In multi-tenant network environments, a single instance of an application runs on a server and serves multiple tenants. A tenant is a group of users who share a common access with specific privileges to the application. Multi-tenant systems provide every tenant a dedicated share of the software instance, including its data, configuration, user management, tenant-specific functionality, and other properties. Multitenancy is an important feature of cloud computing. Cloud computing networks that provide shared computer processing resources (e.g., network links, servers, storage, applications, etc.) and data to computers and other devices on demand. Cloud computing and storage solutions provide users and enterprises with various capabilities to store and process their data in either privately owned, or third-party data centers. Cloud networks often use virtual data centers (vDCs) comprising large numbers of virtual machines (VMs) that use server virtualization products to store virtual machine disk images.
With large-scale environments in which many tenants share common resources stored in often virtual storage locations, it is absolutely vital to maintain data integrity and strict controlled access among the tenants to their own data and services. An authentication and authorization (AA) service is a multi-tenant component used to authenticate and authorize principals' access to data of various software components designated to serve multiple tenants. It enables logical separation between tenants' data within a single software component. This is key in a multi-tenant architecture in which a single instance of a software application serves multiple tenants to ensure that no tenant has unauthorized access to another tenant's data.
In more complex cases, however, some degree of access flexibility may be required. For example, in the case of a service provider deployment, one tenant may need to have some kind of access to the serviced organizations' tenants for billing, reporting or administration needs. In other cases, the internal structure of organization may require logical separation between its departments' data, which can be defined as internal tenants by themselves. For example, many organizations may want to mutually isolate R&D (research and development) and HR (human resources) departments' access to their own respective data, however, both of these departments may be administered by the IT (information technology) department, which has certain access to their data. The AA Service uses the concept of “roles” and “tenants” to encapsulate these data access privileges through role based access control (RBAC). In general, RBAC is a policy-neutral access control mechanism that is defined around roles and privileges of personnel or departments within a company or organization. RBAC uses role permissions and user/role relationships to assign and enforce network access privileges within the organization.
A software component that serves multiple tenants and needs to enforce the RBAC protocols needs to obtain the principals' roles in a secure manner. In certain systems, tokens are used to securely pass the principal's details between different components. To achieve strong security standards, the principal details are encapsulated into a package of information and encrypted with certain key which belongs to the target component/tenant to guarantee that only an authorized component/tenant may decrypt and access principal details. A token may have several packages encrypted with different keys.
In a multi-tenant environment, the encryption system is a powerful tool that enables efficient data protection and separation. To manage encryption keys, tenant organizations establish key management systems. Each organization (or tenant) may implement a different key management system. The same key management system may be shared between the organizations and each organization may implement different key policies. Authentication and authorization tokens represent sensitive tenant information and need to meet tenant specific key management policies. Current approaches to key management are based on manual workflows, which is not efficient and subject to errors. What is needed, therefore, is an efficient and automated workflow process to manage tokens in a multi-tenant environment with life key management mechanisms.
The subject matter discussed in the background section should not be assumed to be prior art merely as a result of its mention in the background section. Similarly, a problem mentioned in the background section or associated with the subject matter of the background section should not be assumed to have been previously recognized in the prior art. The subject matter in the background section merely represents different approaches, which in and of themselves may also be inventions.