Research results on safer user management for cloud applications presented
Nowadays, operating IT infrastructures without cloud computing is barely imaginable. At the same time, however, many IT decision makers are hesitant to store sensitive corporate information on the cloud. They prefer to separate confidential data which should remain in the company and data which can be stored on the cloud. These types of hybrid cloud scenarios can only be operated cost-effectively if there is efficient and at the same time secure data matching between the local and cloud-based components. The research and development of the necessary algorithms was performed in cooperation in the scope of the SATCloud project by the employees of the “Cyber-Physical Systems” research department of the German Research Centre for Artificial Intelligence (DFKI) and developers at the Bremen-based software producer Univention. The aim of the project is to develop a pilot based on Univention Corporate Server by the middle of next year, which allows selective data matching of LDAP directories between multimaster servers.
Bremen/Banz Abbey, 11th September 2013. Revelations this last week have seriously compromised IT users’ confidence in the security of data stored on clouds. At the same time, many organisations have been utilising the possibilities of clouds for a long time by running their mail servers on them or using it for the external data exchange of income tax and accounting data, for example.
One important aspect when it comes to guaranteeing security when using sensitive data for the identity management of companies is keeping confidential and publicly available data separate. The technology of the selective LDAP multimaster replication allows data matching of the data available on the cloud and the corresponding data stored locally. This is done by means of selective replication of the data between cloud-based and local data servers. For example, it is possible to synchronise user names between the servers, but it is not then possible to access the addresses or dates of birth of the users.
In a presentation given at the Open Identity Summit 2013 in Banz Abbey, Bavaria, on the possibilities and technological challenges of this type of selective replication, employees of the Cyber-Physical Systems research department of the German Research Centre for Artificial Intelligence (DFKI) presented the results of the SATCloud project to the specialist audience. The SATCloud project was a joint venture where members of Univention’s development department worked together with the researchers to develop algorithms to allow this type of selective data replication.
Balancing the efficiency of the replication algorithm and the granularity of the data
The main focus of the research was the balancing of the efficiency of the replication algorithm and the granularity with which the data to be replicated can be selected. If the “selection net” is too tightly woven, it requires too high replication efforts, if it is not woven tightly enough, it “gives away” to much identity management information about the company’s internal network to the cloud. In addition, those involved in the project wanted to develop a replication process which ensures that locally performed changes are forwarded to all affected systems without becoming known to non-affected parties, even during temporary network failures.
The first prototype for selective multimaster replication based on UCS is planned for 2014
As a joint project between economy and research, the research project, which started in December 2011, is funded by the German Federal Ministry of Economy and Technology (BMWi) and will continue to run until mid-2014. At present, the development department at Univention and the researchers at the University of Bremen are currently working on developing a prototype based on Univention Corporate Server (UCS). Consequently, the innovative technology for secure multimaster replication will be made available as Open Source software and can serve as a basis for the development of future solutions.
DFKI project contact:
Prof. Dr. Dieter Hutter
German Research Centre for Artificial Intelligence (DFKI)
Enrique-Schmidt-Str. 5, 28359 Bremen
Tel.: +49 (0)421 218-64277, Fax: +49 (0)421 218- 98 64277
The German Research Centre for Artificial Intelligence
The German Research Centre for Artificial Intelligence (DFKI) with sites in Kaiserslautern, Saarbrücken and Bremen as well as a project office in Berlin has developed into the world’s largest research organisation in its field since its establishment in 1988. At present, over 400 employees from 60 countries are researching innovative software solutions with focuses on Knowledge Management, Cyber-Physical Systems, Robotics Innovation Center, Innovative Retail Laboratory, Institute for Information Systems, Embedded Intelligence, Agents and Simulated Reality, Augmented Vision, Language Technology, Intelligent User Interfaces and Innovative Factory Systems. Our overall budget for 2010 amounted to approx. €36 million. Our achievement: over 50 professors from within our own ranks and 57 spin-off companies with over 1,300 highly qualified positions.
Univention is a leading European provider of Open Source products for the cost-efficient operation and effective administration of IT infrastructures.At the heart of our offer is the Linux infrastructure solution Univention Corporate Server (UCS).UCS is a modern enterprise Linux distribution with an integrated Open Source solution for identity and infrastructure management, which makes efficient, centrally controlled administration possible even in challenging environments.The core product UCS is complemented with, among other things, products building on it for the cross-platform administration of thin clients, support of Linux desktops and an integrated virtualization solution.Thanks to the supplied connectors, the products are ideal for use with, for example, Microsoft’s Active Directory, integrate perfectly in existing infrastructures and allow simple migration.A large number of software producers offer optimised packages for operation with UCS, which can be integrated in the UCS management system among other things.UCS is thus the Open Source integration platform for IT infrastructure operation and management.