Federated Authentication and Credential Translation in the EUDAT Collaborative Data Infrastructure

To read the full-text of this research, you can request a copy directly from the authors.


One of the challenges in a distributed data infrastructure is how users authenticate to the infrastructure, and how their authorisations are tracked. Each user community comes with its own established practices, all different, and users are put off if they need to use new, difficult tools. From the perspective of the infrastructure project, the level of assurance must be high enough, and it should not be necessary to reimplement an authentication and authorisation infrastructure (AAI). In the EUDAT project, we chose to implement a mostly loosely coupled approach based on the outcome of the Contrail and Unicore projects. We have preferred a practical approach, combining the outcome of several projects who have contributed parts of the puzzle. The present paper aims to describe the experiences with the integration of these parts. Eventually, we aim to have a full framework which will enable us to easily integrate new user communities and new services.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the authors.

... The resources offered by a single organization can be insufficient for some users who need large amounts of storage and computing power to process the streams of data continuously produced by experiments or to make use of the large amount of information gathered in various existing datasets. To simplify the use of resources that belong to many organizations, the resource providers create federated organizations (FO), often defining a storage attached network (SAN) and detailing common rules of cooperation and resource sharing [45]. While grids [33] and virtual organizations (VOs) [41] introduce issues of decentralized management by organizations that use different policies and make autonomous decisions according to the local requirements, further work is required to improve the efficiency and convenience of data access as well as cost-effective data management. ...
Full-text available
Open-data research is an important factor accelerating the production and analysis of scientific results as well as worldwide collaboration; still, very little data is being shared at scale. The aim of this article is to analyze existing data-access solutions along with their usage limitations. After analyzing the existing solutions and data-access stakeholder needs, the authors propose their own vision of a data-access model.
Conference Paper
Full-text available
In this paper, we address several critical security issues that bottle up the wide adoption of the Cloud Computing technology. In the last years the Cloud Security Alliance (CSA) has identified many security issues that should be considered during the design of Cloud systems. We experienced them developing the Security-Enhanced (SE) CLEVER, the secure release of CLEVER, a Message Oriented Middleware for Cloud computing based on the well-known XMPP protocol. SE CLEVER provides a secure inter-module and inter-Cloud communication system useful for managing Federated environments. The secure communication system of SE CLEVER was designed leveraging the XMPP flexibility. The experimental results show how the secure capabilities introduced in SE CLEVER do not affect the overall performances of the middleware.
Conference Paper
Full-text available
Federation is currently finding a wide argumentation in Cloud Computing. The federation among cloud operators should allow new opportunities and businesses even making the role of SMEs crucial in these new scenarios. In this work, we provide a solution on how to federate Storage Cloud providers, enabling the transparent and dynamic federation among storage suppliers adding new functionalities for end-users. VISION Cloud represents the reference architecture dealing with Storage Clouds, and our work attempts to design a solution applied on VISION, but suitable for any similar architecture.
Conference Paper
In cloud computing, data are managed by different entities, not only by the actual data owner but also by many cloud providers. Sophisticated clouds collaboration scenarios may require that the data objects are distributed at cloud providers and accessed remotely, while still being under the control of the data owners. This brings security challenges for distributed authorization and trust management that existing proposed schemes have not fully solved. In this paper, we propose a Dynamic Trust Establishment approach which can be incorporated into cloud services provisioning life-cycles for the multi-provider Intercloud environment. It relies on attribute-based policies as the mechanism for trust evaluation and delegation. The paper proposes a practical implementation approach for attribute-based policies evaluation using Multi-type Interval Decision Diagrams extended from Integer Decision Diagrams which is more efficient in terms of evaluation complexity than other evaluation approaches.
Most confidential, valuable resources on the World Wide Web are protected by some form of authentication technology. To access these resources, either via the public Internet or private intranets, users must verify their digital identity. This can range from a simple user-name-password combination to biometric data such as fingerprints to physical objects like hardware tokens and smart cards. Federated identity management would enable individuals to interact with various service providers or Web sites with trust relationships by signing in just once.
Cloud Intelligence: Agents Within An InterCloud
  • Kwang Mong
Catania Science Gateway ETokenServer
  • G Larocca
  • S Monforte
  • D Scardaci
OpenID Connect Core 1. 0
  • N Sakimura
  • J Bradley
  • M Jones
  • B De Medeiros
  • C Mortimore
Internet X. 509 public key infrastructure (pki) proxy certificate delegation profile
  • S Tuecke
  • V Welch
  • D Engert
  • L Pearlman
  • M Thompson