My private cloud overview
-
Upload
davidwchadwick -
Category
Technology
-
view
280 -
download
1
Transcript of My private cloud overview
![Page 1: My private cloud overview](https://reader034.fdocuments.in/reader034/viewer/2022042716/55c49994bb61ebc84f8b4884/html5/thumbnails/1.jpg)
My Private Cloud Overview
David W Chadwick, Matteo Casenove,
Stijn F Lievens, Jerry I den Hartog,
Andreas Pashalidis, Joseph Alhadeff
5 July 2011 IEEE Cloud 2011 1
![Page 2: My private cloud overview](https://reader034.fdocuments.in/reader034/viewer/2022042716/55c49994bb61ebc84f8b4884/html5/thumbnails/2.jpg)
Project Objectives
• Migrate the trust, security and privacy preserving infrastructure from the EC TAS3 project to cloud services.
• The TSP infrastructure relies on trusted cloud providers to operate in good faith but this can be checked – trust but verify
• Infrastructure is built from legal agreements and open source software services
• Software services include: trust and reputation management, sticky policies with fine grained access controls, privacy preserving delegation of authority, federated identity management, different levels of assurance and configurable audit trails
5 July 2011 IEEE Cloud 2011 2
![Page 3: My private cloud overview](https://reader034.fdocuments.in/reader034/viewer/2022042716/55c49994bb61ebc84f8b4884/html5/thumbnails/3.jpg)
Trust
Network
CSP
Authz
Infr
P
E
P
Audit
IdP
DSAA
Authn
Legend
IdP=Identity Provider
AA=Attribute Authority
DS=Delegation Service
Authn=Authentication
Service
P/S=Publish-Subscribe
Service
CSP=Cloud Service
Provider
PEP=Policy
Enforcement Point
PDP= Policy Decision
Point
Authz=Authorisation
Infrastructure
Appln=Application Code
WSC=Web Services
Client
Dash=User’s dashboard
service
TAAS=Trusted Attribute
Aggregation Service
WSC
Audit
Service
TAAS
Appln
Trust and
Reputation
Service
Service
Directory
P/S
Dash
DSPDP
Architectural Components
5 July 2011 IEEE Cloud 2011 3
![Page 4: My private cloud overview](https://reader034.fdocuments.in/reader034/viewer/2022042716/55c49994bb61ebc84f8b4884/html5/thumbnails/4.jpg)
Progress To Date
• Have defined and implemented APIs (in php) for
• Federated Identity Management with different Levels of Assurance
• Privacy Preserving Delegation of Authority
• Granting of Access Rights to Other Account Holders
• And built these into a front end Proxy Service to Amazon/Eucalyptus S3 service
5 July 2011 IEEE Cloud 2011 4
![Page 5: My private cloud overview](https://reader034.fdocuments.in/reader034/viewer/2022042716/55c49994bb61ebc84f8b4884/html5/thumbnails/5.jpg)
= External Services
= Locally Provided Services
= Cloud API Security Services
LEGEND
Delegation Issuing
Web Service
UK AMF
Simple
SAMLphp
Proxy
IdP
Account
DB
WAYF
OpenID Facebook Google Twitter
Other IdPs
Cloud
Service
Authn
API
(Simple
SAML
phpSP)
IdP 1
IdP 2
IdP n
…
Org
LDAPDelegation API
CVS
Authz API
Authz Database
![Page 6: My private cloud overview](https://reader034.fdocuments.in/reader034/viewer/2022042716/55c49994bb61ebc84f8b4884/html5/thumbnails/6.jpg)
Welcome Screen
5 July 2011 IEEE Cloud 2011 6
![Page 7: My private cloud overview](https://reader034.fdocuments.in/reader034/viewer/2022042716/55c49994bb61ebc84f8b4884/html5/thumbnails/7.jpg)
Login Redirects to Proxy IdP
5 July 2011 IEEE Cloud 2011 7
![Page 8: My private cloud overview](https://reader034.fdocuments.in/reader034/viewer/2022042716/55c49994bb61ebc84f8b4884/html5/thumbnails/8.jpg)
User Logs In via chosen IdP
5 July 2011 IEEE Cloud 2011 8
![Page 9: My private cloud overview](https://reader034.fdocuments.in/reader034/viewer/2022042716/55c49994bb61ebc84f8b4884/html5/thumbnails/9.jpg)
User is shown all the Accounts that his Attributes give
him Ownership of, and Opens (or Creates) one
5 July 2011 IEEE Cloud 2011 9
![Page 10: My private cloud overview](https://reader034.fdocuments.in/reader034/viewer/2022042716/55c49994bb61ebc84f8b4884/html5/thumbnails/10.jpg)
User is shown Account Details of Opened Account
List of Your Delegates
List of Buckets You Own
List of Buckets and Files that other
Account Owners have shared with you
5 July 2011 IEEE Cloud 2011 10
![Page 11: My private cloud overview](https://reader034.fdocuments.in/reader034/viewer/2022042716/55c49994bb61ebc84f8b4884/html5/thumbnails/11.jpg)
User Opens a Bucket
Can view/alter Access Rights Can upload/download files
5 July 2011 IEEE Cloud 2011 11
![Page 12: My private cloud overview](https://reader034.fdocuments.in/reader034/viewer/2022042716/55c49994bb61ebc84f8b4884/html5/thumbnails/12.jpg)
Showing Permissions that You have Granted to Others
Permissions given to Contacts
Permissions given to other Account Holders
Give New Permissions to Others
5 July 2011 IEEE Cloud 2011 12
![Page 13: My private cloud overview](https://reader034.fdocuments.in/reader034/viewer/2022042716/55c49994bb61ebc84f8b4884/html5/thumbnails/13.jpg)
Granting Permissions To Others
Granting access
to Contacts/Delegates
Granting access to other
Account Holders
Granting Public access
5 July 2011 IEEE Cloud 2011 13
![Page 14: My private cloud overview](https://reader034.fdocuments.in/reader034/viewer/2022042716/55c49994bb61ebc84f8b4884/html5/thumbnails/14.jpg)
Adding a New Contact
5 July 2011 IEEE Cloud 2011 14
![Page 15: My private cloud overview](https://reader034.fdocuments.in/reader034/viewer/2022042716/55c49994bb61ebc84f8b4884/html5/thumbnails/15.jpg)
Next Steps
• Define an API for secure auditing and
integrate this into system
• Implement existing APIs in other cloud
services
• Define APIs for trust and reputation
management
5 July 2011 IEEE Cloud 2011 15
![Page 16: My private cloud overview](https://reader034.fdocuments.in/reader034/viewer/2022042716/55c49994bb61ebc84f8b4884/html5/thumbnails/16.jpg)
Acknowledgements
• This research has received funding from
• EC’s FP7 under grant agreement n° 216287
(Trusted Architecture for Securely Shared
Services) and
• UK’s EPSRC under grant ref. n° EP/1034181/1
(My Private Cloud)
5 July 2011 IEEE Cloud 2011 16