Ad Coelum Technology selects Windows Azure Active Directory

As a cloud solution provider, Ad Coelum Technology is committed to embracing the very latest security protocols and technologies to ensure end users receive a secure, yet non-pervasive authentication experience. We will be working closely with Microsoft to ensure that our Azure-based solutions are compatible with all key Microsoft cloud offerings (such as Office 365, Lync, SharePoint, Windows Live, SkyDrive etc.) as well as other key technology platforms such as iOS and Android on the client-side.

In order to achieve this goal, we will be using an approach known as claims-based authentication, whereby the identity of a particular user is verified by a claims provider known as a secure token service (STS). Windows Azure Active Directory (AD) provides a powerful STS known as Access Control Services (ACS) which can be used in conjunction with both cloud identity providers (e.g. Google, Facebook, Windows Live ID and Yahoo) and critically - corporate active directories. Using a synchronisation mechanism between traditional on-premise Windows Server AD and Windows Azure AD in the cloud, existing investment in on-premise security infrastructure can be leveraged for hybrid and cloud-based scenarios.

Claims Based Authentication with Windows Azure Active Directory

The ability to manage the identity of our clients, their customers and their partners through an STS capable of managing many different identity providers is a very powerful proposition. This approach makes collaboration with a wide variety of internal and external users much simpler at the solution architecture level. Let's go through the above diagram step-by-step to discuss how claims-based authentication works in practice...

1. An end user requests a resource (i.e. a browser page request, web service request etc.) from our matter management solution running in Windows Azure.
2. As the user is not yet authenticated, they are redirected to Windows Azure AD which has been configured as the STS for the solution. The user is presented with a list of potential identity providers which are offered by the STS in relation to our solution
3. If the end user is external to the firm they may well be selecting a consumer identity provider such as Google or Windows Live. For internal users this is more likely to be active directory. Note: In both cases the user would need to have previously registered with the matter management solution (either through automatic active directory synchronisation, or in the case of an external user, an approval process to link their identity claim to a contact within the matter management solution). This has been omitted from the diagram which illustrates the authentication process only, not initial registration.
4. The user enters their credentials into the selected IP login page and a security token is issued if authentication is successful.
5. The IP redirects the user back to Windows Azure AD along with the security token.
6. Windows Azure AD validates the security token and runs it through a rules engine managed by Windows Azure Access Control Services (ACS). This engine transforms the output claims into the format expected by our solution.
7. ACS then redirects the user to our application where the ACS token is used to validate the users identity on all subsequent requests (until the token expires).

Although this seven step process may sound convoluted, steps 2 through 6 have not even touched our matter management solution. The user has also only seen two screens, one to select an IP, another to enter their login details.

In effect, we as an Independent Software Vendor, have outsourced the authentication process.  By adopting Windows Azure AD as our trusted provider we will be dramatically reducing the amount of custom authentication logic within our solutions, which allows us to reduce risk from a non-functional perspective and focus more time and resources on delivering functional requirements. That's not to say we are being complacent when it comes to security. As a cloud provider we make security our number one concern and by choosing Windows Azure AD/ACS we are able to leverage a powerful, secure, standards-based solution backed by the investment and support of a multi-billion dollar corporation.

Our mission is to make lawyers more productive through enjoyable technology. The decision to adopt claims-based authentication and Windows Azure AD enables a less obstructive authentication experience using reusable tokens which can be shared by different solutions to reduce user disruption.

Windows Azure Active Directory is currently at the developer preview stage and we will be working alongside Microsoft to incorporate this ground breaking new technology into our solutions over the coming months.

Cloud computing for lawyers, not dummies!

Some folks think cloud computing should be named cloudy computing, because it is precipitous, vague, messy, hazy and unpredictable ;-)

The term "cloud computing" seems to encompass everything - including the kitchen sink!

However, the cloud is with us and here to stay!

Traditional legal business applications have often been very complicated. The amount and variety of hardware and software required to run them can be quite daunting and expensive. Law firms often need a whole team of experts to install, configure, test, run, secure, and update them.

Legal business applications are moving to the cloud. It’s not just a fad - the shift from traditional software models to the Internet has steadily gained momentum over the last 10 years. Looking forward, the next decade of cloud computing promises new ways to collaborate everywhere, anytime; especially through mobile devices.

Many companies have adopted the cloud to save money. Some say it can be safer, as it’s harder to lose data in a cloud (for example, if a company’s computers are destroyed in a fire, its cloud-based information will still exist). Large cloud providers have multiple backups/fail-safe provisions.

So what is the cloud really? “A computer network to store, access and share data from Internet-connected devices?”

And what about cloud computing then? “The practice of using a network of remote servers hosted on the Internet to store, manage, and process data, rather than a local server?”.

Still confused? In the end, we like "the cloud is the internet as a business or consumer platform".

Simple!

Ad Coelum Technology joins Microsoft BizSpark startup scheme

We are happy to announce that Ad Coelum Technology Limited has been accepted into the Microsoft BizSpark startup program. The BizSpark program provides technology, support, visibility and community to promising startups and entrepreneurs across the world. To find out more about BizSpark, click here.

Microsoft BizSpark Website

The BizSpark program provides us access to a vast range of Microsoft development tools such as Visual Studio, Team Foundation Server and Windows Azure, all of which make up the backbone of our technology platform. We are really looking forward to working with Microsoft as part of this scheme and aim to become a prominent member of the Bizspark community over the coming months as we build out our legal industry solutions.