• Accueil
  • Accueil
  • Accueil
  • Accueil



Accueil > Équipes > R3S > Séminaires R3S > Séminaires R3S 2012

"Adding federated identity management and fine grained access controls to cloud computing"

Présenté par David Chadwick, University of Kent
vendredi 30 novembre 2012 13h30-15h00, salle A008

This talk will describe two cloud security projects being carried out at the University of Kent.

My Private Cloud has developed a set of security APIs that grant federated access to a user’s cloud resources, and that also allow the user to grant access to his resources to anyone from anywhere at any time.

The APIs implement federated access to clouds, fine grained access controls and delegation of authority.

We have integrated these APIs into two cloud applications in order to validate their utility. I will describe the conceptual model and architecture of the APIs, as well as their integration into the Eucalyptus S3 service. A live demonstration will be given if possible.

I will conclude this part by specifying the limitations in the system.
Sticky Policy Based Open Source Security APIs for the Cloud is developing a set of security APIs for OpenStack which will provide federated access and policy based authorisation to cloud resources.

An initial implementation of federated access to Keystone has been completed and further enhancements are planned.

A live demonstration will be given if possible. Work is just starting on the sticky policy APIs and plans for these will be discussed.

David W Chadwick :

David Chadwick is Professor of Information Systems Security at the University of Kent. He is the leader of the Information Systems Security Research Group
and a member of IEEE and ACM. He has published widely, with over 140 publications in international journals, conferences and workshops, including 8 books, 17 book chapters, 36 journals
and successfully managed over 30 research projects. He has served as a PC member of over 150 international conferences and been the PC Chair or Co-Chair for 10.
He specialises in Public Key Infrastructures, Privilege Management Infrastructures, Trust Management, Identity Management, Privacy Management and Internet Security research in general. Current research topics include : attribute aggregation, policy based authorisation, cloud security, the management of trust, recognition and delegation of authority and autonomic access controls. He actively participates in standardisation activities, is the UK BSI representative to X.509 standards meetings, the chair of the Open Grid Forum OGSA Authorisation Working Group, and a member of OASIS and the Kantara Initiative. He is the author of a number of Internet Drafts, RFCs and OGF documents. He was the leader of WP7 (Identity Management, Authentication and Authorisation) in the recent TAS3 FW7 Integrated Project
( Prior to this, he has been involved in the following EC projects : MAITS, TrustHealth2, ICE-TEL, ICE-CAR, PERMIS, GUIDES, PKI Challenge, and TrustCoM. His current project is adding federated identity management and sticky policy based APIs to OpenStack.
His group are the creators of PERMIS (, an open source X.509 and SAML supported RBAC authorisation infrastructure which has been hardened by the Swiss MOD and released as Open Source Hardened PERMIS at PERMIS is currently integrated with Globus Toolkit, Shibboleth, Apache, the OMII-UK and XACML.

Federated Access Open Stack /D.Chawick
My Private Cloud /D. Chawick