cloud cloud computing services still relay on they existing of physical data centers.

CLOUD FEDERATION BENEFITS:

1) The federation of cloud resources allows client to optimize enterprise IT service delivery.

2) The federation of cloud resources allows a client to choose.The best cloud service
providers in terms of flexibility cost and availability of services to neat a particular business or
technological need within their organization.

3) Federation across different cloud resources pools allows applications to run in the most
appropriate infrastructure environments.

4) The federation of cloud resources allows an enterprise to distribute workload around the
globe and move data between desparate networks and implement inuvative security models for
user acess to cloud resources.

CLOUD FEDERATION AND IMPLEMENTATION:

1) One weekness that exist in the federation of cloud resources is the difficulty in progarring
connectivity between a client and a given externel cloud provider as they each possess their own
unique network adressing scheme.

2) To resolve this issue cloud providers must grant clients the permission to specify an
adressing scheme for each server the cloud provider has externel to the internet.

3) This provides customers to with the ability to the access cloud services without the need
for reconfiguration when using resources from different service providers.

4) Cloud federation can also be implemented behind a firewall which providing clients with
the menu of cloud services provided by one or more trusted entities.

Four levels of federation:

Technically Speaking federation is the

ability for to xmpp servers in different domains to excahange xml stanzas.According to the
XEP-0238 xmpp protocol flows for inter domain federation.There are four basic types of
federation:

1)Permissive

2)Verified

3)Encrpted

4)Trusted
Permissive Federation:

1) It occurs when
the server accepts a
connection from a
peer network servers
without verifying its
identy using DNS
look as are certificate
checking.

2) The lack of
verification are
authentication may
let to domain
schooling that is the
unauthorized use of
third party domain name in an e-mail messaage in order to pertent to be someone else.

3) Which opens the door to white spread spram and other

with the relafese of the jaberd 1.2 servers which included support for the server dialware
protocol premissive federation mirt is device on the xmpp network.

Verified Federation:

1) This type of federation occurs from a peer has been verified it users information obtain
we are DNS and by means of domain specificas exchange before hand.

2) The connection is not encrypted and the use of identity verification effectively prevence
domains pooling make this works.

3) Fedreation requires proper DNS setup and that is still subjective DNS voisoning attacks.

4) Verified federation has been the default service policy on the open XMPP since the
release of the open source jaberd 1.2 server.

Encrypted Federation:

1) In this mode a server accepts a connection from a peer if an only if the peer supports
TLS(Transport Layer Security)as define for XMPP in RFS(Request For Comments)3920.

2) The peer must prevent a digital certificate the certificate may be selfsine but this prevence
using mutal authendication.If this is the case both parties procede to weekely verify identity
using server dial pair.

3) XEP0220 define the server dialup protocol which is used between XMPP servers to
provide identity verification servers dial pair uses the DNS of the basis for verifying identity the
basic approaach is that when a receiving server receives a server to server connection request
from an orginatting server although server dialpair does not provide strong authendication are
trusted federation and although it is subjective DNS voisoning attacks this results in an
encrypted connection with we identity verification.

Trusted Federation:

1) Hear a server accepts a connection from a peer under only the stipulation that the peer
supports TLS and the peer can present a digital certificate issued by a root certification
authority(CA) that is trusted by the authendicating server.

2) The list of trusted root CAAS may be detemine by one or more factors such as the
os,xmpp server or local service policy.

3) In trusted federation use of digital certificates results not only in channel encryption but
also in strong authendication.

4) The use of trusted domain certificate prevense DNS voisoning effectively attacks but
makes federation more difficult since such certificates have treditionally not being easy to
uptain.

Privacy in cloud:

1) Infotmation privacy or data privacy if the relationship between collection and

dissemination of data technology the public expectations of privacy and then legal issues
surrounding then.

2) The challenge in data privacy is to share data while protecting persinally Identifiaaple
Information(PII).The fields of data security and information security design and utilize
software,hardware and human resources to adress this issue.

