| As cloud computing is gaining momentum, an increasing number of services are being hosted on cloud platforms. It is even possible to host an entire computing infrastructure on such a platform. This is what is referred to as the IaaS (Infrastructure as a Service) paradigm. However, as they are being used in different contexts, flaws in the current cloud computing platforms' operational model are starting to emerge. One of these has to do with the fact that they take only one provider into account, thus preventing inter-provider interoperability. This feature can be especially useful to groups of small providers wanting to consolidate their limited resources to achieve a common goal for instance. Inter-provider interoperability also limits the vendor lockin phenomenon, which can raise serious problems as providers come and go. To solve these issues, collaborating cloud providers should embrace the federated cloud model. This model allows them to share resources and collaborate in order to build a truly distributed cloud. In this thesis, a flexible identity and access control architecture for such a federated model is described. This novel approach uses federated identity technologies to ease the creation of federated clouds and dynamic virtual organizations. It also relies on the flexible Attribute Based Access Control (ABAC) model that gives as much power as possible to the providers regarding access to their resources. Hence, collaborating cloud providers would be able to share resources according to established security policies. |
