SPECIAL ISSUE PAPER Multi-tenancy authorization models for collaborative cloud services

SUMMARY The cloud service model intrinsically caters to multiple tenants, most obviously not only in public clouds but also in private clouds for large organizations. Currently, most cloud service providers isolate user activities and data within a single tenant boundary with no or minimum cross-tenant interaction. It is anticipated that this situation will evolve soon to foster cross-tenant collaboration supported by Authorization as a Service. At present, there is no widely accepted model for cross-tenant authorization. Recently, Calero et al. informally presented a multi-tenancy authorization system (MTAS), which extends the well-known role-based access control model by building trust relations among collaborating tenants. In this paper, we formalize this MTAS model and propose extensions for finer-grained cross-tenant trust. We also develop an administration model for MTAS. We demonstrate the utility and practical feasibility of MTAS by means of an example policy specification in extensible access control markup language. To further test the metrics of the model, we develop a prototype system and conduct experiments on it. The result shows that the prototype has 12-ms policy decision overhead on average and is scalable. We anticipate that researchers will develop additional multi-tenant authorization models before eventual consolidation and convergence to standard industry practice. Copyright © 2014 John Wiley & Sons, Ltd. Received 10 March 2014; Revised 20 October 2014; Accepted 5 November 2014