Trust Framework for the Intercloud
Buzz
Cloud Computing Today
Cloud Computing Today
Desired State
What is Missing?
• How do I know who is who?
– Not all one enterprise (e.g., AD)
– Not a single customer-provider relationship (e.g.,
static provisioning)
– Potentially many legitimate participants
– Nearly unlimited attackers
– Identity work somewhat addresses this, but…
• What does it mean to the visited network to have a
particular identity?
– Resource access and manipulation
– Strong authentication, yet how to do
authorization?
Current Attempts: IEEE P2302
• P2302 is IEEE Intercloud effort
• Simple inter-cloud messaging protocol
• Broker services for naming, directories,
and data marshaling
• Requires everyone to agree on everything
for every application
• Rich individual trust model,
but limited in practice
• Huawei-led to last year
P2302 Approaches
Centralized
• All requests and data
held by neutral third-party
broker
• Looking towards IANA or
IGTF as a model or home
• But enterprises do not
really trust their data in
their own networks, no
less in someone else’s
Federated
Project: Intercloud Identity
• Work out semantics for cloud federation
– Policy-driven
• Provide tailored trustworthy space for cloud
computing
– Cryptographic foundation for intercloud data
assurance
– Tailored directory access for resources and data
• Goal: Apply to IEEE P2302, IETF
SCIM, IRTF SDNRG
Plan: Intercloud Identity
• Evaluate state of the art and gap analysis
with CBPP, Law Center, Department of
Government
– Interim Deliverable: Report on gaps
• Prototype peer-to-peer identity management
system with tailored trust that meets
operational & legal requirements
• Time: 15 months
• Budget: $120,000; $65,000 to
get started
Image Attributions:
Nexus 4S by GNUtoo
iPhone by HereToHelp
All others: Microsoft & their partners