| 1 | |
| 2 | |
| 3 | Present: Harry, Jeanne, Hussam, Jim, Guilherme, Martin, Vic |
| 4 | |
| 5 | |
| 6 | ABAC: |
| 7 | Jim got code from Ted Faber. Looking through it. Looking at example code. ABAC is not currently implemented (at ISI?) as a service. |
| 8 | |
| 9 | This needs to be done. Ted thinks this should be trivial. Looks like (via papers) ORCA has implemented as a server (ORCA Pod?) with RESTful interface. |
| 10 | |
| 11 | Jim contacted Jeff Chase to get code. Making some progress, still some unknowns. |
| 12 | |
| 13 | Martin: Thinks we perhaps can use UNIS for source of constraints or reference (URL) to constraints. Use libabac to prove the chain of assertions. |
| 14 | |
| 15 | All agree that we should have a central location for rules. |
| 16 | |
| 17 | Guilherme: Don’t want the rules to be exposed. |
| 18 | |
| 19 | Is the proving done at the service or at the authenticating application? |
| 20 | |
| 21 | Harry suggests drawing up a proposal for using ABAC. Jim: Jim and Martin to discuss, learn more, and come up with a proposal. |
| 22 | |
| 23 | Gush: |
| 24 | What does Gush provide vs. Flack? Why would user use Gush? |
| 25 | |
| 26 | Working with VMs. According to Vic, Jeannie A. says Gush will work with anything that allows SSH. |
| 27 | |
| 28 | Jeanne O. has experienced some issues with VMs in Gush. Investigate further. |
| 29 | |
| 30 | Issues with hostnames? Need to investigate this further. |
| 31 | |
| 32 | Harry: Suggest Jeanne talk with Luisa about Gush information. She has worked with it a lot. |
| 33 | |
| 34 | Jim asks Martin: How does Gush integrate with UNIS? |
| 35 | |
| 36 | Discussion of using UNIS to store/access information about the slices for the experiment rather than passing around rspecs. |
| 37 | |
| 38 | How do we keep this UNIS information up-to-date? |
| 39 | |
| 40 | Guilherme suggests things that are outside of slice introspection, user needs to push to UNIS. |
| 41 | |
| 42 | What types of changes can we make to the slice in Gush/Omni/other that I&M and others need to discover from UNIS? |
| 43 | |
| 44 | Things to investigate regarding Gush (Jeanne will report next week): |
| 45 | |
| 46 | 1. Tridentcom paper says gush has ability to add and remove nodes from a slice. How is this done? Under what circumstances does this work? |
| 47 | [GENI AM API does not support updateSliver] |
| 48 | 2. How does Gush work with protogeni VMs? |
| 49 | |
| 50 | UNIS: |
| 51 | Old UNIS --> New UNIS: What is the transition plan?[[BR]] |
| 52 | Both can run in parallel until full functionality is available with new UNIS. Then turn down old UNIS.[[BR]] |
| 53 | |
| 54 | Local vs. global UNIS hierarchy: Will new UNIS have local and global configuration? Yes, probably not by GEC14. |
| 55 | |