Managing Access in Cloud Service Chains Using Role-Level Agreements

Managing Access in Cloud Service Chains Using Role-Level Agreements

Khurrum Mustafa Abbasi (Bahria University, Pakistan), Irfan ul Haq (Pakistan Institute of Engineering and Applied Sciences, Pakistan), Ahmad Kamran Malik (COMSATS Institute of Information Technology, Pakistan), Basit Raza (COMSATS Institute of Information Technology, Pakistan) and Adeel Anjum (COMSATS Institute of Information Technology, Pakistan)
Copyright: © 2016 |Pages: 24
DOI: 10.4018/978-1-5225-0448-1.ch008
OnDemand PDF Download:


Service-Oriented Architecture (SOA) has introduced a phenomena of system's interaction with maximum users. With the development of high speed Internet services, the use of remote devices and software has rapidly increased. It has opened new gateways for renting out resources. The Cloud Service Chain is a process of ownership transfer of a service at different levels by different service providers. The concept of service chain poses novel challenges related to security, trust and privacy of data. In this chapter, we are introducing a mechanism of access control for Cloud service chains. We have discussed the realization of Role-Based Access Control (RBAC) to services of Federated-Cloud. When services are purchased in bundle, separate SLA is signed for each. We are also going to introduce a dynamic Role-Level Agreement (RLA) for such type of access control to services. The RLA will be an aggregated SLA for different services in a role. This will be helpful for service providers and the customers to sign a single document for a bundle rather than having separate one for every service.
Chapter Preview


Service-Oriented Architecture (SOA), though, has tremendously attracted the research community but due to its novelty has posed ever evolving challenges related to its implementation. One of the challenges is the automation of supply-chains in the SOA-based Cloud infrastructures. The service provision from the service constructor to the end user is usually part of an emergent supply-chain. In this chapter, we present a generic scenario used in SOA for different Service-Level Agreements (SLA) on single service at various levels in such a supply chain. The scenario of supply chain of a service has some limitations which will be discussed in this chapter. A Role-based Access Control (RBAC) for Federated Cloud (FC) model is presented in this chapter to handle the Cloud service chains. At each level of service chain, some specific rules are described.

Service-oriented Architecture is used for three types of Services. Software as a Service (SaaS); where we have ephemeral resources, Infrastructure as a Service (IaaS); where supply chain is made up of non-diminishing resources, Platform as a Service (PaaS); where there are some ephemeral resources and some are non-diminishing. If we examine all the three types of services, we find that practically resources are rented out but no tangible resources are handed over to anybody.

Since in the supply chain of services one can sell a specific service keeping it to him as well, we will elaborate it with an example.

Suppose we have a service of renting online memory space in United States. There are four service providers i.e. A, B, C, D and an end user E. The service provider A purchases devices, installs set up and starts renting out services. It generates a memory of total 1000 terabytes, divides it into 20 parts of equal space and creates an access control for all those. The service provider B, who is located in United Arab Emirates, rents 200 terabytes from the service provider A for 50 days agreement. The service provider B further divides it into different parts of about 1 terabytes each. The service provider C, who is located in Bangladesh, rents 1 terabyte space from the service provider B for a time of about 25 days and makes it useable for the Web hosting. Another service provider D comes to the service provider C and rent him 200 GB for an agreement of 15 days. At last, an end user E (who is not a service provider) purchases 2 GB from the service provider D for his Website against an agreement of 10 days. Here, we have a supply chain. Different people are selling and purchasing the same storage and location for different purposes. At the end, resources are not sold, rather they are rented out.

In this scenario, there is no guarantor and mediator for doing business. In this regard, we will try to find answers for the following four questions in this chapter:

  • Do we need a third party trust manger across the service chain of cloud service?

  • How to distribute services and how to calculate the service values across service chains?

  • What is the role of SLA in access control for clouds?

  • How can we manage SLAs in a way to minimize the number of SLAs?

  • How Role-based access control is suitable for cloud services?

In order to find solutions for the above questions, a system is presented that uses a third party to oversee the whole chain. Moreover, it will also provide a RBAC model for the service provider. The main advantage of this RBAC is that it is easy to understand and implement. The rest of the chapter is organized as follows. After related work Federated Cloud Infrastructure (FCI) model is presented. It follows RBAC for FCI model. The concept of Role-Level Agreement (RLA) and its integration to FCI are presented before the conclusion section.

This section described the related work in the three areas namely SOA, SLA, and RBAC.

Complete Chapter List

Search this Book: