OpenPGP Blog

PGP Corporation’s Perspectives Blog offers some insight on how new cloud-based products can be secure and offer identity management (in a curiously unsigned post).  The first generation of products we have seen centers on API keys, except for a few products which require you to submit your username and password for remote use.  Both of these solutions are insecure for the same reasons.

Lately, a few cloud products at the bleeding edge of development have offered a new solution. GitHub, BitBucket, and Heroku have offered authentication solutions based on SSH keys. While these are development tools, their inherent focus on distributed data management suggests where next generation cloud services will solve authentication problems.