a candidate architecture will be presented supporting the
current authentication model, as well as, SSO integration for more complex authentication
infrastructures. This architecture employs Shiro security framework [1] and Spring to realize
a cross layer security model with drivers for the current authentication system, as well as,
an initial SSO integration.



John is a Consulting Engineer at Basho Technologies -- makers of the open source Riak distributed
key value database and Riak CS object store.  He is also a committer to the Apache CloudStack
focused on storage architecture and security integration.  His first CloudStack contribution,
S3-backed Secondary Storage, will be included in the upcoming 4.1.0 release.  An incurable
chocoholic, John has spent the last 15 years designing and building distributed systems to
solve physical security, cloud provisioning, and supply chain problems.

Thank you for your assistance,
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message