A Design of Cross-Realm Authentication Scheme in Openstack Based on Declaration

Aiming at the issue how users in Windows domain cross-realm access cloud computing resources, a cross-realm authentication scheme based on federated identity was proposed. Based on the idea of the declaration, the scheme uses the federated identity provider to replace the gateway in the traditional gateway-based cross-realm authentication model, so as to realize the users in Windows domain access the cloud resources without re-authentication. The scheme uses SAML protocol to exchange user identity information between different domains, which ensures versatility and security of the system and realizes seamlessly secure communication between different security domains. Finally, based on claim provider, federated identity provider and application service provider, we give the design of the key components of the three modules, then the feasibility of the scheme is verified with the popular cloud platform OpenStack.

[1]  Y Huang Model of cloud computing oriented T-RBAC , 2013 .

[2]  Bofeng Zhang,et al.  Comparison of Several Cloud Computing Platforms , 2009, 2009 Second International Symposium on Information Science and Engineering.

[3]  Richard Wolski,et al.  The Eucalyptus Open-Source Cloud-Computing System , 2009, 2009 9th IEEE/ACM International Symposium on Cluster Computing and the Grid.

[4]  Yan Yang,et al.  An Identity and Access Management Architecture in Cloud , 2014, 2014 Seventh International Symposium on Computational Intelligence and Design.

[5]  Andreas Menychtas,et al.  ElaaS: An Innovative Elasticity as a Service Framework for Dynamic Management across the Cloud Stack Layers , 2012, 2012 Sixth International Conference on Complex, Intelligent, and Software Intensive Systems.

[6]  Mounira Msahli,et al.  Access control in probative value cloud , 2013, 8th International Conference for Internet Technology and Secured Transactions (ICITST-2013).

[7]  Jukka Ylitalo,et al.  OpenID authentication as a service in OpenStack , 2011, 2011 7th International Conference on Information Assurance and Security (IAS).

[8]  Keith Brown,et al.  A Guide to Claims-Based Identity and Access Control: Patterns & Practices , 2010 .