‘Credit Crunch’ might be the favourite buzzword of the moment, but ‘Security’ and ‘Software as a Service’ are not very far behind. Ok, they’re a long way behind ‘will I lose my house’ or ‘will I have a job tomorrow’, but you get the idea. So I’m proud to associated by this article by Max and Chicco, even in a very minor way (as a reviewer).
Here’s the 2 minute overview of Securing a multi-tenant SAAS Appliction, just published on IBM Developerworks.
- Software as a Service (SAAS) has a great pitch – let us host your software for you, cheaper and less hassle than managing it yourself.
- Most SAAS companies host multiple clients on one server = New security concerns.
- LDAP (Similar to Windows Directory) is a standard already in wide use for Authentication (making sure people who they say they are).
- Spring Security (aka Acegi) is a well used Authorisation toolkit – i.e. make sure those people only do things they are allowed to do.
- The article shows you how to bring SAAS , LDAP and Spring Security together to get secure, scalable , hosted applications using the very best in widely understood technologies.
Of course, I’m not going to spill the beans on how exactly they do it; for that you’re going to have to hotfoot it over to the IBM Developerworks website.
Paul Browne 
“LDAP (Similar to Windows Directory)” Are you serious?
@Honk
At a superficial level (in the same way a Ferrari is similar to a Ford) yes.
Both provide tree like structures for the retrieval of (user) information. Windows Directory (what you are usually checked against when you login to your PC in a corporate environment) implements the LDAP standard, so can be a provider of this information should you choose. The article uses Apache Directory, so feel free to comment on which you think is best, and why!
Paul
Nice! Chico and Max did a great job. I’m also interested in using OpenID for authentication in SaaS offerings. LDAP could still be involved in some way, I suppose, say for grouping or roles or something similar.
Adam – I’ve just realized that the new theme on this blog is exactly the same as yours. Sorry about that.
Had the pleasure of working with Max and Chicco in a previous life. They had to put up with 3 months of ‘why don’t you write an article about that’ and instead of ignoring me (as most people do when I say that) they actually spent the time to put the article together.
Paul
“LDAP (Similar to Windows Directory)”
“in the same way a Ferrari is similar to a Ford”
I believe here we are comparing a brand new top of the range Ferrari with an older, entry level Ford model which requires some tinkering under the hood to gain MOT status!
http://www.backupanytime.com/whitepaper.htm