Identity Federation Broker for Service Cloud.
IBM1
01 Jan 2010-pp 115-120
TL;DR: In this article, the authors proposed an identity federation broker that introduces a trusted third party as a trust broker to simplify the management of identity federation in a user centric manner, which can reduce the cost and risk of federated identity management for both enterprises and service providers.
Abstract: As the wide adoption of in-cloud services (e.g., software-as-a-service), some major identity related issues are brought up. For enterprises, it usually introduces additional cost and risk to manage identities in services. For service providers, typical pairwise identity federation solutions are not scalable to support single sign-on, service composition, etc. among services for large environment like service cloud. This paper proposes an identity federation broker that introduces a trusted third party as a trust broker to simplify the management of identity federation in a user centric manner. With this solution, the cost and risk of federated identity management for both enterprises and service providers could be significantly reduced. A detailed scenario implementation is given to demonstrate the feasibility of the solution. Moreover, the vulnerability analysis shows how the solution can resist the typical security attacks.
Citations
More filters
03 Dec 2012
TL;DR: This paper overviews the security issues of federated identity in the cloud authentication and highlights the proposed models to solve identity theft in the federated environment.
Abstract: Cloud computing is a new generation of the technology that has been designed to cater for commercial necessities and to run suitable applications or solve IT management issues. While cost and ease of use are two top benefits of cloud, trust and security are the two top concerns of cloud computing users. Federated identity as a useful feature for user management and Single Sign-on (SSO) has also become an important part of federated identity environment. Misuse of the identity, identity theft, and platform trustworthiness are some of the problems in the federated identity environment. OAuth, OpenID, SAML are three main concept in cloud authentication and federated environment. This paper overviews the security issues of federated identity in the cloud authentication and highlights the proposed models to solve identity theft in the federated environment.
43Â citations
28 Jun 2013
TL;DR: A generic, modular on-boarding architecture is designed and implemented as part of a VISION Cloud, which is a large scale storage cloud designed for content-centric data, capable of integrating storage data from various clouds, providing a common global view of storage data.
Abstract: One of the main obstacles hindering wider adoption of storage cloud services is vendor lock-in, a situation in which large amounts of data that are placed in one storage system can not be migrated to another vendor, e.g., due to time and cost considerations. To prevent this situation we present an advanced on-boarding federation mechanism, enabling a cloud to add a special federation layer to efficiently import data from other storage clouds. This is achieved without being dependent on any special function from the other clouds. We design a generic, modular on-boarding architecture and demonstrate its implementation as part of a VISION Cloud, which is a large scale storage cloud designed for content-centric data. Our system is capable of integrating storage data from various clouds, providing a common global view of storage data. The users can access the data through the new cloud provider immediately after the setup, maintaining the normal operation of applications, so that they do not need to wait for the completion of the data migration process. Finally, we analyze the payment models of existing storage clouds, showing that transferring the data via on-boarding federation with a direct link between clouds can lead to significant time and cost savings.
40Â citations
01 Nov 2013
TL;DR: The CNG Manager and the associated gateway extend the current state of the art by applying the SDN principle to connectivity control of distributed and networked cloud resources.
Abstract: This paper presents a Software Defined Network (SDN) controller, called Cloud Networking Gateway (CNG) Manager, that enhances networking of distributed cloud resources and provides authorized customers with the ability to control and configure networks. The CNG Manager interconnects virtual machines acquired from distributed heterogeneous resources and services from multiple providers using a generic gateway. The cloud networking gateways are managed by the CNG Manager that handles allocation and configuration of the gateways according to connectivity requirements. Our implementation of the CNG Manager and the gateway is combined with an exact splitting algorithm and integrated in a cloud services provisioning system. The CNG Manager and the associated gateway extend the current state of the art by applying the SDN principle to connectivity control of distributed and networked cloud resources.
34Â citations
TL;DR: A novel dynamic trust model based on fuzzy cognitive maps is introduced for Federated Identity Management, which facilitates the creation of trust relationships between prior unknown entities in a secure and dynamic way and makes Federated identity management systems more scalable and flexible to deploy and maintain in cloud computing environments.
29Â citations
Proceedings Article•
01 Jan 2014
TL;DR: An overview of different cloud identity management-models that have already emerged up to now is given and these models are compared based on selected criteria, e.g. on practicability and privacy aspects.
