Explore the concepts of authorization federation, trust frameworks, and multi-cloud collaboration in the realm of Infrastructure as a Service (IaaS). Delve into the importance of heterogeneous and homogenous platforms, peer-to-peer coupling, and the various trust types governing inter-cloud access. Discover the significance of administrative realms in establishing secure and efficient cloud environments.
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.
Why Multi Cloud? Collaboration of organizations across clouds. Organizations with resources across multiple clouds. 2 World-Leading Research with Real-World Impact!
Scope of Contribution Cloud Federation Service IaaS SaaS PaaS Platform Homogenous Heterogeneous Trust Circle-of-Trust Peer-to-Peer Coupling Authentication Federation Authorization Federation 3 World-Leading Research with Real-World Impact!
Multi Cloud Collaboration Cloud Federation Service (IaaS, PaaS, SaaS) Heterogeneous: Google account (Open ID 2.0) Heterogeneous within google. Homogenous: Eduroam federated network access. Platform Heterogeneous: OpenStack federation with AWS. Homogenous: Keystone to Keystone federation. Trust Circle-of-Trust: Alliance of institutions for sharing scientific data such as CERN. Peer-to-Peer: Best Buy federating with Rackspace. Coupling Identity Federation: SAML, OAuth, OpenID, SSO. Authorization Federation: SAML, OAuth. 4 World-Leading Research with Real-World Impact!
Trust Framework Trust Peer-to-Peer Coupling Circle-of-Trust Initiation Bilateral Unilateral Direction Bidirectional Unidirectional Transitivity Non-Transitive Transitive 5 World-Leading Research with Real-World Impact!
Concept of Trust Four trust types: ???? ?: (Trustor grants inter-cloud access to trustee) If ? ??, cloud ? is authorized to assign ? s users to cloud ? s resources. In such trust type, ? controls trust relation existence and cross-cloud assignments. ???? ?: (Trustee grants inter-cloud access to trustor) If ? ??, cloud ? is authorized to assign ? s users to its resources. In such trust type, ? controls trust relation and ? controls cross-cloud assignments. ???? ?: (Trustee takes inter-cloud access to trustor) If ? ??, cloud ? is authorized to assign its users to cloud ? s resources. In such trust type, ? controls trust relation and ? controls cross-cloud assignments. ???? ?: (Trustee controls intra-cloud access to trustor) If ? ??, cloud ? is authorized to assign ? s users to ? s resources. In such trust type, ? controls trust relation and ? controls intra-cloud assignments within ?. 6 World-Leading Research with Real-World Impact!
Multi Cloud Trust Three trust scopes based on administrative realms in cloud: Cross Cloud Trust Sharing cloud infrastructure resources, such as services. Cross Domain Trust Sharing domain resources such as projects. Cross Project Trust Sharing project resources such as VMs. 8 World-Leading Research with Real-World Impact!
Cloud Trust Enables sharing cloud resources, services and domains. Set of domains shared between clouds with trust type (for domain trust). Sharing services by creating private domains for service allocation. Trust relation in Cloud Trust is Peer-to-Peer, bilateral, bidirectional, non- transitive. 9 World-Leading Research with Real-World Impact!
Domain Trust Enabling cross cloud access by assigning users to PRPs between trusted domains. Trust relations are Peer-to-Peer, unilateral, unidirectional, non-transitive. ?? ??? ?? ?? ?1 ?2 ?3 ?4 ?5 ?6 ???1 ???2 ???4 ???5 ???3 ???6 10 World-Leading Research with Real-World Impact!
Project Trust Enabling cross cloud access to service instances by assigning users to PRPs between trusted projects. Trust relations are Peer-to-Peer, unilateral, unidirectional, non-transitive. ?? ?? ???2 ????5 ?1 ?2 ?3 ?4 ?5 ?6 ???1 ???2 ???4 ???5 ???3 ???6 ??6 ??1 ??2 ??3 ??4 ??5 11 World-Leading Research with Real-World Impact!
Related Work RBAC extensions ROBAC (collaboration ins not supported). GB-RBAC (group does own users). Role Based delegation models Delegation chains lacks dynamicity of trust in cloud federation environments. Multi-tenant trust models in single cloud. MT-RBAC (Multi-Tenant RBAC). CTTM (Cross Tenant Trust model). OSAC-DT (OpenStack Access Control with Domain Trust). 12 World-Leading Research with Real-World Impact!
Conclusion & Future Work Multi-cloud trust model Cloud trust. Domain trust. Project trust. Trust framework & trust types Four types of trust applicable to administrative realms in cloud. Implementation in single cloud Partial implementation of domain-trust in single cloud OpenStack. Future Work Cloud trust implementation. Implementation in federated OpenStack clouds. Project trust implementation. Hierarchical multi-domain model. Attribute based models. 13 World-Leading Research with Real-World Impact!
