Access Control and Multi-tenancy

EPICA (Efficient and Privacy-respectful Interoperable Cloud-based Authorization) is a software implementation that controls access to resources (either services or data) in multi-tenant cloud environments.

EPICA supports an ABAC-based model that extends XACML policies to represent trust relationships between tenants (so called “tenant-aware XACML policies”) in order to govern cross-tenant access to shared cloud resources.

EPICA fulfils end-to-end security requirements while preserving critical functional requirements of cloud computing, such as scalability, availability and high performance. Besides, the approach is applicable to Authentication and Authorization for Constrained Environments (ACE), such as IoT or 5G scenarios, where strong fine-grained mutual authentication and authorization schemes are critical to protect frequency and radio/communication resources, to deliver 5G networks services on demand and comply with different regulation constraints.

The EPICA Recipe leverages Docker to allow a fully automated deployment and testing through the framework.