Cloud Zone
Cloud Zone is brought to you in partnership with:

Mark O'Neill is CTO of Vordel, an Axway company. He is the author of the McGraw-Hill book "Web Services Security" and is frequent speaker at conferences including Java One, the RSA Security Conference, and Oracle Open World. Mark is based on Boston, Massachusetts. Mark is a DZone MVB and is not an employee of DZone and has posted 44 posts at DZone. You can read more from them at their website. View Full User Profile

Single Sign-On to Cloud services

04.06.2011
| 1056 views |
  • submit to reddit

We Recommend These Resources

NOSQL for the Enterprise

I wrote this piece recently for the Cloud Security Alliance for Infosecurity Magazine on Single Sign-On to the Cloud. As a practitioner in this area, it is striking how service providers such as Google Apps enable access to their service (corporate Gmail inboxes, Google Docs) via API keys. In the case of Google Apps, the key is used to sign a SAML 2.0 assertion sent up to log the user into their email inbox.

I'm sometimes asked for Cloud security predictions. One prediction I have is that it is only a matter of time when API keys are stolen from an organization, and used to access resources such as email inboxes and sales leads. CSOs are mostly not aware that these keys, often sitting on hard drives or baked into apps, are vital to protect. In the article I talk about the API key protection options. Check it out...
References
Reference: 
Cloud Security Alliance piece - Single Sign-On to Cloud services
Published at DZone with permission of Mark O'neill, author and DZone MVB. (source)

(Note: Opinions expressed in this article and its replies are the opinions of their respective authors and not those of DZone, Inc.)

"Starting from scratch" is seductive but disease ridden
-Pithy Advice for Programmers