Cloud Access Control Mechanisms

Cloud storage systems provide highly scalable and continuously available storage services to millions of geographically distributed clients. In order for users to trust their data to these systems, they need to be confident that their data is secure. Thus, cloud services should implement an access control mechanism preventing unauthorized access and manipulation of their data. This chapter presents the existing access control mechanisms and describes their advantages and limitations in the Cloud set-up. The authors address the main access control aspects that include managing the identities and defining access policies. Furthermore, they describe more complex scenarios of identity federation and integration of separate identity silos which is required in various scenarios, like collaboration, merge on acquisition, or migration. For each topic, the authors present the existing solutions and describe the motivation for the architecture developed by the VISION Cloud project.