References for Rich Sharing and Clusterken

As more work moves to the cloud, the need for ever more diverse forms of sharing arise. In particular, the need to be able to share securely and transparently grows more urgent.

Below is a potpourri of links to videos, podcasts, technical papers, and live demos on transparently secure sharing. Topics include

Rich Sharing, a set of features we have identified which, when implemented in applications, enable people to work together smoothly and effectively. Crowd sourced access control is an emergent property of rich sharing. The IT department can crowd source the granting and delegating of resources to the users who best understand the least privileges needed by their coworkers. This lowers IT costs, minimizes attack surface, and makes end users more productive.
PubShare, a publication/subscription system that embodies and demonstrates the features of rich sharing.
Authorization Based Access Control(ZBAC), a security paradigm that makes it easier to build transparent security into applications.
Clusterken, a cloud-oriented software development framework that transparently implements ZBAC-based object-access in the form of webkeys. Applications implemented on Clusterken with clean modular object-oriented architectures have strong security characteristics as an emergent property. As a consequence, even the quickest and dirtiest demo version of an application can have a good security foundation (though additional work will often be needed to achieve specific security goals). PubShare was built with Clusterken. Clusterken itself is built on top of Waterken, a development framework for secure and reliable distributed applications.

Try It Out Yourself

Click Here for PubShare and Clusterken Webkeys
At the link above, enter your email address to receive webkeys for the following activities:

A Topic Editor webkey for the PubShare Discussion Forum, where you can participate in conversations about PubShare, rich sharing, and crowd sourced access control.
A Topic Creator webkey that allows you to create your own topics and delegate participation to others.
A Quick Dev software development environment for developing and testing small cloud-oriented applications.

(Note: The FireFox browser, version 3.5 or greater, is recommended for these applications, especially for Quick Dev)

5 Minute Videos (and More)

If you have just a few minutes to learn a little bit about rich sharing, check out some of these 5 minute (approximately) videos. Or if you have more time, there are some longer multimedia presentations here as well:

Six Key Features of Rich Sharing
PubShare: An Example of Rich Sharing
Security Myth Debunkers: Can People Manage Fine Grain Privileges? There is a popular myth that people cannot manage large numbers of small grants of authority. In fact, we have been managing such authorities, in uncounted thousands, for decades, as demonstrated here.
Building A Cluster App with Clusterken in 5 Minutes
PodCast: Crowd Sourcing Access Control in the Cloud This is not a video, but rather a short (8-minute) podcast about the presentation made at RSA 2012.
Webkeys or Passwords: Which is More Secure? is 12 minutes long, so does not quite qualify as a "5 minute video". But it compares and contrasts webkeys and traditional passwords in a decision matrix using a typical threat model for a typical web app.
Ken Protocol Versus Chaos Monkey: Smackdown describes the ken protocol lying at the heart of Clusterken, and pits the protocol against the Chaos Monkey that kills nodes in the cloud at random.
Lazy Programmer's Guide to Security. This hour-long Google Tech Talk introduces you to the basic security approach taken when using tools like Clusterken, with which we achieve strong security properties as an emergent property of modular object-oriented design.

Papers and Tech Reports

If you have more time, you can peruse these longer documents.

Rich Sharing for the Web is a tech report describing the principles of rich sharing.

Zebra Copy: A Reference Implementation of Federated Access Management describes how to implement ZBAC using SAML certificates rather than unguessable urls and webkeys.

Solving the Transitive Access Problem for the Services Oriented Architecture won a Best Paper award and describes another problem domain in which ZBAC affords a straightforward solution to a traditionally intractable problem. While the paper predates the articulation of the ideas of rich sharing, it is in fact another domain in which those principles prove crucial.

Clusterken: A Reliable Object-Based Messaging Framework describes the development of an earlier pubsub system from which the PubShare application evolved.

Introduction to Waterken Programming is a tutorial for building applications with Waterken, the distributed system development framework upon which Clusterken is built. All the descriptions of features and techniques described here apply to Clusterken; Clusterken has additional features beyond what are described here, for interacting with cluster resources. This paper takes you through the process of building your own servers; it is easier to get started by using the Quick Dev environment with a pre-existing cluster, as offered by the first link on this page.

A Reliable and Secure Application Spanning Multiple Administrative Domains describes the Waterken underpinnings in more detail, in the context of a significant rich-sharing application built upon it.

Towards Fearless Distributed Programming offers another perspective on the workings of Clusterken (and Waterken) underpinning technology. This is easy to read but somewhat obsolete.