Evaluating a Distributed Identity Provider Trusted Network with Delegated Authentications for Cloud Federation Antonio Celesti, Francesco Tusa, Massimo Villari and Antonio Puliafito Dept. of Mathematics, Faculty of Engineering, University of Messina Contrada di Dio, S. Agata, 98166 Messina, Italy. e-mail: {acelesti, ftusa, mvillari, apuliafito}@unime.it Abstract—Federation offers an affordable opportunity for small and medium cloud providers to become as competitive as the biggest counterparts. However, in order to establish a federated cloud ecosystem, it is needed to rely on an efficient security infrastructure enabling authentication among clouds. Assuming a scalable federated cloud environment, the management of security can become very hard due to the number of authentications and trusted relationships that have to be established. Nowadays, the latest trend in authentication is the Identity Provider/Service Provider model. This paper aims to investigate a distributed IdP/SP infrastructure based on the concept of delegated authentications, evaluating its possible utilization in a federated cloud scenario. Keywords-Cloud Computing, Federation, Distributed IdPs, Trusted Network. I. I NTRODUCTION By now, the cloud ecosystem has been characterized by the steady rising of hundreds of independent and heteroge- neous cloud providers, managed by private subjects which yield various services to their clients. Using this computing infrastructure it is possible to pursue new levels of efficiency in delivering Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS) to clients (e.g., companies, organizations, end-users, and so on). Despite such an ecosystem includes hundreds of indepen- dent, heterogeneous clouds, many business operators have predicted that the process toward interoperable federated Intracloud/Intercloud environments will begin in the near future [1], even involving standardization boards (i.e., IEEE [2]). Nowadays, small/medium cloud providers are becom- ing popular even though their virtualization infrastructures (i.e., deployed in their datacenters) cannot directly com- pete with the bigger counterparts, including mega-providers such as Amazon, Google, and Saleforce. The result is that frequently small/medium cloud providers have to exploit services of mega-providers in order to develop their business logic and their cloud-based services. This means that the role of market leader is intended to remain in the hands of bigger players in the near future. To this regard, a possible future alternative scenario is based on the concept of cooperating clouds constituting the federation. Federation has always had both political and historical implications: the term refers, in fact, to a type of system characterized by an aggregation of partially “self-governing” entities with a “central government”. In a federation, each self-governing status of the component entities is typically independent and may not be altered by a unilateral decision of the “central government” [3]. Federation is also a concept which is adopted in many information systems. Considering small/medium independent self-governing cloud providers, federation means a cooperation enabling the sharing of part of their computational and storage resources with the purpose to provide new business opportunity. The advantage of a federated cloud scenario is twofold. On one hand, small/medium cloud providers, which rent resources to other providers, can optimize the use of their infrastructure, which often is under utilized, at the same time earning money for the use of their resources. On the other hand, external smal- l/medium cloud providers can elastically scale their logical virtualization infrastructure, borrowing resources and paying other providers for their use. Therefore, cloud federation allows another form of pay-per-use economic model for ICT companies, universities, research centers and organizations that usually do not fully exploit the resources of their phys- ical infrastructure. The benefits of cloud federation include provisioning of distributed cloud-based services, resource sharing, resource optimization and power saving [4]. However, several issues have to be faced from the point of view of security. Security is a wide topic in cloud computing and in this work we specifically focus on the establishment of trusted relationships between clouds, that can become very hard to be managed in scalable scenarios. Usually a trusted relationship among two or more systems is performed by means of authentication mechanisms. In this paper, we discuss two possible authentication scenarios for the establishment of trust contexts between federated clouds: 1) Single Sign-On (SSO) Authentica- tion using the traditional Identity Provider/Service Provider (IdP/SP) model; 2) Single Sign-On (SSO) authentication using a system of distributed Identity Providers (IdPs) with delegated authentications. The paper is organized as follows: Section II describes the state of the art in authentication for distributed system, focusing on the IdP/SP model. In Section III, we analyze in detail the two authentication scenarios. A comparison between them is discussed in Section IV. Conclusions are summarized in Section V. 79 CLOUD COMPUTING 2011 : The Second International Conference on Cloud Computing, GRIDs, and Virtualization Copyright (c) IARIA, 2011. ISBN: 978-1-61208-153-3