Return-Path: X-Original-To: apmail-cloudstack-marketing-archive@www.apache.org Delivered-To: apmail-cloudstack-marketing-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 20C99F639 for ; Thu, 9 May 2013 11:26:16 +0000 (UTC) Received: (qmail 67163 invoked by uid 500); 9 May 2013 11:26:16 -0000 Delivered-To: apmail-cloudstack-marketing-archive@cloudstack.apache.org Received: (qmail 66958 invoked by uid 500); 9 May 2013 11:26:11 -0000 Mailing-List: contact marketing-help@cloudstack.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: marketing@cloudstack.apache.org Delivered-To: mailing list marketing@cloudstack.apache.org Delivered-To: moderator for marketing@cloudstack.apache.org Received: (qmail 33684 invoked by uid 99); 9 May 2013 11:14:53 -0000 X-ASF-Spam-Status: No, hits=1.5 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of jburwell@basho.com designates 209.85.216.42 as permitted sender) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-received:from:content-type:subject:message-id:date:to :mime-version:x-mailer:x-gm-message-state; bh=MsWqN43zAZmHIFFupmBR8S92EywsFTDfQoaHyV/LhuE=; b=a7BXKgI+cYgRMhvcdAW48F7Rcuf+2bnnkuu15T2Z6EGtN+L23SPpFKPPt4Er7uY84+ BW7uQIuLU2gE+LNf/FSkQQvPZv3NDeBBKWRE3SkjNg3IDlcw0RKbGptFRT+h6OnUA4cd fcgiRunanboACYnzKKQDsSOWtl8SdP9+rZNPZgAaWi8nRWtRRDe9uWYFA6t8kAazdWpE npwQyHIJlXfftpjKhCJNKRIWuuc8c3w3Fj3wivlWh/C9QzBH+ZiIJLkU8wg3TfLsREss lX2oZ2T+GTSd2dlsjgE3q+5hiULL5gx5lsKV4PpGw+uCXfAveeKGlSP6cYj6onFJvDCL soKA== X-Received: by 10.224.11.131 with SMTP id t3mr8154036qat.28.1368098063527; Thu, 09 May 2013 04:14:23 -0700 (PDT) From: John Burwell Content-Type: multipart/alternative; boundary="Apple-Mail=_BCBDB6C4-461B-4B4D-8BA5-0DF6C19D9C22" Subject: Advice Regarding Presentation Proposal Message-Id: <882CA566-709A-43E8-A726-2D76C491A1B0@basho.com> Date: Thu, 9 May 2013 07:14:20 -0400 To: marketing@cloudstack.apache.org Mime-Version: 1.0 (Mac OS X Mail 6.3 \(1503\)) X-Mailer: Apple Mail (2.1503) X-Gm-Message-State: ALoCoQkVnjj50/PHcfoBaua87HgnVGmnUPl+4XgkhQRtRDSXKzukSk6zNkIFsoTfffIrWj1kE09S X-Virus-Checked: Checked by ClamAV on apache.org --Apple-Mail=_BCBDB6C4-461B-4B4D-8BA5-0DF6C19D9C22 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Hello, I am seeking advice regarding the quality and relevance (and any other = tips for success) of the following presentation proposal for the = upcoming CloudStack Collab conference:=20 Title: Who the frak are you? Integrated CloudStack Authentication=20 John Burwell Abstract =3D=3D=3D=3D=3D=3D=3D=3D As cloud providers and enterprises more deeply integrate CloudStack = services, federation of authentication services becomes a critical = operational requirement. While LDAP integration allows CloudStack to = securely leverage shared authentication credentials, it does not address = session management, goverance, account management, or advanced = requirements such as multi-factor authentication. This talk will survey = the available single sign-on (SSO) protocols and standards and = implementations. It will also propose an architectural design for = integrating SSO providers into CloudStack that will not impact smaller, = simplier deployment models. Description =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Following a brief introduction to the single sign-on (SSO) authenication = model , the talk will explore the following benefits of integrating = CloudStack with one or more SSO infrastructures: * Integration with end-user services (e.g. PaaS platforms and object = stores) * Support for advanced authentication capabilities (e.g. multi-factor = authentication and Kerberos) * Allow CloudStack implementations to leverage existing enterprise = authentication infrastructures * Centralization of security policy and goverance -- reducing = operational overhead for regulated organizations We will then survey the available authentication protocols (e.g. OAuth2, = SASL, Keystone, OpenID, etc), and their implementations (e.g. CAS, = JOSSO, etc.) and their suitability to realize these benefits for = CloudStack. Finally, a candidate architecture will be presented = supporting the current authentication model, as well as, SSO integration = for more complex authentication infrastructures. This architecture = employs Shiro security framework [1] and Spring to realize a cross layer = security model with drivers for the current authentication system, as = well as, an initial SSO integration. [1] http://shiro.apache.org Bio =3D=3D=3D John is a Consulting Engineer at Basho Technologies -- makers of the = open source Riak distributed key value database and Riak CS object = store. He is also a committer to the Apache CloudStack focused on = storage architecture and security integration. His first CloudStack = contribution, S3-backed Secondary Storage, will be included in the = upcoming 4.1.0 release. An incurable chocoholic, John has spent the = last 15 years designing and building distributed systems to solve = physical security, cloud provisioning, and supply chain problems. Thank you for your assistance, -John= --Apple-Mail=_BCBDB6C4-461B-4B4D-8BA5-0DF6C19D9C22--