Identity Management: Get Your Head out of the Cloud

Kelly Strain

cloud

Stormpath customers are experiencing first hand the repercussions of using a multi-tenant cloud hosted API. The company was acquired and users have to get data out, fast. By 8/17/2017 to be exact.

A recent article by ProgrammableWeb discusses the dangers of using third-party APIs, however they fail to mention ways to avoid this danger. The answer is not to stop using cloud APIs, nor is it to only select API’s from tech giants like Amazon, Google or Microsoft. Before choosing your identity and user management provider consider the deployment options.

On-Premise

Despite increasing cloud popularity, many companies still prefer (or require) an on-premise solutions.

Regulatory Requirements

Certain organizations face regulatory requirements that demand an on-premise solution. Regulatory controls and legal requirements vary depending on the industry, but many companies fall into this category. A third-party cloud vendor may not fit the compliance requirements for a particular organization within the finance or pharmaceutical sector.

Control

An on-premise solution can insulate you from issues Stormpath customers are now faced with. By installing the software on your servers (real or cloud-based) you gain control over:

  • User data
  • Access
  • Security
  • Upgrades

If the company shuts down or is acquired, you can likely continue using software since it is running on your servers. If this is not the case, the user data is yours and can easily be removed at your discretion.

Cloud

How do you protect your data? How do you ensure that you are the only one seeing your user data?

Multi-Tenant vs. Single-Tenant

Multi-tenant is an architecture where multiple companies store their data within the same instance. With single-tenant, each company has their own individual instance. With a single-tenant solution you receive maximum privacy. The risk of another business accidentally receiving data that doesn’t belong to them is eliminated. Each customer’s user data is separate and secure.

When considering cloud solutions, it is always important to prepare for the worst-case scenario. You should think about how you will get your data out of the cloud, before you ever put it in there.  In the event of an API shutdown, data recovery is much easier when each customer’s data is isolated in a single-tenant cloud.

Flexible Hosting (with a pitch)

Passport offers on-premise or single tenant cloud hosting. With these options, you have the ability to choose which deployment best meets your business or application needs. In addition, you have the flexibility to change your mind down the road.

Start Migrating from Stormpath to Passport today. Or sign up for a free Passport trial.

Meetup: Authentication as a Microservice 

Kelly Strain

meetup-authentication

Inversoft’s founder and CEO, Brian Pontarelli, will be speaking on Authentication as a Micro-Service at Code Talent.

Authentication is a core piece of many applications. However, it has traditionally been handled in a monolithic manner. Moving to micro-services means that applications now need to decouple authentication, user management and user data.

What we’ll cover at the meetup:

  • Most common pitfalls of authentication and authorization as a microservice
  • How to break apart your architecture and build services for user management features
  • Portable user identity tokens

Continue reading

Fake News. What’s really B.S. and how do we get rid of it?

Kelly Strain

fake news

If you have been on the internet this week you are aware of the fake news crisis spiralling out of control. But just in case you missed it, recent headlines read something like this: Facebook is being blamed for Trump’s election, Google and Facebook Take Aim at Fake News Sites, Facebook’s fake news crisis deepens.

With great power comes great responsibility

Facebook has over 1 billion active users who utilize the platform to post, share and comment on news. When Facebook was accused of influencing the election, Zuckerberg was quick to say that was a “pretty crazy idea.” Is it really that crazy? Facebook has become a catalyst for the spread of fake news given the ease of it’s “share” button. Regardless, fake news isn’t going away anytime soon, it will likely worsen and while Facebook has taken steps to limit the sites’ use of their ad networks, there has been no push to eliminate fake news from the News Feed.

This daunting issue is not Facebook’s alone. Any platform that allows user generated content would be wise to get out ahead of this growing problem in order to prevent this spam and protect their brand.  Continue reading

App Store Rejection, What Now? 

Kelly Strain

app store

 

The App Store is a developer’s best friend, until your app is rejected.  (Are you suffering from App Store Rejection? You aren’t alone – watch this humorous video.) 

App Store Guidelines

“We will reject Apps for any content or behavior that we believe is over the line. What line, you ask? Well, as a Supreme Court Justice once said, “I’ll know it when I see it”. And we think that you will also know it when you cross it.”

(App Store Review Guidelines)

Continue reading

Barista (Java Chef Client)

Daniel DeGroff

java native bindings

At Inversoft, we like open source and we like Java.

When we built out our platform to support our new cloud product offerings we started using Chef to help us manage our deployment strategy.

While a well documented and easy to use RESTful API over HTTP is great, that same API provided with native bindings is awesome. Native APIs save developers a lot of hours of reading through documentation and building their own domain object and REST bindings. We use a number of native APIs for services like Stripe and Intuit and provide a native bindings for Passport in Java, PHP, JavaScript, Python and C#.

When we began working on some new backend features for our cloud product offerings, I set out to find a Chef Client written in Java in order to simplify our integration.

As luck wouldn’t have it (yes you read that correctly), I was unable to find a Java library that really made my life easier. There are other Chef libraries out there, but all of them were very lightweight wrappers around HTTP calls. Some went so far as to return the JSON response from the Chef server as a String rather than right POJO.

Rather than limping along with a library that was essentially a glorified URLConnection, I did what any software engineer would do, I wrote it myself.

Behold Barista! A native binding for Chef that provides rich domain objects and REST bindings to work with a Chef server.

https://github.com/inversoft/barista

Building a properly authenticated HTTP request to Chef is not great fun, so I don’t suggest you do it yourself unless you enjoy the pain. We’ve done the heavy lifting for you and we did this without using any third party encryption libraries. This means you can pick up this library without dragging along any unnecessary dependencies like Bouncycastle.

Continue reading

Tags:
API Chef java