ࡱ> JLI bjbj~~ $,00!"5L\\\@BBBBBBafB\\\\`BWd@\@oG_$m0\\\0 :   GENI FINAL REPORT LEFA Internet2 Oct 2009 Sept 2010 I. Major Accomplishments A. Milestones Achieved Recall that much of the initial proposal was redirected from fostering federated collaboration technologies (wikis, portals, ssh tools, etc) to engagement with the actual control framework work. In that new context, the project was moderately successful. Notable achievements include working with the Cobham-Schwab group on architecture for next-generation security, influencing the control framework, working with related attribute-based access control efforts on a workshop. Most importantly, an operational proof of concept with ORCA, using both federated identity and enterprise groups for access control. Overall, the project had consequence that may grow for the GENI project. B. Milestones not delivered We had limited engagement with Planetlab, due to several problems and misaligned priorities. Their use of SSH for identity and access management is deeply embedded in their current operational code. However, the Planetlab requirements for a federated, provisioned and de-provisioned, and attribute controlled SSH will be one of the use cases for some further work. II. Deliverables Made during project Ultimately, three out of the four deliverables were provided, and the fourth, engagement with Planetlab, will begin under a separate but related Internet2 activity on gathering use cases for the federation and domestication.  HYPERLINK "http://groups.geni.net/geni/milestone/LEFA%3A%20S2.a%20Federation%20technologies%20within%20ORCA" LEFA: S2.a Federation technologies within ORCA Delivered July  HYPERLINK "http://groups.geni.net/geni/milestone/LEFA%3A%20S2.b%20Demo%20at%20GEC%207" LEFA: S2.b Demo at GEC 7 Delivered at GEC8  HYPERLINK "http://groups.geni.net/geni/milestone/LEFA%3A%20S2.c%20Begin%20PlanetLab%20Engagement" LEFA: S2.c Begin PlanetLab Engagement Beginning soon  HYPERLINK "http://groups.geni.net/geni/milestone/LEFA%3A%20S2.d%20White%20paper%20on%20the%20federation%20knot%20in%20GENI" LEFA: S2.d White paper on the federation knot in GENI On wiki III. Additional