Jing Min Xu

Bio: Jing Min Xu is an academic researcher from IBM. The author has contributed to research in topics: Service provider & Trusted third party. The author has an hindex of 2, co-authored 2 publications receiving 68 citations.

Identity Federation Broker for Service Cloud

Abstract: As the wide adoption of in-cloud services (e.g., software-as-a-service), some major identity related issues are brought up. For enterprises, it usually introduces additional cost and risk to manage identities in services. For service providers, typical pairwise identity federation solutions are not scalable to support single sign-on, service composition, etc. among services for large environment like service cloud. This paper proposes an identity federation broker that introduces a trusted third party as a trust broker to simplify the management of identity federation in a user centric manner. With this solution, the cost and risk of federated identity management for both enterprises and service providers could be significantly reduced. A detailed scenario implementation is given to demonstrate the feasibility of the solution. Moreover, the vulnerability analysis shows how the solution can resist the typical security attacks.

Identity Federation Broker for Service Cloud.

Abstract: As the wide adoption of in-cloud services (e.g., software-as-a-service), some major identity related issues are brought up. For enterprises, it usually introduces additional cost and risk to manage identities in services. For service providers, typical pairwise identity federation solutions are not scalable to support single sign-on, service composition, etc. among services for large environment like service cloud. This paper proposes an identity federation broker that introduces a trusted third party as a trust broker to simplify the management of identity federation in a user centric manner. With this solution, the cost and risk of federated identity management for both enterprises and service providers could be significantly reduced. A detailed scenario implementation is given to demonstrate the feasibility of the solution. Moreover, the vulnerability analysis shows how the solution can resist the typical security attacks.

A survey on security issues of federated identity in the cloud computing

Abstract: Cloud computing is a new generation of the technology that has been designed to cater for commercial necessities and to run suitable applications or solve IT management issues. While cost and ease of use are two top benefits of cloud, trust and security are the two top concerns of cloud computing users. Federated identity as a useful feature for user management and Single Sign-on (SSO) has also become an important part of federated identity environment. Misuse of the identity, identity theft, and platform trustworthiness are some of the problems in the federated identity environment. OAuth, OpenID, SAML are three main concept in cloud authentication and federated environment. This paper overviews the security issues of federated identity in the cloud authentication and highlights the proposed models to solve identity theft in the federated environment.

Data On-Boarding in Federated Storage Clouds

Abstract: One of the main obstacles hindering wider adoption of storage cloud services is vendor lock-in, a situation in which large amounts of data that are placed in one storage system can not be migrated to another vendor, e.g., due to time and cost considerations. To prevent this situation we present an advanced on-boarding federation mechanism, enabling a cloud to add a special federation layer to efficiently import data from other storage clouds. This is achieved without being dependent on any special function from the other clouds. We design a generic, modular on-boarding architecture and demonstrate its implementation as part of a VISION Cloud, which is a large scale storage cloud designed for content-centric data. Our system is capable of integrating storage data from various clouds, providing a common global view of storage data. The users can access the data through the new cloud provider immediately after the setup, maintaining the normal operation of applications, so that they do not need to wait for the completion of the data migration process. Finally, we analyze the payment models of existing storage clouds, showing that transferring the data via on-boarding federation with a direct link between clouds can lead to significant time and cost savings.

Single sign-on identity management between local and remote systems

Abstract: Single sign-on identity management between local and cloud-based systems is provided. A remote or cloud-based authentication endpoint is registered as a local device, service or resource in a user's local directory services system. A local device and associated user requesting access to cloud-based resources will then see the authentication endpoint as an internal (inside the enterprise) server and may supply an authentication ticket which includes on-premises log-in or sign-on identity for the user. The remote or cloud-based authentication endpoint may then validate the authentication ticket, and the user may then access devices, applications and services operated in association with the remote or cloud-based authentication endpoint without a second or separate log-in or sign-on and without use of additional authentication equipment at the user's enterprise network.

Identity services for organizations transparently hosted in the cloud

Abstract: Embodiments of the invention are disclosed for establishing single identity/single-sign on (SSO) on a cloud computing platform. In an embodiment, a user is validated to the cloud computing platform, and identifies a domain. After establishing that the user has control of the domain, the cloud computing platform configures a directory service for the domain. The user may then use the directory service on the cloud computing platform to log in to his or her computer, as well as software services hosted on the cloud computing platform.

SDN for Inter Cloud Networking

Abstract: This paper presents a Software Defined Network (SDN) controller, called Cloud Networking Gateway (CNG) Manager, that enhances networking of distributed cloud resources and provides authorized customers with the ability to control and configure networks. The CNG Manager interconnects virtual machines acquired from distributed heterogeneous resources and services from multiple providers using a generic gateway. The cloud networking gateways are managed by the CNG Manager that handles allocation and configuration of the gateways according to connectivity requirements. Our implementation of the CNG Manager and the gateway is combined with an exact splitting algorithm and integrated in a cloud services provisioning system. The CNG Manager and the associated gateway extend the current state of the art by applying the SDN principle to connectivity control of distributed and networked cloud resources.