A Federated Cloud Identity Broker-Model for Enhanced Privacy via Proxy Re-Encryption

摘要

Reliable and secure user identification and authentication are key enablers for regulating access to protected online services. Since cloud computing gains more and more importance, identification and authentication in and across clouds play an increasing role in this domain too. Currently, existing web identity management models are often just mapped to the cloud domain. Besides, within recent years several cloud identity management models such as the cloud identity broker-model have emerged. In the aforementioned model, an identity broker in the cloud acts as hub between various service and identity providers. While this seems to be a promising approach for adopting identity management in cloud computing, still some problems can be identified. A notable issue is the dependency of users and service providers on the same central broker for identification and authentication processes. Additionally, letting an identity broker store or process sensitive data such as identity information in the cloud brings up new issues, in particular with respect to user's privacy. To overcome these problems, we propose a new cloud identity management model based on the federation between different cloud identity brokers. Thereby, users and service providers can select their favorite cloud identity broker without being dependent on one and the same broker. Moreover, it enhances user's privacy by the use of appropriate cryptographic mechanisms and in particular proxy re-encryption. Besides introducing the model we also provide a proof of concept implementation thereof.