My private cloud overview
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share

My private cloud overview

  • 413 views
Uploaded on

Granting anyone access to your cloud resources at any time from anywhere

Granting anyone access to your cloud resources at any time from anywhere

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
413
On Slideshare
413
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
4
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. My Private Cloud Overview David W Chadwick, Matteo Casenove, Stijn F Lievens, Jerry I den Hartog, Andreas Pashalidis, Joseph Alhadeff5 July 2011 IEEE Cloud 2011 1
  • 2. Project Objectives • Migrate the trust, security and privacy preserving infrastructure from the EC TAS3 project to cloud services. • The TSP infrastructure relies on trusted cloud providers to operate in good faith but this can be checked – trust but verify • Infrastructure is built from legal agreements and open source software services • Software services include: trust and reputation management, sticky policies with fine grained access controls, privacy preserving delegation of authority, federated identity management, different levels of assurance and configurable audit trails5 July 2011 IEEE Cloud 2011 2
  • 3. LegendIdP=Identity Provider Architectural ComponentsAA=Attribute Authority IdP ServiceDS=Delegation ServiceAuthn=Authentication Directory AA Service DSP/S=Publish-Subscribe Audit Service Authn ServiceCSP=Cloud Service P/S ProviderPEP=Policy Enforcement Point Trust and TrustPDP= Policy Decision Reputation Network Point ServiceAuthz=Authorisation CSP WSC InfrastructureAppln=Application Code Dash Appln PWSC=Web Services Audit E Authz Client P InfrDash=User’s dashboard service TAAS PDP DSTAAS=Trusted Attribute Aggregation Service5 July 2011 IEEE Cloud 2011 3
  • 4. Progress To Date • Have defined and implemented APIs (in php) for • Federated Identity Management with different Levels of Assurance • Privacy Preserving Delegation of Authority • Granting of Access Rights to Other Account Holders • And built these into a front end Proxy Service to Amazon/Eucalyptus S3 service5 July 2011 IEEE Cloud 2011 4
  • 5. UK AMF Authz Database IdP 1 Account DB Authz API IdP 2 WAYF … Simple SAMLphp IdP n Authn Proxy API IdP Cloud (SimpleService SAML Other IdPs phpSP) CVS OpenID Facebook Google Twitter Org LDAP Delegation API LEGEND Delegation Issuing = Cloud API Security Services Web Service = External Services = Locally Provided Services
  • 6. Welcome Screen5 July 2011 IEEE Cloud 2011 6
  • 7. Login Redirects to Proxy IdP5 July 2011 IEEE Cloud 2011 7
  • 8. User Logs In via chosen IdP5 July 2011 IEEE Cloud 2011 8
  • 9. User is shown all the Accounts that his Attributes give him Ownership of, and Opens (or Creates) one5 July 2011 IEEE Cloud 2011 9
  • 10. User is shown Account Details of Opened Account List of Your Delegates List of Buckets You Own List of Buckets and Files that other Account Owners have shared with you5 July 2011 IEEE Cloud 2011 10
  • 11. User Opens a Bucket Can view/alter Access Rights Can upload/download files5 July 2011 IEEE Cloud 2011 11
  • 12. Showing Permissions that You have Granted to Others Permissions given to other Account Holders Permissions given to Contacts Give New Permissions to Others5 July 2011 IEEE Cloud 2011 12
  • 13. Granting Permissions To Others Granting Public access Granting access to other Account Holders Granting access to Contacts/Delegates5 July 2011 IEEE Cloud 2011 13
  • 14. Adding a New Contact5 July 2011 IEEE Cloud 2011 14
  • 15. Next Steps • Define an API for secure auditing and integrate this into system • Implement existing APIs in other cloud services • Define APIs for trust and reputation management5 July 2011 IEEE Cloud 2011 15
  • 16. Acknowledgements • This research has received funding from • EC’s FP7 under grant agreement n° 216287 (Trusted Architecture for Securely Shared Services) and • UK’s EPSRC under grant ref. n° EP/1034181/1 (My Private Cloud)5 July 2011 IEEE Cloud 2011 16