Cloud Computing Conference 2009 – OpenID – Identity in the Cloud?

Nat Sakimura – Founder of OpenID Japan – Senior Researcher

Cloud makes solutions

  • Faster
  • Cheaper
  • Safer
    • Well, System is but what about account Management? We need some kind of Federated Identity

Two Types of Federation

  • Closed Federation
    • Out of  bound trust exchange
  • Open Federation
    • Dynamic


  • Assertion Format: Tag=Value
  • Protocol for request/response of the Assertion
    • Discovery of IdP through XDRS
    • Dynamic association through DH
  • Supported by AOL, Yahoo!, France Telecom, Goolge, Facebook
    • Soon to come? Microsoft , NTT

Is this enough?

  • No. In cloud computing we also need the following
    • Roles and Authorization
      • We need to extract attributed from the authoritative sources
        • In Real-Tiime
    • Audit and Trust Formation
      • OpenId is Dynamic
        • Federation – Out of bound TRUST formation
        • OpenID is “Open” = “Promiscuous”
    • Relationship Management and Non-repudiation
      • CX Features
        • Non-repudiation and Integrity
        • Confidentiality
        • Extensible Context
        • Applicable to limited functionality user agents such as Mobile fones
        • Asynchronous Messaging
    • Connect different protocols
      • LDAP + OpenID
      • SAML + OpenID
      • WS-* + OpenID

Very similar to OAuth

Cloud Computing Conference 2009 – Migration to the cloud, Strategies and tools – Taking immediately benefit from the cloud

John Thorburn from Citrix Iberia – System Engineer / Technical Director

Ingredients of the Cloud

  1. Abstraction of Infrastructure
  2. Service Oriented
  3. Elasticity / Dynamism
  4. Utility Model of resource consumption

Citrix C3 Focus on IaaS – Infrastructure-as-a-Service

Components of IaaS

  • Security
    • NetScaler VPX
    • Repeaters
    • Access Gateway
  • Virtualization
    • XenServer 5.5
  • Abstraction
    • Essentials for XenServer
  • Foundations
    • NetScaler MPX
    • Branch Repeater
    • Access Gateway

Xen Server 5.5

Newly released

  • Distributed Virtual Switch for Xen Server

What works today?

  • C3 Labs in Amazon AWS
  • C3 Blueprints
  • Cloud Demo
  • iPhone Cloud Bust

Also in the 2nd part of 2009 Xen Client will be release.

Cloud Computing Conference 2009 – Why The Cloud is Perfect for SMB Companies: No Upfront Costs and No Risk

Robin Daniels –

Cloud Delivers lower TCO

The Cloud Offers Fast Return on Investment

End Customer View: Just Plug in and Success

  • This is what we should try to achieve when making Cloud Solutions

Behind the Scenes

  • ISO 27001 Real-Time Security
    • Application Security
      • ISO 27001
      • SSL Encryption
      • Identity Confirmation
      • SAS 70 type II, SysTrust certified
    • Network Security
      • Fault tolerant, multi-tenant firewall
      • Intrusion Detection


  • Proven Reliability
    • > 99,9%

            “’s constant availability and reliable uptiime have been critically important to usDouble-Click

  • Proven Real-Time Scalability
    • Fast Deployment and Real-Time Scalability
    • Proven by large companies like
      • Symantec => 25.800 Subscribers
      • Cisco => 20.000 Subscribers


  • Proven Real-Time Transparent System Status
    • Live System Status
    • Security Best Practices
    • Historical Performance


  • Proven Real-Time Integration
    • Leverage Your Existing Investments
      • FaceBook
      • Google
      • Amazon
      • Force.Com
      • Native Oracle & SAP Connectors


  • Proven Real-Time Data Exchange
    • Setup any Connection
    • Share any Process
    • “Easy to share Data with Other Companies, and Avoid Costs of integrations”



  • Rapid Implementations
  • Fast Business Results
  • Average
    • Implements successfully in 1-2 weeks
    • ROI in 2 to 5 months


  • 95% Customer Satisfaction
  • 77% Referral Rate


  • Fast ROI
    • No Capital Expenditures, Use Now
  • Low Cost
    • Subscription Model, Pay as You Go
  • Simplicity
    • Focus on inovation
  • Ease of use
    • Build and deploy apps instantly
  • Build Once
    • Deploy Instantly, Globally

Cloud Computing Conference 2009 – User data protection and confidentiality – Legal perspective

Carla Pinheiro from Clarke, Modet & Co.

