28 | | - We have also made some progress on OpenFlow authorization. |
| 28 | - The ABAC-in-ORCA prototype presumes that all needed credentials are available to the server, and that none of them have been revoked or expired. The team has defined a credential management framework that can assure these properties, and is moving forward with a prototype. Muzhi Zhao has developed a centralized prototype of the credential management service. |
| 29 | |
| 30 | - Jeff Chase summarized this progress and related issues in a talk at the [wiki:GEC12Authorization Authorization Session at GEC12]. More recently we have prepared detailed materials outlining the emerging federated authorization framework for GENI, and posted them on the GENI wiki as an [wiki:AuthStoryBoard Authorization Storyboard]. |
| 31 | |
| 32 | - Prateek Jaipuria interned at GPO in Summer 2011 and completed some Protogeni integration steps, including checking of Protogeni credentials. This support enables ORCA deployments to federate with GPO services for approving users and their slices. |
| 33 | |
| 34 | - The team worked with Ted Faber of the Deter project to assist Ted in adding support in ORCA to check common ABAC credential formats across ORCA and Protogeni sites. |
| 35 | |
| 36 | - We have also made some progress on !OpenFlow authorization. We are exploring some use cases for the integration of !OpenFlow with cloud services, and for which flowspace authorization can be automated in the ORCA AMs. We are designing software around these use cases for the upcoming ExoGENI deployment, working with new MS student Ke Xu. We have prepared a working paper for use of !OpenFlow in networked cloud services called [http://www.cs.duke.edu/~chase/ofod.pdf OpenFlow-on-Demand]. |