Changes between Version 4 and Version 5 of GEC16Agenda/CodingSprint


Ignore:
Timestamp:
03/29/13 08:59:27 (11 years ago)
Author:
mbrinn@bbn.com
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • GEC16Agenda/CodingSprint

    v4 v5  
    4444 5. Secure and Uniform Tool and Service Authentication and Authorization
    4545 6. Other topics introduced by the community
     46
     47
     48== 2. Uniform Experimenter Environment ==
     49
     50The session focused on the topic of establishing common API's for different Slice Authorities (SA) and Clearinghouses (CH) and Identity Providers (IDP) that may be available and trusted within a given clearinghouse.
     51
     52Some background:
     53 * A User Authority is an entity that creates user credentials and provides and manages user attributes.
     54 * A Slice Authority is an entity that creates slice credentials that provide authorization from a trusted source that a given user is entitled to allocate resources for a given slice.
     55 * A Clearinghouse provides directory services to point to any authorities or other services that are trusted and supported by the federation associated with that clearinghouse. This includes recognized SA's and AM's (aggregate managers)
     56 * The GENI federation contains its own services and resources but also services and resources provided by other partner federations,  which may contain their own SA's and IDPs. Thus GENI may have multiple SA's,  CH's and AM's. Conversely, a CH, SA or AM may belong to multiple federations.
     57 * Specifically, GENI currently supports three different SA's (PG, GPO and PL) and three different IDP's (also PG, GPO and PL). The SA's all provide different API's, though they generate slice credentials that are common and interoperating. The IDP's generate compatible user credentials as well
     58
     59With an eye towards Solicitation 4 tool developers, the participants in the session agreed that it was desirable for there to be a set of common federation-level API's that enable a tool developer to speak to a list of SA's or CH's in a common manner.  We decided not to try to standardize IDP API's as these operations (creating users and ascribing attributes) are largely out-of-band operations. We agreed in principle to a common SA and CH API that would resemble the AM API in that it will contain lists of credentials and return [code, error, value] tuples and speak XML/RPC over SSL. The details of the API calls are still TBD: GPO took an action to provide a proposal in the near-term.
     60
     61
     62