A Distributed Peer to Peer Identity and Access Management for the Osmotic Computing

Nowadays Osmotic Computing is emerging as one of the paradigms used to guarantee the Cloud Continuum, and this popularity is strictly related to the capacity to embrace inside it some hot topics like containers, microservices, orchestration and Function as a Service (FaaS). The Osmotic principle is quite simple, it aims to create a federated heterogeneous infrastructure, where an application's components can smoothly move following a concentration rule. In this work, we aim to solve two big constraints of Osmotic Computing related to the incapacity to manage dynamic access rules for accessing the applications inside the Osmotic Infrastructure and the incapacity to keep alive and secure the access to these applications even in presence of network disconnections. For overcoming these limits we designed and implemented a new Osmotic component, that acts as an eventually consistent distributed peer to peer access management system. This new component is used to keep a local Identity and Access Manager (IAM) that permits at any time to access the resource available in an Osmotic node and to update the access rules that allow or deny access to hosted applications. This component has been already integrated inside a Kubernetes based Osmotic Infrastructure and we presented two typical use cases where it can be exploited.