Delegation for On-boarding Federation Across Storage Clouds

On-boarding federation allows an enterprise to efficiently migrate its data from one storage cloud provider to another (e.g., for business or legal reasons), while providing continuous access and a unified view over the data during the migration. On-boarding is provided through a federation layer on the new destination cloud. An on-boarding relationship is set up by a user between containers on the two clouds. Once the relationship is set up, the on-boarding layer is responsible to carry out the migration on behalf of the user, reading objects from the old source cloud and writing objects to the new destination cloud. In this paper we describe a delegation architecture for on-boarding where the user delegates to the on-boarding layer a subset of his/her access rights on the source and destination clouds to enable on-boarding to occur in a safe and secure way, such that the on-boarding layer has the least privilege required to carry out its work. We also show how this delegation architecture can be implemented using SAML.