My private cloud--granting federated access to cloud resources

We describe the research undertaken in the six month JISC/EPSRC funded My Private Cloud project, in which we built a demonstration cloud file storage service that allows users to login to it, by using their existing credentials from a configured trusted identity provider. Once authenticated, users are shown a set of accounts that they are the owners of, based on their identity attributes. Once users open one of their accounts, they can upload and download files to it. Not only that, but they can then grant access to their file resources to anyone else in the federated system, regardless of whether their chosen delegate has used the cloud service before or not. The system uses standard identity management protocols, attribute based access controls, and a delegation service. A set of APIs have been defined for the authentication, authorisation and delegation processes, and the software has been released as open source to the community. A public demonstration of the system is available online

Security APIs for My Private Cloud-Granting access to anyone, from anywhere at any time

We describe a set of security APIs that grant federated access to a user’s cloud resources, and that also allow the user to grant access to his resources to anyone from anywhere at any time. The APIs implement federated access to clouds, fine grained access controls and delegation of authority. We have integrated these APIs into two cloud applications in order to validate their utility. This paper describes the conceptual model and architecture of the APIs, as well as their integration into the Eucalyptus S3 service. The paper concludes by specifying the current limitations