Deliverable 6.2 AAA provisioning services and mechanisms

The EUBra-BIGSEA project aims at developing cloud services empowering Big Data analytics to ease the development of massive data processing applications. For this, the project requires the research of efficient mechanisms to ensure privacy and security, on top of a QoS-aware layer for the smart and rapid provisioning of resources in a cloud-based environment.

The security concerns of a large and complex system should not be addressed individually or in an ad-hoc manner, as this may result in inadequate solutions. This is even more important in the context of complex systems such as the one being developed in the context of the EUBra-BIGSEA. So, a coordinated strategy allowing to achieve the appropriate level of security is mandatory. Such strategy, already discussed in the previous Deliverable D6.1, guides the research, development and integration of the security solutions along the project.

One of the pillars of this strategy corresponds to the inclusion of AAA (Authentication, Authorisation and Accounting) solutions into the EUBra-BIGSEA platform, including two distinct AAA blocks: 1) the EUBra-BIGSEA iAA Service, to provide infrastructure-level AA (Authentication and Authorization) functionalities to infrastructure managers and application developers/providers; and 2) the EUBra-BIGSEA Applications AAAaaS (Authentication, Authorization and Accounting as a Service), focused on the authentication and authorization of the end users of applications hosted in the EUBra-BIGSEA platform.

This document presents the two forementioned AAA blocks, which have been developed and integrated in the scope of EUBra-BIGSEA framework and, combined together, provide the AAA services required for operating the EUBra-BIGSEA applications and underlying infrastructure. As discussed along the document, these two blocks share several architectural similarities, despite serving distinct purposes. They were both implemented according to a common modular design which allows both sharing several common components (in order to reduce software development and maintenance costs) and adequate cloud-based deployment and lifecycle management strategies.