I’ve been thinking more lately about user identity and user accounts in cloud computing. Some exposure to both the Google App Engine user account model and Microsoft’s Azure system based on Windows Live ID versus the Amazon roll-your-own approach have presented a nice contrast model. My thoughts are mostly from the perspective of Enterprise products, rather than personal-use products. There’s this open question of how we handle user accounts, preferences, profiles, etc. across services–common identity in the cloud.
Here’s my question: is common identity in the cloud a hot item? To date, common identity in web applications has been appreciated when available within a single cloud platform (e.g. Windows Live ID, Google accounts across their product suite), but so far not widely demanded across services. Initiatives like OpenID that strive to reduce proliferation of accounts and allow multiple web applications to present users with more of an “approval” model to access new applications have not made great inroads into most web properties commonly touched by casual and business surfers.
There’s also the argument that inadequately conceived or executed common accounts across multiple service providers could lead to security concerns. Access through one system could proliferate across other trusted systems. While I would not be the first to argue that the current proliferation of accounts in personal-use web applications is inherently secure–convenience and human nature lead to common passwords used in most cases–it does provide some buffer against a spreading intrusion.
I am inclined to say that the jury is still out on this. In the near future, we will likely see a few internally-consolidated models like Live ID provide convenience within certain platforms but we will be unlikely to see sufficient adoption, if we see proposal, of a standards-based, cross-cloud model. The advantages to enterprise companies of owning full and exclusive access to the identity, coupled with security concerns will likely make this a hard sell in much the same way as it has been in the “home use” web. Trust/assertion models for federated identity, rather than a common account system will come up between two cloud platforms–indeed, we have had more than a few discussions about this with Trading Grid customers–but these will be standards-mediated links between two different models, rather than the sharing of a common model. It seems like that’s the near future for cloud identity unless some big wave (or should I say, storm front?) comes along.
And now for something completely different:
On a personal note, I am heading off for vacation to the Adirondacks in upstate New York. This will be the first trip to the family cabin for my wife and two boys. Lack of internet access will mean no blog entries until I return, unless I write one out on birch bark and mail it to Bryan Larkin to post for me.
I am sure that this trip will renew and strengthen my appreciation for the green supply chain work we do at GXS. The family cabin was built by the author of the Wilderness Act of 1964 and my summers there growing up are part of the reason I participate in our green team and pay attention to conservation at home and at large.
Thanks for reading and I will write to you again soon.