Your search keyword '"Ioram S. Sette"' showing total 3 results

1. Authorization Policy Federation in Heterogeneous Multicloud Environments

Author

Carlos Ferraz, David W. Chadwick, and Ioram S. Sette

Subjects

Computer Networks and Communications, business.industry, Computer science, Authorization, 020207 software engineering, Cloud computing, Access control, 02 engineering and technology, Disjunctive normal form, Ontology (information science), Computer security, computer.software_genre, Computer Science Applications, World Wide Web, Work (electrical), Semantic equivalence, Order (business), 0202 electrical engineering, electronic engineering, information engineering, Computer Science (miscellaneous), 020201 artificial intelligence & image processing, business, computer, Software

Abstract

Current Infrastructure as a Service (IaaS) cloud platforms have their own authorisation system, containing different access control policies and models. Clients with accounts in multiple cloud providers struggle to manage their rules in order to provide a homogeneous access control experience to users. This work proposes a solution: an Authorisation Policy Federation (APF) of heterogeneous cloud accounts. These federated accounts share a centrally managed policy written in Disjunctive Normal Form (DNF) using a cloud-independent ontology. This shared abstract policy can be translated to local cloud formats, and back again. Prototypes were implemented for OpenStack and Amazon Web Services (AWS) cloud formats, and rules were successfully translated with a Level of Semantic Equivalence (LSE) higher than 80.

Published

2017

2. Integrating an AAA-based federation mechanism for OpenStack-The CLASSe view

Author

David W. Chadwick, Rafael Marín López, Gabriel López Millán, Alejandro Perez Mendez, and Ioram S. Sette

Subjects

Authentication, Computer Networks and Communications, Computer science, business.industry, Testbed, Authorization, 020206 networking & telecommunications, Cloud computing, 02 engineering and technology, Service provider, Computer security, computer.software_genre, Identity management, Computer Science Applications, Theoretical Computer Science, World Wide Web, Software, Computational Theory and Mathematics, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, The Internet, business, computer

Abstract

Summary Identity federations enable users, service providers, and identity providers from different organizations to exchange authentication and authorization information in a secure way. In this paper, we present a novel identity federation architecture for cloud services based on the integration of a cloud identity management service with an authentication, authorization, and accounting infrastructure. Specifically, we analyse how this type of authentication, authorization, and accounting–based federation can be smoothly integrated into OpenStack, the leading open source cloud software solution, using the Internet Engineering Task Force (IETF) Application Bridging for Federated Access Beyond web specification for authentication and authorization. We provide details of the implementation undertaken in GEANT's CLASSe project and show its validation in a real testbed.

Published

2017

3. Integrating Cloud Platforms to Identity Federations

Author

Carlos Ferraz and Ioram S. Sette

Subjects

Authentication, business.industry, Computer science, computer.internet_protocol, Access control, Cloud computing, Computer security, computer.software_genre, Identity management, OpenID Connect, World Wide Web, Identity (object-oriented programming), The Internet, business, computer, XML

Abstract

Privacy of the data processed and/or stored in the cloud is a concern for the users of these services. Cloud platforms are exposed in the Internet, managed by third parties, and their usage is shared by different users. Identity and access control mechanisms are relevant because they intend to protect data from improper access. Among these mechanisms, identity federations let users' authentication be performed by entities that are closer to them. The proposal of this work is to integrate the Open stack cloud platform to identity federations using SAML and OpenID Connect protocols. These protocols are compared observing the ease of integration and performance.

Published

2014