3) PII as used in information security refers to information that can be used to uniqly
identifying single individual.

4) Privacy is used to business issue focussed an ensuring that personal data is protected
from unauthorized and inappropriate collection use and discloser ultimatting preventing the
trust lost of customer trust.

And Inaapropriate fraudcilent activity such as identify theft e-mail spaming and
phishning many countries have enappted loss to product individuals right to have their privacy
respected such as (PIPEDA)Personals Information Protection and Electronic Documents
Act.Which is result of the Poniment the Nimon,Insultute,Trustees of 2008.Which is now
changed as ziber world.

The Europpean commision directive on data privacy.

The Swis Federal Data Protect Act(SFDPA)Which was developed by swis federal data
protectional audience.

In United States individual right to privacy is also protected in business sector regularly
requirements such as HIPPA(Health Insurance Portability and accountability Act)

GLA(Grammelur Link)biley act and the FCC sit CPNI(Customer Property Network
Information) rools.

It includes following information:

1) Any data that is collected directly from a customer.

2) Any data about a customer that is gathered indirectly.

3) Any data about a customers usage behavior.

4) Any data relative a customers system.

5) Contact Information.

6) Forms of Identification.

7) Demographic Information.

8) It occupational Information.

9) Healthcare Information and online activity.

Privacy Risks and the cloud:

Cloudcomputing has significant implementation for the privacy of personal information as

well as for the confidentality of business of governmented information.

Any information store locally on a computer can be store in a cloud including e-mail word
processing documents,spreadsheets,videos,health records,tax or other financial information
business plans,power point presentation,accounting,information advertising compigns
sales,numbers,appoinment calenders address,books and mode.The location of information in the
cloud may have significant effects on the privacy and confidality prottection to information and
on the privacy obligations of those who process or store the information legal uncertanisites
make a difficult to assess the states of information in the cloud as well as the privacy and
confidentality prottections available to the users.

Protecting Privacy Information:

The Federal Trade Commision(FTC) is educatting consumers and businesses about the
importance of personal information privacy include the security of personal information under
the FTC act the commission guards against and unfarmous and deseption by enforcing
companies about how they collect use and secure consumers personal information.

They are ask follows:

1) Collection

2)Notice
3)Choice and cinsent

4)Use

5)Security

6)Access

7)Retention

8)Dispose

9)In future of privacy in the cloud

There has been a good deal of public discussion of the technical architecture of cloudcomputing
and the business models that good support it.That is

1) Responses to the privacy and confidently risks of cloud computing include better policy
and practices.

2) The cloud computing industry established cloud standards that would health users to
analyze the difference between cloud providers and practises to assets the risks that user face.

3) Users should pay more attention to the consequences of using a cloud provider and
espesially to the providers terms are services for those risks not addressable soling through
policies and practises changes in laws may be needed.

Security in the cloud:

1) Clouds service providers are leveraging virtualization technologies combined with self
service capabilities for computing resources we are internet.In this service provider
environments virtual machines from multiple organizations have to be co-locatted on the same
physical server in order to maximize the efficiencies of virtualization.

2) Cloud service providers must learn from MSP(Managed Service Provider)model and
ensure that the customers applications and data are secure.If they hope you return their customer
base and competitiveness.More important this discussions focussed on why and how these
resources should be protected in SAAS,PAAS,IAAS

3) SAAS is model of software deployment in which an application is licensed for use as the
service provider to customers on demand.

4) PAAS is an outgrowth of the SAAS application delivery model with the PAAS model all
of the facility required to support the complete life cycle of building and delivering web
applications and services are available to developers.IT managers and endusers entirely from the
internet without software doenloads are initializtion.

The PAAS is also known as cloud where because it offers including work flow facilities
so are application,design,application development the string,deployment and hosting as well as
applications, services such as team collabration web service