{"title":"Decentralised Identity Management solution for zero-trust multi-domain Computing Continuum frameworks","authors":"","doi":"10.1016/j.future.2024.08.003","DOIUrl":null,"url":null,"abstract":"<div><p>The adoption of the Computing Continuum is characterised by the seamless integration of diverse computing environments and devices. In this dynamic landscape, sharing resources across the continuum is becoming a reality and security must move an step forward, specially in terms of authentication and authorisation for such a distributed and heterogeneous environments. The need for robust identity management is paramount and, in this regard, Decentralised Identity Management (DIM) emerges as a promising solution. It leverages decentralised technologies to secure and facilitate identity interactions across the Computing Continuum. Particularly, to enhance security and privacy, it would be desirable to apply the principles of Self-Sovereign Identity (SSI). In this paradigm, users have full ownership and control of their digital identities that empowers individuals to manage and share their identity data on a need-to-know basis. These mechanisms could contribute to improve security properties during continuum resource management operations. In this context, this paper presents the design, workflows and implementation of a solution that provides authentication/authorisation features to distributed zero-trust based infrastructures across the continuum, enhancing security in resource sharing and resource acquisition stages. To this aim, the solution relies on key aspects like decentralisation, interoperability, trust management and privacy-enhancing capabilities. The decentralisation leverages distributed ledger technologies, such as blockchain, to establish a decentralised identity ecosystem. The solution prioritises interoperability, enabling nodes to seamlessly access and share their identities across different domains and environments. Trustworthiness is at the core of DIM, and privacy is also considered, incorporating privacy-preserving techniques that individuals to selectively disclose identity attributes while safeguarding sensitive information. The implementation includes different operations for allowing continuum frameworks to be enhanced with decentralised authentication and authorisation features. The performance has been evaluated measuring the impact for the adoption of the solution. The most expensive task, the self-identity generation, takes only a few seconds (in our deployment) and it is only executed once. Authorisation tasks operate in the millisecond range, which is a totally invaluable time if incorporated into resource acquisition processes in frameworks such as Liqo, used in the scope of FLUIDOS project.</p></div>","PeriodicalId":55132,"journal":{"name":"Future Generation Computer Systems-The International Journal of Escience","volume":null,"pages":null},"PeriodicalIF":6.2000,"publicationDate":"2024-08-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S0167739X24004291/pdfft?md5=b118fab0128173d8752d4ab90e0703c8&pid=1-s2.0-S0167739X24004291-main.pdf","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Future Generation Computer Systems-The International Journal of Escience","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167739X24004291","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, THEORY & METHODS","Score":null,"Total":0}
引用次数: 0
Abstract
The adoption of the Computing Continuum is characterised by the seamless integration of diverse computing environments and devices. In this dynamic landscape, sharing resources across the continuum is becoming a reality and security must move an step forward, specially in terms of authentication and authorisation for such a distributed and heterogeneous environments. The need for robust identity management is paramount and, in this regard, Decentralised Identity Management (DIM) emerges as a promising solution. It leverages decentralised technologies to secure and facilitate identity interactions across the Computing Continuum. Particularly, to enhance security and privacy, it would be desirable to apply the principles of Self-Sovereign Identity (SSI). In this paradigm, users have full ownership and control of their digital identities that empowers individuals to manage and share their identity data on a need-to-know basis. These mechanisms could contribute to improve security properties during continuum resource management operations. In this context, this paper presents the design, workflows and implementation of a solution that provides authentication/authorisation features to distributed zero-trust based infrastructures across the continuum, enhancing security in resource sharing and resource acquisition stages. To this aim, the solution relies on key aspects like decentralisation, interoperability, trust management and privacy-enhancing capabilities. The decentralisation leverages distributed ledger technologies, such as blockchain, to establish a decentralised identity ecosystem. The solution prioritises interoperability, enabling nodes to seamlessly access and share their identities across different domains and environments. Trustworthiness is at the core of DIM, and privacy is also considered, incorporating privacy-preserving techniques that individuals to selectively disclose identity attributes while safeguarding sensitive information. The implementation includes different operations for allowing continuum frameworks to be enhanced with decentralised authentication and authorisation features. The performance has been evaluated measuring the impact for the adoption of the solution. The most expensive task, the self-identity generation, takes only a few seconds (in our deployment) and it is only executed once. Authorisation tasks operate in the millisecond range, which is a totally invaluable time if incorporated into resource acquisition processes in frameworks such as Liqo, used in the scope of FLUIDOS project.
期刊介绍:
Computing infrastructures and systems are constantly evolving, resulting in increasingly complex and collaborative scientific applications. To cope with these advancements, there is a growing need for collaborative tools that can effectively map, control, and execute these applications.
Furthermore, with the explosion of Big Data, there is a requirement for innovative methods and infrastructures to collect, analyze, and derive meaningful insights from the vast amount of data generated. This necessitates the integration of computational and storage capabilities, databases, sensors, and human collaboration.
Future Generation Computer Systems aims to pioneer advancements in distributed systems, collaborative environments, high-performance computing, and Big Data analytics. It strives to stay at the forefront of developments in grids, clouds, and the Internet of Things (IoT) to effectively address the challenges posed by these wide-area, fully distributed sensing and computing systems.