| CPC H04L 9/3265 (2013.01) [G06F 16/27 (2019.01); H04L 67/53 (2022.05); H04L 67/562 (2022.05); H04L 9/50 (2022.05)] | 18 Claims |
|
1. A method in a federation of cloud providers including at least a first data center and a second data center, wherein the first data center is operated by a first cloud provider and the second data center is operated by a second cloud provider that is different from the first cloud provider, the method comprising:
receiving, at the first data center, a request, from a tenant, to access a first service hosted in the first data center, wherein the tenant is associated with a unique pair of cryptographic tenant private key and tenant public key;
responsive to determining that the tenant is not associated with a smart delegation contract recorded in a blockchain database, recording, by the first data center, a smart delegation contract in the blockchain database, wherein the smart delegation contract includes at least an identification of the first service hosted on the first data center, an identification of the tenant, and a first service offer that is cryptographically signed by the tenant and by the first service, and wherein the first service offer indicates that the tenant is enrolled to use the first service;
receiving, at the second data center, a request, from the tenant, to access a second service hosted in the second data center, wherein the second data center is physically separate from the first data center;
responsive to determining that the tenant is associated with the smart delegation contract recorded in the blockchain database indicating that the tenant is enrolled to use one or more services hosted on servers of the federation of cloud providers, performing, by the second data center, the following:
causing an update of the smart delegation contract in the blockchain database to include an identification of the second service and a second service offer that is cryptographically signed by the tenant and by the second service, wherein the second service offer indicates that the tenant is enrolled to use the second service,
causing the second service to provide access to the tenant based on the second service offer,
transmitting, to the tenant, a confirmation that the second service can be accessed based on the second service offer, and
transmitting an update to the first data center indicating that the smart delegation contract has been updated to include the second service offer;
receiving, at the first data center and at the second data center, an indication that the smart delegation contract is suspended for the tenant, wherein the receiving the indication that the smart delegation contract is suspended is performed as a result of failure to charge the tenant for usage of the first service and usage of the second service;
updating the copy of the smart delegation contract stored at the first data center to indicate that the smart delegation contract is suspended for the tenant;
updating the copy of the smart delegation contract stored at the second data center to indicate that the smart delegation contract is suspended for the tenant;
suspending, at the first data center, access to the first service for the tenant until the smart delegation contract is no longer suspended for the tenant; and
suspending, at the second data center, access to the second service for the tenant until the smart delegation contract is no longer suspended for the tenant.
|