comments There is the real prospect of cobbling together emerging infrastructure to address the identity management and access control requirements of GENI, and to do so without significantly altering the internals of existing GENI projects. That is a tractable effort, though the solution would not be elegant, and the retrofit components would require maintenance until all GENI projects converge more than they have. But it is tractable, and the GPO might consider creating such a service. There is a real concern about the ability of the GPO to instill a consistent approach to authentication and authorization among the various projects within GENI. There was a successful effort to introduce externalized authentication and attributes for access control as an additional option to the existing approaches, but it did not result in those with embedded authentication and authorization approaches to begin to migrate their code. There is little incentive for them to do so currently. Some catalytic efforts on the part of the GPO might begin to incent more convergence. For example, a GENI schema workshop could begin to identify the sets of the attributes necessary to operate within GENI and the sources of authority for them. Similarly, evaluations of security risks and promotion of appropriate LOA technologies to meet those risks might help move things forward. IV. Project participants Ken Klingenstein (Internet2), Principal Investigator: project direction, federation analysis, white paper development, participant in GENI CF discussions, liaison with Steve Schwab of Cobham and service as project liaison to the GPO. Steven Carmody (Brown University), Senior IT Architect at Brown University and Project Manager of Internet2's Shibboleth Project: focus on engagement with ORCA and Planetlab on technical issues. 789mn  : J K #ɸ}}n}}\OhzChVwoB*CJph"jhzChVwoB*CJUphhvhVwoB*CJ$aJ$phhVwoB*CJaJ$phhzChVwoB*CJ aJ$phhzChVwoB*CJaJ$ph hhVwo5B*CJ$aJ$ph hzChVwo5B*CJ aJ$phhvhVwoB*CJ$phhvhVwo5B*CJ$phhVwo5B*CJ$phhvhv5B*CJ$ph#89Un  : HIbcJK;<gdVwo 1$7$8$H$gdVwo$a$gdVwo#$%STefPQRwx >?GIbcٽٽٽٽٽٽ~ٽo`VhVwoB*CJ$phhzChVwo5B*CJ phhzChVwoB*CJaJ$ph(jchzChVwoB*CJUph(jBhzChVwoB*CJUph(j7hzChVwoB*CJUphhzChVwoB*CJphhzChVwo0JB*CJph"jhzChVwoB*CJUph(jhzChVwoB*CJUph ʽhVwoCJaJhVwoCJOJQJhzChVwoCJOJQJhzChVwoCJ OJQJhzChVwo5CJ OJQJhVwoB*CJOJQJaJphhzChVwoB*CJphhVwoB*CJphgdVwo ^gdVwogdVwo":pVwo/ =!"