Title :
OpenPMF SCaaS: Authorization as a Service for Cloud & SOA Applications
Author_Institution :
ObjectSecurity, Plug & Play Tech Center, Palo Alto, CA, USA
fDate :
Nov. 30 2010-Dec. 3 2010
Abstract :
This paper introduces the concept of moving security and compliance policy automation for Cloud applications and mashups into the Cloud. The policy automation aspects covered in this paper include policy configuration, technical policy generation using model-driven security, application authorization management, and incident reporting. Policy configuration is provided as a subscription-based Cloud service to application development tools, and technical policy generation, enforcement and monitoring is embedded into Cloud application development and runtime platforms. OpenPMF Security & Compliance as a Service (“ScaaS”), a reference implementation using Object Security OpenPMF, is also presented.
Keywords :
application generators; authorisation; cloud computing; service-oriented architecture; ObjectSecurity OpenPMF; OpenPMF SCaaS; OpenPMF security and compliance as a service; SOA application; application authorization management; application development tool; cloud application; model-driven security; policy automation; subscription-based cloud service; technical policy generation; Authorization; Cloud computing; Mashups; Runtime; Service oriented architecture; Unified modeling language; Agile policy management; Cloud; Platform as a Service (PaaS); Secure Development Life Cycle (SDCL); Service Oriented Architecture (SOA); application security; authorization management; mashup; model-driven security; policy automation;
Conference_Titel :
Cloud Computing Technology and Science (CloudCom), 2010 IEEE Second International Conference on
Conference_Location :
Indianapolis, IN
Print_ISBN :
978-1-4244-9405-7
Electronic_ISBN :
978-0-7695-4302-4
DOI :
10.1109/CloudCom.2010.13
