How to Adapt Authentication and Authorization Infrastructure of Applications for the Cloud

Abstract

Migration of existing enterprise applications to the Cloud requires substantial adaptation effort in individual architectural components. Existing work has focused on migrating the application with functional and non-functional aspects. However, none of them has focused so far on the adaptation of security and privacy. In our previous work, Identity-as-a-service (IDaaS) decouples Authentication and Authorization Infrastructure (AAI) from the business logic of the application as a manageable resource for the Cloud provider to control its life cycle. Since IDaaS controls the complete security chain, it can coordinate automated trust negotiation between Cloud services in federated security domains. On the other hand, IDaaS provides identity federation for Cloud users to access multiple service providers on demand but also may preserve user's privacy. In this paper, we continue to model a security topology for the Cloud applications. A security topology describes an abstract layer of AAI's components, requirements, and trust relationship between them. It preserves the provisioning of AAI across different environments for interoperability, portability, and enables a dynamic trust relationship with other services on demand.