E-Id Authentication and Uniform Access to Cloud Storage Service Providers Jo˜aoGouveia, Paul Andrew Crocker IT & DI Universidade da Beira Interior 6201-001 Covilh˜a, Portugal Email: m4861|crocker@ubi.pt Sim˜ao Melo de Sousa LIACC & DI Universidade da Beira Interior 6201-001 Covilh˜a, Portugal Email: desousa@ubi.pt Ricardo Azevedo PTInova¸c˜ ao, SA, Rua Eng. Jos´ e Ferreira Pinto Basto 3810 - 106 Aveiro, Portugal Email: ricardo-a-pereira@ptinovacao.pt Abstract —This article describes an architecture for authentication and uniform access to protected data stored on popular Cloud Storage Service Providers. This architecture takes advantage of the OAuth au- thentication mechanism and the strong authentication mechanism of the National Electronic Identity (E-Id) Cards , in our case the Portuguese E-Id card or Cart˜ao deCidad˜ao (CC). We shall present a comparison of authentication mechanisms and access to popular cloud storage providers, comparing the different authentica- tion mechanisms OAuth 1.0, OAuth 1.0a and OAuth 2.0. Using the proposed architecture we have developed an implementation of this architecture that provides a uniform web based access to popular Cloud Storage Service Providers such as Dropbox, Skydrive, Cloudpt and Google Drive using the authentication mechanism of the E-Id card as a unique access token. In order to provide a uniform access to these services we shall describe the differences in the various REST APIs for the targeted providers. Finally the web application that allows users that hold E-Id cards a single point of access to their various cloud storage services will be presented. I. Introduction With the exponential growth of the internet and similar increase in the number of services available to users the spread of digital identities has become endemic. In the most recent period of the history of the internet a huge effort has been made to find solutions that help solve the problems related to the explosion of the number of identities that any single user may have. The greater use of cloud services in recent years has simply added to an already known problem and it is therefore imperative for the research community to investigate new and innovative ways for users to secure their data whilst coping with multiple identities. Identity management systems have emerged as a mech- anism for users to manage their multiple identities. These systems have as main features the ability to manage in- dividual identities, manage authentication, authorization, roles and privileges for a given service or set of services. These systems are able to provide easy access to protected data to third parties, without being required to share sensitive information such as your user name or pass- word. The hope is that this new paradigm will fix several problems of multiplicity of identities, authentication, and confidentiality. OAuth and openID are examples of this type of systems that manage a particular form of the identity of a user. If the strong authentication of Electronic identity (E-Id) authentication could be combined with one of these protocols then a user can have guarantees of having a robust two-factor authentication system where an important component in the process of authentication is the fact of owning a physical element and knowing the PIN code and only through this mechanism can a user access services where he is registered with any number of varying identities. The proposed architecture uses the concept of identity management systems and the concept of authentication with the Portuguese Citizen Card and applies them in Cloud environments, mainly in the most popular storage providers that support OAuth. The final implementation presented is aimed at the following providers: Dropbox, Skydrive and Cloudpt. In this way we have included and studied the behaviour of the various REST APIs offered by these providers and also shown how can we deal with all the versions of the OAuth Protocol. The remainder of this article is organized into the following seven sections. In section II the contribution of this article will be presented. In section III related work shall be presented. In section IV the authentication aspect of the Portuguese E-ID card is explained and its integration into the proposed architecture detailed. In the following section V the OAuth protocol and its various versions are discussed. In section VI the various REST APIs of the targeted cloud storage service providers are discussed. In section VII the web application developed based on our proposed architecture and API is presented. Finally in section VIII conclusion and future work are described. II. Contribution The architecture proposed in this article has the objec- tive of aggregating different cloud providers. The main con- tribution of this paper is the architecture and mechanisms developed so that users authenticated with a National E-Id card are given transparent access to their cloud providers by interacting with their services using the authentication and authorization provided by the OAuth protocol. Al- though there are already various platforms that aggregate 2013 IEEE International Conference on Cloud Computing Technology and Science 978-0-7695-5095-4/13 $31.00 © 2013 IEEE DOI 10.1109/CloudCom.2013.71 487