5                                            Intercloud and interoperability


            The modular hypervisors partly controlled by the CSC functionalities are built upon elements as follows:

            –       User domain manager: responsible for building and managing the per-user administrative domain
                    and user domains for each user;
            –       System domain manager: responsible for building and managing the system-wide administrative
                    domain.

            The  secure  enclave  based  on  hardware  security  mechanisms  functionalities  are  built  upon  elements  as
            follows:
            –       Secure enclave library: responsible for implementing encrypted networking using transport layer
                    security (TLS) (e.g., using a standard TLS library), encrypted and sealed storage, attestation, and
                    inter-process communication. These are features that are exposed to the application code. Cloud
                    service developers use these secure primitives to write their secure cloud service.
            –       Discrete security chips coupled with processor features: responsible for providing the necessary
                    underlying capabilities to implement secure enclave.

            The SSO authentication functionalities are built upon elements as follows:
            –       User request handler: responsible for accepting the identity information provided by the cloud
                    service user and forwarding this information to the identity management system;

            –       Identity management system: responsible for authenticating CSC requests and sharing the result of
                    this  authentication  to  inter-cloud  members.  It  is  also  responsible  for  managing  the  identity
                    information of its associated inter-cloud members.























































            858