Abstract
On-boarding federation allows an enterprise to efficiently migrate its data from one storage cloud provider to another (e.g., for business or legal reasons), while providing continuous access and a unified view over the data during the migration. On-boarding is provided through a federation layer on the new destination cloud providing delegation for accessing object on the old source cloud. In this paper we describe a delegation architecture for on-boarding where the user delegates to the on-boarding layer a subset of his/her access rights on the source and destination clouds to enable on-boarding to occur in a safe and secure way, such that the on-boarding layer has the least privilege required to carry out its work. The added value of this work is in evaluating all security implications of a delegation necessary to be taken into account during the on-boarding phase. We also show how this delegation architecture can be implemented using Security Assertion Markup Language.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Armbrust, M., Fox, A., Griffith, R., Joseph, A.D., Katz, R.H., Konwinski, A., Lee, G., Patterson, D.A., Rabkin, A., Zaharia, M.: Above the Clouds: A Berkeley View of Cloud Computing. Technical Report UCB/EECS-2009-28, EECS Department, University of California, Berkeley (February 2009)
Vernik, G., Shulman-Peleg, A., Dippl, S., Formisano, C., Jaeger, M., Kolodner, E., Villari, M.: Data on-boarding in federated storage clouds. In: IEEE CLOUD 2013 IEEE 6th International Conference on Cloud Computing, Santa Clara Marriott, CA, USA (Center of Silicon Valley), June 27-July 2 (2013)
Kolodner, E.K., Tal, S., Kyriazis, D., Naor, D., Allalouf, M., Bonelli, L., Brand, P., Eckert, A., Elmroth, E., Gogouvitis, S.V., Harnik, D., Hernández, F., Jaeger, M.C., Lakew, E.B., Lopez, J.M., Lorenz, M., Messina, A., Shulman-Peleg, A., Talyansky, R., Voulodimos, A., Wolfsthal, Y.: A cloud environment for data-intensive storage services. In: CloudCom, pp. 357–366 (2011)
Leavitt, N.: Is cloud computing really ready for prime time? Computer, 15–20 (January 2009)
Olden, E.: Architecting a cloud-scale identity fabric. Computer 44(3), 52–59 (2011)
Chadwick, D.W., Casenove, M.: Security apis for my private cloud - granting access to anyone, from anywhere at any time. In: Proceedings of the 2011 IEEE Third International Conference on Cloud Computing Technology and Science, CLOUDCOM 2011, pp. 792–798. IEEE Computer Society, Washington, DC (2011)
Liberty: An alliance project (2013), http://projectliberty.org
SAML-OASIS: V2.0 technical (January 2013), http://www.oasis-open.org/specs/index.php
Shibboleth: System standards (January 2012), http://shibboleth.internet2.edu/
Villari, M., Tusa, F., Celesti, A., Puliafito, A.: How to federate vision clouds through saml/shibboleth authentication. In: De Paoli, F., Pimentel, E., Zavattaro, G. (eds.) ESOCC 2012. LNCS, vol. 7592, pp. 259–274. Springer, Heidelberg (2012)
Li, W., Ping, L.: Trust model to enhance security and interoperability of cloud environment. In: Jaatun, M.G., Zhao, G., Rong, C. (eds.) Cloud Computing. LNCS, vol. 5931, pp. 69–79. Springer, Heidelberg (2009)
Pearson, S., Shen, Y., Mowbray, M.: A privacy manager for cloud computing. In: Jaatun, M.G., Zhao, G., Rong, C. (eds.) Cloud Computing. LNCS, vol. 5931, pp. 90–106. Springer, Heidelberg (2009)
Huang, H.Y., Wang, B., Liu, X.X., Xu, J.M.: Identity federation broker for service cloud. In: 2010 International Conference on Service Sciences (ICSS), pp. 115–120 (May 2010)
KEYSTONE: Welcome to keystone, the openstack identity service (2013), http://docs.openstack.org/developer/keystone
Chase, J., Jaipuria, P.: Managing identity and authorization for community clouds. Technical report, Department of Computer Science, Duke University, Technical Report CS-2012-08 (2012)
Tassanaviboon, A., Gong, G.: Oauth and abe based authorization in semi-trusted cloud computing: aauth. In: Proceedings of the Second International Workshop on Data Intensive Computing in the Clouds, DataCloud-SC 2011, pp. 41–50. ACM, New York (2011)
Recordon, D., Reed, D.: Openid 2.0: a platform for user-centric identity management. In: Proceedings of the Second ACM Workshop on Digital Identity Management, pp. 11–16. ACM, New York (2006)
CAS: Central authentication service (June 2013), http://www.jasig.org/cas
SAML-DEL: V2.0 condition for delegation (2013), http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-delegation-cs-01.pdf
XACML: Cross-enterprise security and privacy authorization (xspa) profile of xacmlv2.0 for healthcare version 1.0, http://www.oasis-open.org/committees/document.php?document_id=34164&wg_abbrev=xacml
Hardt, D.: The OAuth 2.0 Authorization Framework. RFC 6749 (Proposed Standard) (October 2012)
Lodderstedt, T., McGloin, M., Hunt, P.: OAuth 2.0 Threat Model and Security Considerations. RFC 6819 (Informational) (January 2013)
SAML-ENHANC: 2.0 enhancements (2007), http://saml.xml.org/saml-2-0-enhancements
SAML-OAUTH: Saml 2.0 profile for oauth 2.0 client authentication and authorization grants”, note=” (2013), http://datatracker.ietf.org/doc/draft-ietf-oauth-saml2-bearer
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kolodner, E.K., Shulman-Peleg, A., Vernik, G., Formisano, C., Villari, M. (2013). Delegation for On-boarding Federation Across Storage Clouds. In: Canal, C., Villari, M. (eds) Advances in Service-Oriented and Cloud Computing. ESOCC 2013. Communications in Computer and Information Science, vol 393. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-45364-9_6
Download citation
DOI: https://doi.org/10.1007/978-3-642-45364-9_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-45363-2
Online ISBN: 978-3-642-45364-9
eBook Packages: Computer ScienceComputer Science (R0)