‘Credit Crunch’ might be the favourite buzzword of the moment, but ‘Security’ and ‘Software as a Service’ are not very far behind. Ok, they’re a long way behind ‘will I lose my house’ or ‘will I have a job tomorrow’, but you get the idea. So I’m proud to associated by this article by Max and Chicco, even in a very minor way (as a reviewer).
Here’s the 2 minute overview of Securing a multi-tenant SAAS Appliction, just published on IBM Developerworks.
- Software as a Service (SAAS) has a great pitch – let us host your software for you, cheaper and less hassle than managing it yourself.
- Most SAAS companies host multiple clients on one server = New security concerns.
- LDAP (Similar to Windows Directory) is a standard already in wide use for Authentication (making sure people who they say they are).
- Spring Security (aka Acegi) is a well used Authorisation toolkit – i.e. make sure those people only do things they are allowed to do.
- The article shows you how to bring SAAS , LDAP and Spring Security together to get secure, scalable , hosted applications using the very best in widely understood technologies.
Of course, I’m not going to spill the beans on how exactly they do it; for that you’re going to have to hotfoot it over to the IBM Developerworks website.