Authorization for workloads in a dynamically scaling, heterogeneous system

Abstract

which has contributed immensely in the growth of enterprise systems. This has spread through concepts such as e-government, open banking, e-healthcare, e-commerce concepts to digitalized organizations. Conventionally, systems ran within the corporate infrastructure. In the past few years, organizations have been moving to the cloud. Authentication and authorization work well in on-premises or within a single cloud. But authentication and authorization in modern systems with hybrid cloud and multi-cloud approaches where none of the parties individually govern the perimeter of the system is still an open problem. The components serving in one part of the system can be totally strange to the other party and is not aware of the security privileges they have. On the other hand, enterprise systems cannot compromise on information security, though they may want to have the advantages of multi-cloud systems. While there have been several attempts done by the research communities from Google, Docker, Dropbox etc. to provide a common identification protocol across systems, authorization mechanisms still lacks attention. This research provides a solution for authorization between multiple systems (on-premise and cloud or multiple clouds) based on identification completed by the infrastructure. In the provided solution, a central server assigns attested identity to each legitimate workload, to identify them and apply authorization policies at resource access. The resource servers reside behind an access control layer, which allows method execution according to an administrator-defined policy that considers fine-grained details such as the accessing resource, action to be performed and other context details, in addition to the identity of the consumer and the resource.