Changes between Version 6 and Version 7 of ORCA-BEN-GEC12-SR


Ignore:
Timestamp:
12/12/11 08:29:21 (12 years ago)
Author:
chase@cs.duke.edu
Comment:

added more details per Ilia's request

Legend:

Unmodified
Added
Removed
Modified
  • ORCA-BEN-GEC12-SR

    v6 v7  
    2424== Authorization ==
    2525
    26  - Jeff Chase and Prateek Jaipuria continued working with the Authorization project on trust management and federation issues.  Muzhi Zhao has made progress on credential management.  Prateek Jaipuria interned at GPO in Summer 2011 and completed some Protogeni integration steps.  Some materials relating to authorization are available at the [wiki:AuthStoryBoard Authorization Storyboard].
     26 - Jeff Chase and Prateek Jaipuria continued working with the Authorization project on trust management and federation issues.  In particular, working with the Deter team, we have put together a complete end-to-end picture of authorization for the GENI federation based on RT0 delegation logic (ABAC), including requirements for authorization of users, projects, and slices.  Prateek Jaipuria completed integration of support for checking ABAC credentials into the ORCA software.
    2727
    28  - We have also made some progress on OpenFlow authorization.
     28 - The ABAC-in-ORCA prototype presumes that all needed credentials are available to the server, and that none of them have been revoked or expired.  The team has defined a credential management framework that can assure these properties, and is moving forward with a prototype.  Muzhi Zhao has developed a centralized prototype of the credential management service.
     29
     30 - Jeff Chase summarized this progress and related issues in a talk at the [wiki:GEC12Authorization Authorization Session at GEC12].  More recently we have prepared detailed materials outlining the emerging federated authorization framework for GENI, and posted them on the GENI wiki as an [wiki:AuthStoryBoard Authorization Storyboard].
     31
     32 - Prateek Jaipuria interned at GPO in Summer 2011 and completed some Protogeni integration steps, including checking of Protogeni credentials.  This support enables ORCA deployments to federate with GPO services for approving users and their slices.
     33
     34 - The team worked with Ted Faber of the Deter project to assist Ted in adding support in ORCA to check common ABAC credential formats across ORCA and Protogeni sites.
     35
     36 - We have also made some progress on !OpenFlow authorization.  We are exploring some use cases for the integration of !OpenFlow with cloud services, and for which flowspace authorization can be automated in the ORCA AMs.  We are designing software around these use cases for the upcoming ExoGENI deployment, working with new MS student Ke Xu.  We have prepared a working paper for use of !OpenFlow in networked cloud services called [http://www.cs.duke.edu/~chase/ofod.pdf OpenFlow-on-Demand].
    2937
    3038== Project Participants ==
     
    3947  * Prateek Jaipuria (!ImageProxy, Shibboleth integration, identity management and authorization), Duke University
    4048  * Muzhi Zhao (!ImageProxy development), Duke University
     49  * Ke Xu (!OpenFlow use cases for ExoGENI)