Skip to main content

Authorization Policy Federation in Heterogeneous Multicloud Environments

Sette, Ioram S., Chadwick, David W., Ferraz, Carlos A. G. (2017) Authorization Policy Federation in Heterogeneous Multicloud Environments. IEEE Cloud Computing, 4 (4). pp. 38-47. ISSN 2325-6095. (doi:10.1109/MCC.2017.3791018)

PDF - Author's Accepted Manuscript
Download (338kB) Preview
Official URL


Current Infrastructure as a Service (IaaS) cloud platforms have their own authorisation system, containing different access control policies and models. Clients with accounts in multiple cloud providers struggle to manage their rules in order to provide a homogeneous access control experience to users. This work proposes a solution: an Authorisation Policy Federation (APF) of heterogeneous cloud accounts. These federated accounts share a centrally managed policy written in Disjunctive Normal Form (DNF) using a cloud-independent ontology. This shared abstract policy can be translated to local cloud formats, and back again. Prototypes were implemented for OpenStack and Amazon Web Services (AWS) cloud formats, and rules were successfully translated with a Level of Semantic Equivalence (LSE) higher than 80.

Item Type: Article
DOI/Identification number: 10.1109/MCC.2017.3791018
Subjects: Q Science
T Technology
Divisions: Faculties > Sciences > School of Computing > Security Group
Depositing User: David Chadwick
Date Deposited: 02 Nov 2017 08:50 UTC
Last Modified: 09 Jul 2019 11:29 UTC
Resource URI: (The current URI for this page, for reference purposes)
Chadwick, David W.:
  • Depositors only (login required):


Downloads per month over past year