Modern information systems are inherently collaborative. As the flow of information and the degree of collaboration in a system grows, the more complex the structure of the data becomes. Nowadays, due to the wide use of open systems such as cloud computing, an increasing quantity of resources is shared between different entities, and situations arise in which different clients need to be granted access to different resources or to different services that they had negotiate with any cloud computing and in which different users need to have access to different component associated to the service. Traditional access control mechanisms are unsuitable for the requirements of controlling delegation and structured services in complex open systems such as cloud computing and grid computing.
In this paper we present a new access control method called cloud-based usage control (CloudControl). CloudControl extends traditional access control methods in order to manage the access to services in a cloud computing environment by means of a rules set that allows easy administration of the system describing the accessed content using a suitable set of rights and the capability of delegating.
One of the main novelties is the use of a versatile form of controlled delegation of authorizations, which provides a more precise way of controlling access to resources. It allows for an early control of possible conflicts between different kind of accesses.
Formal definitions of CloudControl actions and rules are presented in this paper, and the implementation of CloudControl is discussed)