#$%7DyK yK http://groups.geni.net/geni/milestone/LEFA%253A%20S2.a%20Federation%20technologies%20within%20ORCA DyK yK http://groups.geni.net/geni/milestone/LEFA%253A%20S2.b%20Demo%20at%20GEC%207!DyK yK http://groups.geni.net/geni/milestone/LEFA%253A%20S2.c%20Begin%20PlanetLab%20EngagementUDyK yK http://groups.geni.net/geni/milestone/LEFA%253A%20S2.d%20White%20paper%20on%20the%20federation%20knot%20in%20GENI666666666vvvvvvvvv666666>6666666666666666666666666666666666666666666666666hH6666666666666666666666666666666666666666666666666666666666666666666666666662 0@P`p2( 0@P`p 0@P`p 0@P`p 0@P`p 0@P`p 0@P`p8XV~ OJPJQJ_HmH nH sH tH @`@ ENormalCJ_HaJmH sH tH DA`D Default Paragraph FontRiR Table Normal4 l4a (k ( No List 4U@4 Z0 Hyperlink >*phL^`L zC0 Normal (Web) XDYDCJOJQJaJPK![Content_Types].xmlj0 u$Nwc$ans@8JbVKS(.Y$8MVgLYS]"(U֎_o[gv; f>KH|;\XV!]օ Oȥsh]Hg3߶PK!֧6 _rels/.relsj0 }Q%v/C/}(h"O = C?hv=Ʌ%[xp{۵_Pѣ<1H0ORBdJE4b$q_6LR7`0̞O,En7Lib/SeеPK!kytheme/theme/themeManager.xml M @}w7c(EbˮCAǠҟ7՛K Y, e.|,H,lxɴIsQ}#Ր ֵ+!,^$j=GW)E+& 8PK!\theme/theme/theme1.xmlYOoE#F{o'NDuر i-q;N3' G$$DAč*iEP~wq4;{o?g^;N:$BR64Mvsi-@R4Œ mUb V*XX! cyg$w.Q "@oWL8*Bycjđ0蠦r,[LC9VbX*x_yuoBL͐u_. DKfN1엓:+ۥ~`jn[Zp֖zg,tV@bW/Oټl6Ws[R?S֒7 _כ[֪7 _w]ŌShN'^Bxk_[dC]zOլ\K=.:@MgdCf/o\ycB95B24S CEL|gO'sקo>W=n#p̰ZN|ӪV:8z1f؃k;ڇcp7#z8]Y / \{t\}}spķ=ʠoRVL3N(B<|ݥuK>P.EMLhɦM .co;əmr"*0#̡=6Kր0i1;$P0!YݩjbiXJB5IgAФ޲a6{P g֢)҉-Ìq8RmcWyXg/u]6Q_Ê5H Z2PU]Ǽ"GGFbCSOD%,p 6ޚwq̲R_gJSbj9)ed(w:/ak;6jAq11_xzG~F<:ɮ>O&kNa4dht\?J&l O٠NRpwhpse)tp)af] 27n}mk]\S,+a2g^Az )˙>E G鿰L7)'PK! ѐ'theme/theme/_rels/themeManager.xml.relsM 0wooӺ&݈Э5 6?$Q ,.aic21h:qm@RN;d`o7gK(M&$R(.1r'JЊT8V"AȻHu}|$b{P8g/]QAsم(#L[PK-![Content_Types].xmlPK-!֧6 /_rels/.relsPK-!kytheme/theme/themeManager.xmlPK-!