A Logical Approach to Cloud Federation
This addresses the problem of secure and scalable cloud federation for infrastructure providers and users, though it appears incremental as it builds on existing models like GENI and AWS IAM.
The paper tackles the challenges of managing identity, resource access, naming, connectivity, and object access control in federated clouds by proposing a data-centric approach based on trust logic, implementing it in the NSF GENI testbed to extend services like shared identity management and cross-site interconnection without central control.
Federated clouds raise a variety of challenges for managing identity, resource access, naming, connectivity, and object access control. This paper shows how to address these challenges in a comprehensive and uniform way using a data-centric approach. The foundation of our approach is a trust logic in which participants issue authenticated statements about principals, objects, attributes, and relationships in a logic language, with reasoning based on declarative policy rules. We show how to use the logic to implement a trust infrastructure for cloud federation that extends the model of NSF GENI, a federated IaaS testbed. It captures shared identity management, GENI authority services, cross-site interconnection using L2 circuits, and a naming and access control system similar to AWS Identity and Access Management (IAM), but extended to a federated system without central control.