Manualshelf

Datasheet

ManualsBrandsWiley ManualsSoftware978-0-470-62446-3
21222324252627282930
26 Part I Overview of Commerce
Information security aspects of any shared infrastructure are concerned with
secure communication, authentication, and single sign-on (SSO) and delegation.
Secure communication issues include those security concerns that arise during
the communication between two entities. These include confidentiality and
integrity issues. All data sent by users should be accessible to only legitimate
receivers: This is referred to as confidentiality. All data received should only be
modifiable by legitimate senders: This is referred to as integrity. There are also
issues related to authentication, where the identities of entities involved in the
overall process can be accurately asserted. These are critical issues in all areas
of computing and communication and become exceedingly critical in cloud
computing because of the heterogeneous and distributed nature of the entities
involved in it. The main objective of the architecture review phase is to obtain
a general understanding of the cloud and the applications running in it, and to
identify obvious security flaws that might be present. A moderately-detailed
diagram of the application architecture is a good starting point for this phase.
Understanding the persistence and protection mechanism of personally iden-
tifiable information (PII) and any other security-sensitive information is one
of the main objectives of this phase. The process does not aim to perform an
architecture review of every single application that utilizes the cloud comput-
ing infrastructure. Suggested criteria are the popularity of the applications and
their complexity.
Centralized Authentication
Using digital certicates is the cornerstone of strong authentication in the cloud
infrastructure. Every user and service in the cloud is identied via a certicate,
which contains information vital to identifying and authenticating the user or
service. There are, however, alternative authentication methodologies, such as
token-based and username/password authentication schemes. The choice of
the authentication technique that you implement in your e-commerce solution
is mainly mandated by ease of use by the users and services, and the level of
protection that is needed to secure the infrastructure.
The service layer in the cloud computing infrastructure that is in charge of
controlling the operation of the cloud (i.e. Control Plane) should provide an
authentication and authorization framework that controls access to the man-
agement functions and sensitive infrastructure resources. Authorization is
described later in this chapter.
Single Sign-On and Delegation
The orchestration of functions across multiple tools that compose the control
plane requires that the access to said-tools be authenticated. The implementation
624463c01.indd 26 3/29/11 2:26:36 AM