New authentication schemes

The project will deliver several authentication technologies, needed to ensure seamless & scalable trust of end-users in their inter-cloud infrastructure:

  • Gradation of the authentication assurance level
  • Multi-factor authentication solutions with various form factors
  • Innovative authentication mechanisms based on mobile devices
  • New "adequate" authentication trends such as risk-based or context-based authentication

Authentication will be enforced by the use of secure elements (SE) in each of the devices to authenticate. A secure element (SE) is a tamper-resistant platform (typically a one chip secure microcontroller) capable of securely hosting applications and their confidential and cryptographic data (e.g. key management) in accordance with the rules and security requirements set forth by a set of well-identified trusted authorities.

Controlling the consumer security policy in inter-cloud environments

In order to ensure a smooth evolution between today implementations of identity and access management, and tomorrow's Identity Management as a Service, the project will deliver a cloud gateway acting as a focus point in the organization for authentication, identity management, audit, reporting etc.

This software platform will provide a single front-end vision to SaaS applications to end-customers, and at the same time will still maintain the traditional on-premise management of identities and accesses. It will provide Single Sign-On authentication within the inter-cloud environment.

Service level management in inter-cloud environments

Current solutions to manage interoperability between SLAs, such as the approach suggested by WS-Trust, are based on purely syntactical matching: The negotiation will fail if the exact matching between the SLAs involved in the negotiation is not possible. This leads to developing complex and specific integration mechanisms that lack flexibility.

The project will solve this limitation by specifying and implementing more flexible negotiation protocols based on semantic matching of SLAs. One innovation of the approach is that it will be based on ontology of security concepts and the definition of logical framework to compare security requirements to be negotiated. Thanks to this innovation, organizations will take back the control on the governance, the risk management and the compliance of their IT processes, should they involve on-premises services or services delivered by multiple external cloud services.