Premium
Integrating an AAA‐based federation mechanism for OpenStack—The CLASSe view
Author(s) -
Pérez Méndez Alejandro,
López Millán Gabriel,
Marín López Rafael,
Chadwick David W.,
Schechtman Sette Ioram
Publication year - 2017
Publication title -
concurrency and computation: practice and experience
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.309
H-Index - 67
eISSN - 1532-0634
pISSN - 1532-0626
DOI - 10.1002/cpe.4148
Subject(s) - authentication (law) , identity management , cloud computing , computer science , interoperability , computer security , authentication server , world wide web , service provider , the internet , authorization , service (business) , business , operating system , marketing
Summary Identity federations enable users, service providers, and identity providers from different organizations to exchange authentication and authorization information in a secure way. In this paper, we present a novel identity federation architecture for cloud services based on the integration of a cloud identity management service with an authentication, authorization, and accounting infrastructure. Specifically, we analyse how this type of authentication, authorization, and accounting–based federation can be smoothly integrated into OpenStack, the leading open source cloud software solution, using the Internet Engineering Task Force (IETF) Application Bridging for Federated Access Beyond web specification for authentication and authorization. We provide details of the implementation undertaken in GÉANT's CLASSe project and show its validation in a real testbed.