Managing Access in Cloud Service Chains Using Role-Level Agreements

Introduction

Service-Oriented Architecture (SOA), though, has tremendously attracted the research community but due to its novelty has posed ever evolving challenges related to its implementation. One of the challenges is the automation of supply-chains in the SOA-based Cloud infrastructures. The service provision from the service constructor to the end user is usually part of an emergent supply-chain. In this chapter, we present a generic scenario used in SOA for different Service-Level Agreements (SLA) on single service at various levels in such a supply chain. The scenario of supply chain of a service has some limitations which will be discussed in this chapter. A Role-based Access Control (RBAC) for Federated Cloud (FC) model is presented in this chapter to handle the Cloud service chains. At each level of service chain, some specific rules are described.

Service-oriented Architecture is used for three types of Services. Software as a Service (SaaS); where we have ephemeral resources, Infrastructure as a Service (IaaS); where supply chain is made up of non-diminishing resources, Platform as a Service (PaaS); where there are some ephemeral resources and some are non-diminishing. If we examine all the three types of services, we find that practically resources are rented out but no tangible resources are handed over to anybody.

Since in the supply chain of services one can sell a specific service keeping it to him as well, we will elaborate it with an example.

Suppose we have a service of renting online memory space in United States. There are four service providers i.e. A, B, C, D and an end user E. The service provider A purchases devices, installs set up and starts renting out services. It generates a memory of total 1000 terabytes, divides it into 20 parts of equal space and creates an access control for all those. The service provider B, who is located in United Arab Emirates, rents 200 terabytes from the service provider A for 50 days agreement. The service provider B further divides it into different parts of about 1 terabytes each. The service provider C, who is located in Bangladesh, rents 1 terabyte space from the service provider B for a time of about 25 days and makes it useable for the Web hosting. Another service provider D comes to the service provider C and rent him 200 GB for an agreement of 15 days. At last, an end user E (who is not a service provider) purchases 2 GB from the service provider D for his Website against an agreement of 10 days. Here, we have a supply chain. Different people are selling and purchasing the same storage and location for different purposes. At the end, resources are not sold, rather they are rented out.

In this scenario, there is no guarantor and mediator for doing business. In this regard, we will try to find answers for the following four questions in this chapter:

• •

  Do we need a third party trust manger across the service chain of cloud service?

• •

  How to distribute services and how to calculate the service values across service chains?

• •

  What is the role of SLA in access control for clouds?

• •

  How can we manage SLAs in a way to minimize the number of SLAs?

• •

  How Role-based access control is suitable for cloud services?

In order to find solutions for the above questions, a system is presented that uses a third party to oversee the whole chain. Moreover, it will also provide a RBAC model for the service provider. The main advantage of this RBAC is that it is easy to understand and implement. The rest of the chapter is organized as follows. After related work Federated Cloud Infrastructure (FCI) model is presented. It follows RBAC for FCI model. The concept of Role-Level Agreement (RLA) and its integration to FCI are presented before the conclusion section.