Identity and policy enforced inter-cloud and intra-cloud channel

摘要

Techniques for identity and policy enforced cloud communications are presented. Cloud channel managers monitor messages occurring within a cloud or between independent clouds. Policy actions are enforced when processing the messages. The policy actions can include identity-based restrictions and the policy actions are specific to the messages and/or clouds within which the messages are being processed.

主权项

1. A method implemented in a non-transitory machine-readable storage medium and processed by one or more processors configured to perform the method, comprising:
configuring a first process within a first cloud computing environment to manage select messages occurring within a communication channel within the first cloud computing environment, the communication channel is constructed within the first cloud environment based on a particular identifier that is associated with the select messages, and the communication channel is defined, identified, and communicated via a different communication channel that is used for some communication other than the communication channel that is to be monitored; instantiating the first cloud computing environment with the first process executing therein; and enforcing, by the first process, selective policy restrictions based on the select messages that enter and exit the communication channel, the first policy enforces the selective policy restrictions by consulting an identity service to obtain the selective policy restrictions and the policy restrictions include particular policies for the first process to authenticate the select messages based on: identities of senders of the selective messages, identities of receivers of the selective messages, identities for the selective messages, identities for other cloud computing environments that the selective messages originate from or are being directed to, and an identity for the first process.