Access Control in Federated Clouds In conclusion, thanks to the Interoperability System we are able to extend trust to Cloud users even when they come from untrusted domains. The whole mechanism works because we are able to automatically validate any digital certificate and to assign it a degree of trust (the Global Security Level). On the basis of this trust degree, we are also able to assign a dynamic profile to users coming from the outside world, to let them ac- cess computing or even administration resources. We think that this is a very important issue in a Cloud environment, as identity federation is an open issue that still limits the wide adoption of these infrastructures. One of the main drawbacks of this approach may be an inevitable performance penalty, as complex authorization mechanisms or the use of secure channels may heavily increase the over- head on service invocation and some interesting works have been presented to evaluate the trade- But Cloud Computing introduces additional requirements and opportunities to security; indeed, the final users are assuming a more relevant role, solutions start to be configured around the needing of each final users, and security as well as qual- ity are becoming primary points to contract and there is the need to proper define, evaluate and monitor Service Level Agreements (SLAs) and Service Level Management. From a security point of view this is a really interesting new challenge: how to build user-centric solutions? How to enable a user to identify its own security requirements in a clear and negotiable way, in order to choose (among a federation of Cloud providers) the one that fits its own needs? What about the privacy issues and guarantees about data protection even when the final user does not know where in the world the provider has its physical servers? Security oriented SLA involve new set of problems, like the needing of formally and clearly