A Keystone-Based Virtual Organization Management System

As distributed, on-line communities are increasingly supported by the global, interconnected computing infrastructure, methods must be developed to securely manage their interactions. The virtual organization (VO) concept provides a security and discovery context whereby collaboration across multiple administrative domains can be enabled while enforcing joint security policies. In the era of cloud computing, VOs can be used to manage "community clouds", i.e., Cloud federations. In this paper, we describe a method for re-purposing the Open Stack Keystone service to act as a VO Management System (VOMS) called Key VOMS. With minor changes, it can be used to manage access to services that are registered for use by members of any given VO. These services can be arbitrary infrastructure-level or application-level services. This is illustrated by using Key VOMS to manage access to a set of RSS feed topics. While very flexible, the use of an external, third-party, such as Key VOMS, raises fundamental semantic interoperability and trust delegation issues that must be addressed in future work.