Cloud Federation? We are not ready yet

Lot of effort and money has been invested in developing applications and services for cloud networks. Cloud providers offer dynamicity, abstraction and centralized management to make their cloud services more attractive for prospective clients. With the formation of cloud computing market's ecosystem, cloud providers will find themselves in need to cooperate between each other to gain economy of scale using federation. Cloud resource federation introduces extra-dynamicity into services, but might lead rigidly developed applications to fail in satisfying its basic role. Losing all the investment made on an application is definitely not an option for most cloud providers. In this paper we are interested in proving that not all cloud applications are ready for federation and this will highlight the need to create a formal verification method to check the readiness of an application to be federated. In this context we study "Privacy-as-a-Service" as a sample of rigidly developed cloud services and prove that critical security vulnerability will be created if this service is federated. We then propose a federation ready message flow that covers the confidentiality vulnerabilities in PasS and this highlights possible criteria to be checked in future verification methods.