EUBra-BIGSEA Infrastructure AA is a software component that provides a common Identity and Access Management (IAM) service interface to the BIGSEA Infrastructure resources, independently of the underlying cloud framework (e.g. OpenStack, CloudStack, commercial frameworks).

This service corresponds to a high-level abstraction layer, mapping with and extending the native IAM features of each cloud framework to be supported by the EUBra-BIGSEA platform. It may also be considered as a horizontal/feature extension of UPV’s IM (Infrastructure Manager).

Who should use it? 

EUBra-BIGSEA Infrastructure AA was developed to be used in specific scope of the EUBra-BIGSEA framework. More specifically, it was designed so that application developers/providers have a single, unified authentication and authorization interface for accessing underlying cloud resources when deploying and managing their applications. It is also available to the community to be used in (or, most likely, adapted to) other contexts and other sectors.

User scenario

ACME is an IaS provider that offers cloud infrastructure resources to its customers, using multiple (and possibly heterogeneous) infrastructures managed by Infrastructure Manager. ACME uses iAA as an high-level service for managing its customers (which pay for using ACME infrastructure resources, according to IaS service delivery models) across all its platforms. ACME can use iAA to define and manage customer’s users and to control the access of these users to ACME infrastructure resources. ACME also uses iAA as a means of managing the access of its own staff to cloud resources. Moreover, ACME customer can autonomously manage their own poll of users in a delegated manner, for instance creating different accounts for each DevOps team member.

Download & Resources

Links to current releases:

GitHub Repository for Docker-compose version of service

• https://github.com/paulo308/bigseaAAAaaS

GitHub Repository for separate Docker containers’ builds

• https://github.com/paulo308/AAAaaS_Webserver
• https://github.com/paulo308/AAAaaS_Webapp
• https://github.com/paulo308/AAAaaS_Mongodb

Docker Hub separate Docker images

• https://hub.docker.com/r/eubrabigsea/aaaaas_webserver/
• https://hub.docker.com/r/eubrabigsea/aaaaas_webapp/
• https://hub.docker.com/r/eubrabigsea/aaaaas_db/

Links to documentation:

Deliverable D6.2: AAA provisioning services and mechanisms

• https://docs.google.com/document/d/1muSCjSfqpCEKbqZ7etvL1YzML6c-X6hf2iu4rW-K31g/edit

GitHub and Docker Hubs pages

• https://github.com/paulo308/AAAaaS_Webserver
• https://github.com/paulo308/AAAaaS_Webapp

The application developer needs to be familiar with the usage paradigms of IAM services for controlling the access to cloud resources. Docker and MongoDB experience useful for service management and deployment.

License

iAA is freely available as open source.

The possible costs associated with running the service are related with SSL certificates. Those can be turned to zero, at the cost of using free certificates (for the HTTPS protocol).

No pre-requirements, IPR or software dependencies apply.

Contact

Paulo Silva: pmgsilva@dei.uc.pt

What to learn more? 

View related publications 

--> P. Silva et al., Security and Privacy Solutions in a Europa-Brazil Context for Data Analytics in the Cloud, Security and Privacy Research in Brazil, IEEE Security & Privacy (2018) 

-->  A. Alic et al., BIGSEA: A Big Data analytics platform for public transportation information, Future Generation Computer Systems, Elsevier (2018)