Trauma-Informed Leadership - Five Practical Principles
Trust assessment 2017 for cloud identity providers using analytical hierarchical process
1. Trust Assessment for Cloud Identity Providers
Using Analytical Hierarchy Process
Brian Cusack
Eghbal Ghazi Zadeh
2. Objective
• Develop a trust management framework for cloud
identity customers that:
– Aggregates, manages and measures trust-related
information
– Attributes, Characteristics, Metrics, Secure elements
– From different sources which are available and relevant
while assessing the trustworthiness of a cloud identity
providers
2
3. Cloud Computing
3
• XaaS (Anything as a Service)
• TaaS (Trust as a Service)
• IDaaS (Identity as a Service)
4. Cloud Computing
• Every cloud service has a method of managing
identities that may address some of challenges but a
user requires to know the trust that may be put in
the service.
• The techniques and methods used can be measured
by the trust measurement system to help a user to
make a good decision
4
5. Cloud Identity Management System
• OAuth
• SAML
• Windows CardSpace, Info Card
• Higgins
• U-Prove
• Identity Mixer (Idemix)
• OpenID
• OpenID Connect
5
6. OpenID Connect Workflow
6
Auth Server
Auth Server
Auth Server
Auth Server
Auth Server
Auth Server
Cloud Service Provider
Cloud Identity Provider
Cloud Identity User
Trust Framework
7. Problem Statement
• Between CIdPs and CIdUs, what are the
Essential System Characteristics (ESC) of the
published trust establishment methods?
• Prioritizing characteristics and attributes
• Multi-Criteria Decision Making (MCDM)
• Analytical Hierarchy Process (AHP)
7
9. AHP
9
• AHP approach is one of the more extensively
used MCDM methods.
• decomposition, or the hierarchy construction.
• comparative judgments, or defining and
executing data collection to obtain pairwise
comparison data on elements of the
hierarchical structure.
• synthesis of priorities, or constructing an
overall priority rating.
10. ESC OF CLOUD IDENTITY PROVIDERS
• Balancing
• Single sign-on
• Lifecycle
• Privacy
• Risk
• Standards
10
14. Conclusion
• Selecting a trustable and Secure CIdP is
essential
• Users require trust information
• Selection of a CIdPs as an MCDM problem
• Critical criteria affecting the decision making
• Theoretical three level AHP model
•
14
Cloud entities: This component is responsible for interaction with customers and understanding their application needs. It performs discovery and ranking of services using other components such as trust management, direct/indirect trust, and evaluation methods.
Monitoring and history information: This component discovers services that can satisfy user requirements, then it closely monitors the trust performance of the service. The related history records are stored in the service database for access and reference.
Computing service network structure and catalogue: This component builds the network structure and the features advertised by the various different providers. The computing resources are divided into different classes to satisfy demand distribution.
Cloud entities: This component is responsible for interaction with customers and understanding their application needs. It performs discovery and ranking of services using other components such as trust management, direct/indirect trust, and evaluation methods.
Monitoring and history information: This component discovers services that can satisfy user requirements, then it closely monitors the trust performance of the service. The related history records are stored in the service database for access and reference.
Computing service network structure and catalogue: This component builds the network structure and the features advertised by the various different providers. The computing resources are divided into different classes to satisfy demand distribution.