trust framework for the intercloud. buzz cloud computing today
TRANSCRIPT
Trust Framework for the Intercloud
Buzz
Cloud Computing Today
Cloud Computing Today
Desired State
• How do I know who is who?– Not all one enterprise (e.g., AD)– Not a single customer-provider relationship (e.g.,
static provisioning)– Potentially many legitimate participants– Nearly unlimited attackers– Identity work somewhat addresses this, but…
• What does it mean to the visited network to have a particular identity?– Resource access and manipulation– Strong authentication, yet how to do
authorization?
What is Missing?
• P2302 is IEEE Intercloud effort• Simple inter-cloud messaging protocol• Broker services for naming, directories,
and data marshaling• Requires everyone to agree on
everything for every application• Rich individual trust model,
but limited in practice• Huawei-led to last year
Current Attempts: IEEE P2302
P2302 Approaches
Centralized• All requests and data
held by neutral third-party broker
• Looking towards IANA or IGTF as a model or home
• But enterprises do not really trust their data in their own networks, no less in someone else’s
Federated
?• Nice Research
Project
• Work out semantics for cloud federation– Policy-driven
• Provide tailored trustworthy space for cloud computing– Cryptographic foundation for intercloud data
assurance– Tailored directory access for resources and
data
• Goal: Apply to IEEE P2302, IETFSCIM, IRTF SDNRG
Project: Intercloud Identity
• Evaluate state of the art and gap analysis with CBPP, Law Center, Department of Government– Interim Deliverable: Report on gaps
• Prototype peer-to-peer identity management system with tailored trust that meets operational & legal requirements
• Time: 15 months• Budget: $120,000; $65,000 to
get started
Plan: Intercloud Identity
Image Attributions:Nexus 4S by GNUtooiPhone by HereToHelpAll others: Microsoft & their partners