A social network of service providers for trust and identity management in the Cloud

Publication Year:
Usage 39
Abstract Views 33
Downloads 6
Repository URL:
Bhonsle, Makarand
Missouri University of Science and Technology
Computer Sciences
thesis / dissertation description
"With the advent of a new paradigm in computing known as Cloud Computing which offers computing as a service, the inflow of a variety of service vendors is increasing constantly. One of the main challenges in this distributed network of service provisioning and deprovisioning system is the end user's privacy. Enforcing authentication and authorization protocols customized to the needs of every service provider evolves to a very intricate Identity Management System with respect to both the collaborating service providers as well as the user. This problem was addressed by the Federated Identity Management systems, where the user information is stored at one of the several identity providers and the service providers would contact one of these Identity Providers for user authentication information. One flaw with such a system was the centralized Identity provider. This problem is addressed in this work, where we present a Service Provider Managed-Trust system for communicating the user authentication information. We eliminate the Identity Provider while retaining its core functionality of i) managing user authentication information ii) managing trust between several service providers. Service Providers themselves manage the user authentication information while the trust management is leveraged to all the collaborating service providers in the network. This work also addresses the open challenge of heterogeneous data communication standards with respect to Identity Management. Current systems mostly use SAML (Security Assertion Mark-up Language) for communicating user authentication data over SOAP. We propose a lightweight communication method using REST (Representational State Transfer) while still maintaining the security aspect of SAML using Open-ID"--Abstract, page iv.