Google has improved security by enabling cloud-hosted services like Cloud Storage to authenticate interaction with...
applications using certificate-based technology.
This means, for example, that a request from a web application to Google Cloud Storage can be authenticated via a certificate instead of a shared key, wrote Google product manager Justin Smith in a blog post.
"Certificates offer better security properties than shared keys and passwords, largely because they are not human-readable or guessable," he wrote.
Cloud-hosted developer services that can now authenticate application requests through Service Accounts are Google Cloud Storage; Google Prediction API; Google URL Shortener; Google OAuth 2.0 Authorization Server; Google APIs Console; and Google APIs Client Libraries for Python, Java, and PHP.
Google plans to add more APIs and client libraries to that list. The feature is implemented as an OAuth 2.0 flow and is compliant with draft 25 of the OAuth 2.0 specification, according to Smith.
OAuth is an open standard for authorisation that allows users to share their private resources stored on one site with another site without having to hand out their credentials, typically supplying username and password tokens instead.
According to Hendrick, initiatives like OAuth 2.0 and Google's decision to align their Service Account support with OAuth is an important step forward in improving cloud security.
Gartner analyst Bob Blakley expects OAuth to evolve into a key identity-related standard. Organisations should keep an eye on this standard and look if and where OAuth fits or will fit in, he told attendees of the Gartner IAM Summit 2012 in London.