The second draft of Version 3 is now in the Files section at http://su.pr/2Zmwfu
. Based on feedback from the first version, I've tried to tighten up
the text, particularly the definitions of the security controls and
security federation patterns.
Upon further review, it seemed like every box in the two tables in the
first draft needed to be checked. I replaced those tables with two new
ones: One cross-references the use cases with the security controls,
while the other cross-references the use cases with the security
federation patterns. This is similar to what we have at the end of
Chapter 3 in the original paper.
I'm very happy with the way this is shaping up, and I'm looking
forward to hearing your comments.
p.s. Once again, nothing has changed in the rest of the paper, so I'm
posting just the Security sections.
The Draft of the Security section can be found at ( http://su.pr/2Zmwfu
) and begins as follows:
6 Security Scenarios
Security, in the cloud or elsewhere, is a crucial topic that could
fill any number of pages. Our purpose here is to highlight the
security issues that architects and developers should consider as they
move to the cloud.
An important point to keep in mind is that the cloud does not
introduce any new security threats or issues. To put security in
perspective, cloud computing as a whole can be considered the ideal
use case to highlight the need for a consistent, transparent,
standards-based security framework regardless of cloud deployment
model. As companies move or build solutions in the cloud, having this
consistent security model is vital to simplify development and to
avoid vendor lock-in and preserve their IT investments.