Best of two worlds: Secure cloud federations meet eIDAS

The federation of information technology (IT) systems is a common approach to bundle capabilities and get the best results for all participants. Cloud computing and electronic identity (eID) are only two out of many domains, for which federated solutions have been a topic of scientific and corporate interest during the past years. Recently, the H2020 project SUNFISH has introduced a new cloud-federation approach called ‘Federation as a Service’ (FaaS). FaaS enables secure cloud federations, where data owners remain in full control of their data and workflows. In this paper, we identify shortcomings of the FaaS approach in terms of secure and reliable user authentication. In this sense, data security and protection mechanisms are only as good as the applied authentication measures. We solve this issue by proposing the integration of an existing pan-European federation of national eID systems into FaaS. This increases security guarantees of FaaS by using a trustworthy and liable eID solution that has a strong legal basis in the form of the EU eIDAS Regulation. A first successful implementation and deployment of the proposed solution demonstrates its feasibility and shows the great potential of combining federation solutions from the cloud domain and the eID domain.