Abstract: Unique identification and secure authentication are essential processes in various areas of application, e.g. in e-Government, e-Health, or e-Business. During the past years several identity management-systems and models have evolved. Many organizations and enterprises or even countries for their national eID solutions rely on identity management-systems for securing their applications. Since more and more applications are migrated into the cloud, secure identification and authentication are also vital in the cloud domain. How- ever, cloud identity management-systems need to meet slightly different requirements than traditional identity management-systems and thus cannot be clustered into the same model types or categories. Therefore, in this paper we give an overview of different cloud identity management-models that have already emerged up to now. We further compare these models based on selected criteria, e.g. on practicability and privacy aspects.
25Â citations
References
More filters
03 Dec 2012
TL;DR: This paper overviews the security issues of federated identity in the cloud authentication and highlights the proposed models to solve identity theft in the federated environment.
Abstract: Cloud computing is a new generation of the technology that has been designed to cater for commercial necessities and to run suitable applications or solve IT management issues. While cost and ease of use are two top benefits of cloud, trust and security are the two top concerns of cloud computing users. Federated identity as a useful feature for user management and Single Sign-on (SSO) has also become an important part of federated identity environment. Misuse of the identity, identity theft, and platform trustworthiness are some of the problems in the federated identity environment. OAuth, OpenID, SAML are three main concept in cloud authentication and federated environment. This paper overviews the security issues of federated identity in the cloud authentication and highlights the proposed models to solve identity theft in the federated environment.
43Â citations
28 Jun 2013
TL;DR: A generic, modular on-boarding architecture is designed and implemented as part of a VISION Cloud, which is a large scale storage cloud designed for content-centric data, capable of integrating storage data from various clouds, providing a common global view of storage data.
Abstract: One of the main obstacles hindering wider adoption of storage cloud services is vendor lock-in, a situation in which large amounts of data that are placed in one storage system can not be migrated to another vendor, e.g., due to time and cost considerations. To prevent this situation we present an advanced on-boarding federation mechanism, enabling a cloud to add a special federation layer to efficiently import data from other storage clouds. This is achieved without being dependent on any special function from the other clouds. We design a generic, modular on-boarding architecture and demonstrate its implementation as part of a VISION Cloud, which is a large scale storage cloud designed for content-centric data. Our system is capable of integrating storage data from various clouds, providing a common global view of storage data. The users can access the data through the new cloud provider immediately after the setup, maintaining the normal operation of applications, so that they do not need to wait for the completion of the data migration process. Finally, we analyze the payment models of existing storage clouds, showing that transferring the data via on-boarding federation with a direct link between clouds can lead to significant time and cost savings.
40Â citations
01 Nov 2013
TL;DR: The CNG Manager and the associated gateway extend the current state of the art by applying the SDN principle to connectivity control of distributed and networked cloud resources.
Abstract: This paper presents a Software Defined Network (SDN) controller, called Cloud Networking Gateway (CNG) Manager, that enhances networking of distributed cloud resources and provides authorized customers with the ability to control and configure networks. The CNG Manager interconnects virtual machines acquired from distributed heterogeneous resources and services from multiple providers using a generic gateway. The cloud networking gateways are managed by the CNG Manager that handles allocation and configuration of the gateways according to connectivity requirements. Our implementation of the CNG Manager and the gateway is combined with an exact splitting algorithm and integrated in a cloud services provisioning system. The CNG Manager and the associated gateway extend the current state of the art by applying the SDN principle to connectivity control of distributed and networked cloud resources.
34Â citations
TL;DR: A novel dynamic trust model based on fuzzy cognitive maps is introduced for Federated Identity Management, which facilitates the creation of trust relationships between prior unknown entities in a secure and dynamic way and makes Federated identity management systems more scalable and flexible to deploy and maintain in cloud computing environments.
29Â citations
Proceedings Article•
01 Jan 2014
TL;DR: An overview of different cloud identity management-models that have already emerged up to now is given and these models are compared based on selected criteria, e.g. on practicability and privacy aspects.
Abstract: Unique identification and secure authentication are essential processes in various areas of application, e.g. in e-Government, e-Health, or e-Business. During the past years several identity management-systems and models have evolved. Many organizations and enterprises or even countries for their national eID solutions rely on identity management-systems for securing their applications. Since more and more applications are migrated into the cloud, secure identification and authentication are also vital in the cloud domain. How- ever, cloud identity management-systems need to meet slightly different requirements than traditional identity management-systems and thus cannot be clustered into the same model types or categories. Therefore, in this paper we give an overview of different cloud identity management-models that have already emerged up to now. We further compare these models based on selected criteria, e.g. on practicability and privacy aspects.
25Â citations