Changes between Version 7 and Version 8 of AuthStoryBoard


Ignore:
Timestamp:
12/07/11 23:26:33 (12 years ago)
Author:
chase@cs.duke.edu
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • AuthStoryBoard

    v7 v8  
    99This work also bears on federation topics that are often intertwined with GENI control framework architecture.  The various testbeds predating GENI evolved their own authorization structures to meet the practical needs of testbed deployments.  One theme of GENI has been retrofitting federation support onto these testbeds, so that we may interconnect them.  At the same time, the project managers have envisioned a system with strong central control and safety restraints, e.g., through a Clearinghouse that bundles various identity and authorization functions.  GENI architects spend a lot of time dealing with issues of trust policy disguised as architectural questions.
    1010
    11 One goal of this work is to disentangle these topics and separate them from questions of control framework architecture.  Once they are separated, we can see that authorization in GENI is an exercise in applying well-understood principles of federated identity and role-based trust management.  Work on these topics in the decade preceding GENI yielded key research breakthroughs and reasonably mature tools.  GENI can also leverage the large investments in federated identity deployments (Shibboleth, SAML, inCommon).  By applying these other works, we can simplify implementations and free the architects to focus on what is really new in GENI: unified control of diverse virtual infrastructure services.   We can also allow planning of trust policy and governance to go forward separately from the architecture discussions. 
     11One goal of this work is to disentangle these topics and separate them from questions of control framework architecture.  Once they are separated, we can see that authorization in GENI is an exercise in applying well-understood principles of federated identity and role-based trust management.  Work on these topics in the decade preceding GENI yielded key research breakthroughs and reasonably mature tools.  GENI can also leverage the large investments in federated identity deployments (Shibboleth, SAML, inCommon).  By applying these other works, we can simplify implementations and free the architects to focus on what is really new in GENI: unified control of diverse virtual infrastructure services.   We can also allow planning of trust policy and governance to go forward separately from the architecture discussions.  Here are the PowerPoint slide decks:
    1212
    1313 * [attachment:wiki:AuthStoryBoard:geni-fed-basics.ppt Background slides on GENI federation architecture]