A Modular architecture for Cloud Federation

Panjwani, Rizwan

21 December 2015

Cloud Computing is the next step in the evolution of the Internet. It provides seemingly unlimited computation and storage resources by abstracting the networking, hardware, and software components underneath. However, individual cloud service providers do not have unlimited resources to offer. Some of the tasks demand computational resources that these individual cloud service providers can not fulfill themselves. In such cases, it would be optimal for these providers to borrow resources from each other. The process where different cloud service providers pool their resources is called Cloud Federation. There are many aspects to Cloud Federation such as access control and interoperability. Access control ensures that only the permitted users can access these federated resources. Interoperability enables the end-user to have a seamless experience when accessing resources on federated clouds. In this thesis, we detail our project named GENI-SAVI Federation, in which we federated the GENI and SAVI cloud systems. We focus on the access control portion of the project while also discussing the interoperability aspect of it. / Graduate / 0984 / panjwani.riz@gmail.com

OpenStack

GENI

SAVI

Cloud Federation

NOVA

Shibboleth

Single Sign On

Software Architecture

Authentication

Modular Architecture

OMNI

Third Party Authentication

Characterizing the Third-Party Authentication Landscape : A Longitudinal Study of how Identity Providers are Used in Modern Websites / Longitudinella mätningar av användandet av tredjepartsautentisering på moderna hemsidor

Josefsson Ågren, Fredrik, Järpehult, Oscar

January 2021

Third-party authentication services are becoming more common since it eases the login procedure by not forcing users to create a new login for every website thatuses authentication. Even though it simplifies the login procedure the users still have to be conscious about what data is being shared between the identity provider (IDP) and the relying party (RP). This thesis presents a tool for collecting data about third-party authentication that outperforms previously made tools with regards to accuracy, precision and recall. The developed tool was used to collect information about third-party authentication on a set of websites. The collected data revealed that third-party login services offered by Facebook and Google are most common and that Twitters login service is significantly less common. Twitter's login service shares the most data about the users to the RPs and often gives the RPs permissions to perform write actions on the users Twitter account.  In addition to our large-scale automatic data collection, three manual data collections were performed and compared to previously made manual data collections from a nine-year period. The longitudinal comparison showed that over the nine-year period the login services offered by Facebook and Google have been dominant.It is clear that less information about the users are being shared today compared to earlier years for Apple, Facebook and Google. The Twitter login service is the only IDP that have not changed their permission policies. This could be the reason why the usage of the Twitter login service on websites have decreased.  The results presented in this thesis helps provide a better understanding of what personal information is exchanged by IDPs which can guide users to make well educated decisions on the web.

Third Party Authentication

Authentication

Third-party Single Sign On

OpenID

OpenID connect

Oauth

TLS

Web Security

Identity Provider

Relying Party

IDP

RP

Longitudinal Analysis

Web Crawler

Selenium

Google

Facebook

Twitter

Apple

Information Systems