Innovation', 'Progress' & 'Evolution' are the three keywords that pop up when
we talk about Windows Azure. While the adopters in this new paradigm are
mushrooming gradually, quite a few questions need to be addressed from a
customer point of view. If there is one question that customers ask on the Cloud
computing environment ahead of any other aspects, is with respect to 'Security'.
Predictions & forecast from analysts on the 'Cloud Computing' adoption has never
been so promising. While developers are eagerly getting acclimatized with the
Cloud computing environment, it is important for them to be aware of the
building blocks necessary to safeguard their applications.
Security has been one of the basic ingredients that have gone into making
Microsoft's Application Platform. The frameworks/foundations that are part of
.Net Framework enables building of secure applications. However, the question of
'Security' is something that one always ponders over during the course of the
software development life cycle. Enterprises often standardize on a security
model, but fail to embrace the same across, due to technology nuances,
proprietary and silo implementations. The story gets complicated with mergers
and acquisitions. Under such circumstances, variety of security models emanate
thus making it overtly complicated for solution architects/developers to bring
in a model & for end users to navigate through systems during access. The need
of the hour is to centralize security for an enterprise, post which all systems
will rely on the central mechanism to grant access. Be it on premise application
or hosted in the Cloud, the same model is desired which provides security
infrastructure to variety of applications independent of technology/platform.
The one innovation that I have to talk about in the context of this article is
related to 'Windows Identity Foundation' (WIF).
Direct Hit! |
Applies To: Application Security with |
WIF, an add-on library to .Net Framework, simplifies the security model by
externalizing the entire security infrastructure from an application. WIF
positions a security infrastructure that centralizes storage of user credentials
and provides end points for client applications via open standards (HTTP, SOAP,
and REST based protocols). This aspect makes the solution to be highly
interoperable and accessible across platforms and technologies. The crux of the
solution relies on Claims based identity. From a .Net perspective, we are
familiar with the concept of Principle and Identity objects. Now the Claims
based Security model builds on the same theme and the infrastructure is enabled
by WIF. It is important to understand this model as the same security principles
are instilled & model available for applications hosted in Windows Azure. With
this model, the entire authentication and authorization aspects are outsourced
to an entity outside of the application domain.
The App Fabric
The element of security that developers can leverage in Windows Azure is
part of Windows Azure Platform App Fabric. The App Fabric has the capability to
connect various systems whether on/off premise and provide secure access. Again
along the lines of 'Service Orientation', the building block that provides
security in the cloud is called 'App Fabric Access Control'. Access Control
simplifies the implementation of identity federation across services meant to
function in unison. In reality, it is a daunting task to secure applications
that cross organization boundary. Access Control provides a platform to federate
the identity across systems/services built using standards based infrastructure.
Leveraging Active Directory Federation Services 2.0 is a classic example of
leveraging identity infrastructure and the same is available as an Identity
store in the cloud. While this is being made available, let me take you through
a scenario to understand the way claims based (federated) identity works in the
Cloud. Along the lines, we will understand few technical jargons/terms that are
of relevance while we demystify Access control.
Let us consider a scenario wherein Retail 'Company A' has put together an
Inventory Management application, which typically gets used by vendors.
Likewise, Company A has many applications which fall under the same operating
paradigm. It really does not make sense for the applications to worry about
security aspects. Hence the need to position a central security infrastructure
that addresses the authentication and authorization needs of every application
in the enterprise. All that the applications are expected to do is receive the
security token and grant/deny access. ADFS 2.0 comes into rescue here by
providing out of the box framework for providing secure tokens. Following is a
detailed explanation of the overall process.
The Process
A.'Company A' has built an inventory application/service which gets invoked
by a client (Vendor). When this happens, the application expects a security
token as part of the client request. To indicate so, the inventory service
exposes a policy that provides details of the expected claim. If the token is
not present, the request gets routed to the service which authenticates and
issues token. Hence inventory application is termed as a 'Relying Party', since
it relies on the external authority to provide users claim. A claim is the one
that contains encrypted details of a specific user requesting access like the
user name, role/membership etc.
B.The service which issues token is termed as STS (Secure
Token Service), which acts as issuing authority. Issuing authority can return
right from Kerberos tickets to X509 certificates. In this claims based identity
scenario, the STS issues a token that contains claims. ADFS 2.0 is a classic
example of an STS that is considered an authentication & authorization
authority. An STS infrastructure mostly issues tokens in an interoperable &
industry recognized SAML (Security Assertion Markup Language) format.
C.In case of federated scenario where in more than one
certifying authority or identity store is participating, the STS infrastructure
will take care of federating the user identity across various applications.
Irrespective of whether the applications reside on/off premise, Access Control
in Windows Azure federates and routes security tokens across various
participating services.
For anyone who intends to implement highly interoperable
security infrastructure in the cloud, Access Control reduces the complexity of
programming significantly and provides a platform to operate under a secure
environment. 'Services' in Cloud are the future and hence need to have a
scalable, yet loosely coupled security infrastructure. Windows Azure's App
Fabric Access Control is a best fit for Enterprise scenarios wherein a user
identity needs to be federated across various lines of business applications
irrespective of its origin. The security model which has taken shape in the form
of Windows Identity Foundation on the .Net Framework, has reached the pastures
of blue (Azure) in shaping the security story for applications hosted in Windows
Azure.
Sandeep J Alur, Microsoft India
About the Author: The author works for Microsoft
Corporation India as an Enterprise Architect Advisor. He can be reached @
saalur@microsoft.com