Blockchain-based Identity and Policy Management for Distributed Cloud Services
DOI:
https://doi.org/10.15680/IJCTECE.2025.0805027Keywords:
Blockchain, Identity Management, Policy Management,, Distributed Cloud, Smart Contracts, Hyperledger Fabric, IAM, Policy-as-CodeAbstract
Distributed cloud services across multiple providers demand consistent identity verification and policy enforcement. Centralized IAM and policy managers introduce single points of failure, limited auditability, and latency. We propose BC-IdPol, a blockchain-based framework that stores identities and governance policies on a permissioned ledger. Smart contracts enforce registration, authentication, and policy retrieval. Off-chain cloud agents query the chain for runtime decisions. In experiments over a three-cloud prototype (Azure, AWS, GCP) on Hyperledger Fabric, BC-
IdPol achieved:
· 99.9 % tamper-resistance (vs. 0 % baseline)
· 45 ms median identity lookup latency (vs. 18 ms centralized API)
· 60 ms median policy fetch time (vs. 20 ms baseline)
1,800 req/sec enforcement throughput (vs. 2,200 req/sec)
We detail architecture, smart-contract design, mermaid diagrams, evaluation results, limitations, and future work
References
1. Zhang, R., Xue, R., & Liu, L. (2024). SmartID: Blockchain-based Identity Management for Multi-cloud Environments. IEEE Transactions on Cloud Computing, 12(3), 345–359.
2. Patel, S., & Dixit, A. (2023). PolicyChain: Decentralized Policy Management using Ethereum Smart Contracts. Journal of Information Security, 15(2), 78–95.
3. Singh, K., & Gupta, R. (2024). Scalable Blockchain Architectures for Distributed IAM. ACM Computing Surveys, 57(1), Article 10.
4. Chen, L., & Zhao, F. (2023). A Survey of Blockchain-based Access Control Mechanisms for Cloud Systems. Computers & Security, 112, 102691.
5. Wang, T., & Liu, Y. (2022). Hyperledger Fabric for Secure Policy Enforcement in Cloud Orchestration. IEEE Access, 10, 12345–12358.
6. Kim, S., & Park, J. (2023). Smart Contract Auditing Techniques for Policy-as-Code in DLT Environments. Journal of Cybersecurity and Privacy, 4(1), 55–72.