Clarke, Modet & Co is a Consultancy company in Intellectual Property management.

What’s the public main concern?

According to a report of the Pew Internet and American life Project:

  • What happens if the company is sold?
  • What about data switching from one company to another?

Is Cloud Computing a Trap?

For Richard Stallman from Free Software Development, Cloud Computing is evil and will make proprietary technologies to grab more customers and entrap them.

Cloud computing is a trap, warns GNU founder Technology

Stallman- Cloud computing is ‘stupidity’ Business Tech – CNET News

Stallman calls cloud computing stupid

Richard Stallman vs Cloud Computing

Legal Issues

  • Regulation?
    • Cloud Service Delivering model is not entirely new nor is unregulated.
    • There’s an extensive pre-existing framework of regulations which applies to IT, software and e-Commerce.
  • Global?
    • Although cloud services appear to be global, it is still going to be subject to national regulations
  • Where and for how long?
    • Various regulators will be interested too know where and for how long is going to be the location of customer data
    • Privacy
  • Quality?
    • in some cases, few legal assurances given by service-providers reflect that lower price and little support or maintenance.
    • Some of those terms and conditions may not stand up to EU customers and contract law.
  • Protection of Privacy
    • In certain jurisdictions, data which customers might believe to be secure could, in fact, be subject to disclosure thought. example: England and  US
  • Reproduction Fate Sharing
    • On customer’s bad behavior may affect the reputation of the cloud as a whole
  • Risk Mitigation
    • Users of cloud services should insist on SLA terms
      • Privileged User access
        • Who has specialized access to data and about the hiring and management of such administrators
      • Regulatory Compliance
        • Make sure a vendor is willing to undergo external audits and/or security certifications
      • Data Location
        • ask provider if he will commit to storing and processing data in specific jurisdictions, and whether they will make a contractual commitment on the subject
      • Data Segregation
        • make sure that encryption is available at all stages
      • Recovery
        • find out what will happen to data in case of a disaster. Do they offer complete restoration and, if so, how long that would take


The cloud computing trend is likely to lkead to new business models and contract arrangements between IT providers and their customers

Don’t forget that a cloud on the ground is called fog… (trademark)

Cloud Computing Conference 2009 – How Cloud Computing Lets Businesses Focus on What Matters

Robin Daniels – SalesForce

The Cloud Computing Model

  • Multi-Tenant: No capital Expenditure
    • One application shared by several customers, and that makes cost lower
  • Pay as you go: Low Operating Expenditure
  • Elastic: Scales with You
    • This days it’s even more necessary because businesses are seasonal and so what we need is that the applications are the same way in Costs and also Scalability

The Real-Time Cloud

  • Cloud Infrastructure
    • ISO 270001 Certified Security
    • > 99,9 % Proven reliability
    • Proven Real-Time Scalability
    • < 300ms Real-time Query Optimizer
    • Trust – Real-Time Transparent System Status
    • Real-time Upgrades
    • > 100M API calls/day
    • Real-Time Sandbox Enhancements
  • Cloud Platform
    • Real-time mobile Deployment
    • Integrated Content library
    • Real-Time Analysis
    • Granular Security and Sharing
  • Applications
    • CRM

Criteria of IT Project evaluation

  1. Time to Value
    • Cloud Computing is faster in two ways
      • Initial Project  Rollout time (80% faster)
        • Design
        • Development
        • Testing
        • Training
        • Deployment
      • Application Agility increases in 72%
        • Change Requests
        • Upgrades
        • Additional users
        • New functionality
  2. Capital Expenses
    • On-Premise Development requires Significant Upfront costs
      • Hardware
      • Facilities
      • Storage
      • License Fees
      • Stack Integration
    • Cloud doesn’t require upfront costs
  3. Operational Costs
  4. Technical Resources
    • Two ways to save your developers time
      • Leverage the business to expand teams
        • Business users can create applications
        • Rapid prototyping
        • Better centralized governance
      • Make existing technical resources more productive
        • Provide more investigation and enhancements

Force.Com is Cloud Computing for the Enterprise

  • 1.600+ Developers Sites
  • Force.Com sites will be made available later this month
  • Customers
    • City Bank
    • Electronic Arts
      • 14 applications in
    • Starbucks
      • Starbucks Pledge 5