\theme/theme/theme1.xmlPK-! ѐ' theme/theme/_rels/themeManager.xml.relsPK] ,#$SeQw>XXXX48@0(  B S  ?"Yb09cl ir#Vwo @p@UnknownGTimes New Roman5Symbol3 Arial7Cambria3Times AhyFyFiF? hhr4dA@HP?'jG0"Internet2 UCAIDInternet2 UCAID Oh+'04&  8 D P \hpx'Internet2 UCAID Normal.dotmInternet2 UCAID2Microsoft Macintosh Word@ @5_@^j_@^j_? G$PICT$b HHb bHHQ]bb !! Ƣ Ƣ Ƣ Ƣ Ƣ Ƣ Ƣ Ƣ Ƣ Ƣ ƢEcg9Rg9NsZcVg9VJRg9Ro{cNs^NsNsR^ZRZJRcEJRVBc9NsVF1kZJR=NsF1NsR{1R5F1^JRJRBF1VsEwkZkZo{wo{so{o{wo{wkZg9o{o{g9kZ{sso{o{s{+wsg9kZcwkZkZwc=g9cF1kZ1g99^F1F1BNs=NsJRBVNsNsR{;o{RVg9Zg9Z ZVVZZ^g9R^o{ZJRw ƢG{NsNs^Ns{BRF1NsJR=g9F1c^ccNssF1RNsBkZ9G{JRF1NsF1{=NsJRNsRJRo{g9sZ9=F1NsF1o{BNsRF1^9^ Ƣ Ƣ Ƣ;ckZco{o{ccs{c{s{OR{g95BJR=5JRwBBZV59F155RBJR)JBF15JR95R^Osww{o{o{co{swsso{o{ss^cso{so{o{sso{o{so{{9 g9{cg9g9cw{cg9scCRV^19NsBJR==Ns59V=o{=RBNs=BNs-kC sg9wwkZo{o{sso{skZo{ sso{kZsskZwwsg9kswkZ{s{ wwo{{{wsss{{wss{{cNs^(Rc^VJRwNsNsccJRkZZo{JRcVg9NscNs^Vg9VVcNsRVVg9cVRZg9^V^RZV^g9JR^ZVkZR^ZJRZVcRkZ{w{ww{{w{w{w{w{w{w o{{{wkZ{ww{ww{ ww{{ww{{w{w{ww{{g9o{@g9kZ^skZo{g9o{o{kZo{kZVo{ckZo{kZkZg9o{o{wg9so{^g9sco{o{g9o{so{skZZsg9{so{o{csco{o{o{Zo{so{g9kZ{sg9o{kZkZo{ o{^Z^g9cc^g9o{g9^c^g9g9^ccg9o{cg9g9^^g9^^V^^cg9kZg9^g9Zg9g9^g9 ZcsccZsg9^cco{g9o{cwC{{{w{{{{{{{kZc^cc^^Zg9cZco{^V^o{g9R^w^g9^kZg9kZg9^g9^g9cZg9cZccZg9kZ^ccV{{Zo{cVcco{cc^s ss^^c^o{g9so{g9s0o{kZssg9o{wkZo{kZkZo{wo{kZo{o{skZsso{kZg9o{skZso{so{sskZso{s{kZsskZkZo{so{skZ{p{sw{sso{{{w{ww{ o{{{s{o{{w{wkZo{kZs{so{{kZw{swc^NsRVVRscJRZwF1cNsZZ^g9V^cF1^RJRVcJRZVZo{RZ^ZVVZRNssg9RZRNskZR^^NsNsZZVF1VZNsV#{swso{g9o{csZo{wo{o{kZ^kZkZo{so{o{^cwZo{Z^skZg9Zo{^skZo{^{kZkZo{wo{o{{o{ Zg9o{o{g9skZo{w^so{@o{Zg9g9cVc{Zg9^kZcg9Rg9g9kZZkZo{^g9^o{kZg9ZkZ^Zco{cg9g9cg9Zg9o{RkZ^Z^o{^kZo{ZkZg9Zg9^cg9g9Zg9w^kZo{S{{{{{{s{wwo{{{ww{1g9V^Ro{Z^^VZg9RcVco{^ZcVcVco{kZcVRkZZRg9g9VVg9^Vo{g9^ZRccVg9cZcZ ^cNsVVccNsVcVws{^kZwsswsw{so{wwg9swwso{swsV{sswsswsswswwo{wss{wswo{w{wo{ssZwscc{o{sg9so{sg9wkZkZo{^o{wkZwkZswc{s{skZo{skZ{g9^so{kZ{ss{swwssg9scsso{o{^sskZCg9cVg9kZkZV^^VZg9kZVg9kZVZcVg9c^ZV^Zo{Rcc^^o{g9Vg9VkZZcc^^ckZZo{Zg9kZVo{Zg9Zc^ZZg9Ns{o{ZcZZƷwo{^kZcg9 kZ^g9Vs{co{scg9+kZVo{ckZco{cg9g9kZZsco{kZg9^o{g9g9Zwg9cg9VkZ^JR^sVckZg9g9cg9kZg9Vcscg9^g9skZcco{ZkZsco{o{VkZskZg9co{g9%sZsckZkZsg9wkZg9ckZkZ^g9ckZo{cwo{kZg9g9kZs^kZkZg9JRskZg9g9kZcsw {w{s{w{{{{s{skZss{s+cNsJRZVVRRZg9NsRZNsZJRVo{VJRVo{VJR^Ns^F1^VRg9VZ^RNs^ZcNs^o{NsZVg9ZRZJRZ {ZRVRcNsg9g9^Nsg9Y{{s{{kZ{g9s{o{{{{{{w{{ so{skZwwg9kZswc{s'wwswswo{cskZwo{wswso{swso{o{ss^wwo{kZg9^^{so{so{wg9{9cVkZR^cg9kZcVZkZg9^c^ZNscV^ZckZg9Z^ZkZg9ZVsRg9^ZckZcZ{ZZg9g9^c^Zo{cc^RZg9s3w{wws{{ Ƣ Ƣ1o{{w{ss{ws{sOF1RV1BNsRRNsNs^JRRZRg9RZBo{RBZBJRcF1VRR=OZZo{^V^^kZZZcVVkZ^kZZcZsVVo{VckZ^ccg9RI{{{{{{{{{{{{ cNscsVco{g9RccRg9c4g9cc^cg9Zcg9cg9kZcRco{V^g9Zg9Zc^^VkZcsZkZkZg9cc^o{Vsg9ccV^cZg9o{g9g9cg9s{g9g9o{sg9o{kZ o{so{sZ^^Zsg9kZskZskZo{s"g9g9o{o{g9kZkZwckZkZ{kZo{skZso{o{sg9o{kZskZkZo{o{g9o{skZo{g9o{i{wo{{{o{{w{swscwwo{o{kZkZo{s{{so{w{{o{cF1ZRJRNsRRcVNs^Ns^Ns^NsV{{^NsNsVkZRo{Nsc^ZR^cNsZg9^JRNs^F1^VkZF1ZJRo{JRZVZRg9g9swo{ckZkZo{g95co{kZg9skZ^g9ckZ^wcg9kZRg9kZZZg9Zo{g9wNso{g9^wkZg9kZkZccg9skZg9ckZkZccg9o{o{g9o{g9ccs?o{^^o{^RZo{g9ckZo{o{kZo{kZckZ^kZZ{g9g9kZckZkZ^ckZco{kZw^kZkZckZ^o{o{g9g9kZsccg9o{^kZcckZcskZcg9csawwwwo{ww{wwwww{{{{{5cZ^VZccZcJRc^g9Vg9^ZRcZZsVc^ZkZZcRZg9VZg9cZcskZwR^^Zc^RcVVc^ZcZs^V^s%wwswswwswwkZwswwo{so{sskZsws^o{wwso{sso{swwo{wo{s wo{o{skZw^wswwso{so{{o{{wg9{ws5wo{o{sswwkZ{sscsg9skZg9so{w{swskZss^wkZg9skZkZ^{wo{kZscwwswwg9g9kZw{w"g9Rg9^Vg9ccV^Rg9RZ^sV^NssZZg9cVVcVkZc^^Z^cVww^^Ns{R^co{RVkZg9RVkZg9kZ^ZVkZ^Vg9wCskZg9{Vg9skZg9kZcg9kZg9g9cZkZcwckZo{Zg9Eo{cg9g9kZwcg9{g9co{ckZskZ^skZckZckZg9{ Ƣ Ƣ ƢSkZkZ^{g9wwsg9 cg9g9wssswe*RNsJR1ZB=V=NsVB5R=NskZ=5V9F1F1o{B5RF1R==RRNsBJR5NsF1^Rao{kZscso{g9ssg9o{o{g9g9o{g9o{wskZkZg9g9kZ{g9 o{o{g9NsRRo{o{kZVo{kZ Ƣ Ƣ Ƣ Ƣ0g9V^cg9o{^kZZg9g9VkZccwo{g9g9sZg9^g9o{^g9g9kZs^cRo{g9co{ZVkZg9skZg9ckZsg9kZc g9c{g9kZVkZ^g9o{!o{kZg9g9kZ^^g9kZcso{^sg9g9so{^o{o{cskZcwo{g9ckZskZkZckZcckZkZ{^kZkZo{{ZkZo{g9kZg9ckZcs^kZ^skZcw_s{s{wso{o{ {s{{{sws{w{s{?cNsZVZJRZZRZRV^JRVcR^^VNs^g9^^RNs^VZVRNsVg9g9NsVZZNso{cJRcNsVwVkZRVZZVZNso{ZVJR{|{w{w{kZg9o{g9ww{ww{{w{w{w{wwg9o{www{www{{kZ{w{ww{w{(so{g9o{g9s^kZo{g9skZkZo{g9skZo{o{kZg9g9kZkZwo{kZwo{cco{o{g9o{o{so{o{s{o{sg9kZo{o{co{wco{^o{kZo{kZg9o{kZ{kZs^Bo{cg9Z^c^kZkZ^cg9o{Vcg9wZg9kZ^g9kZco{g9ccZZg9ZckZkZRkZZccwg9^^cco{^kZo{g9ZskZcV^kZZkZZg9^o{Zg9^'{{{{{{+ o{Vcc^cZg9g9cZc^o{+ skZo{o{kZskZo{o{g9o{kZkZo{{ o{o{sg9kZso{o{{g9{kZ{sw{{w{{kZ{o{{ww{o{kZww{g9kZg9skZ{c{o{s{kZo{{o{{;cVg9ZRkZkZZcRwZNsJRZV^RR^JRkZZVZRZNsRcNsJRZkZZ^NsZRJRo{ZZRo{NswRV^NsVR^V^g9NscZ)skZ^kZ{wwe*kZg9g9Vc{g9o{g9c{ZkZkZg9swo{kZkZg9ccwcg9g9o{Zo{o{kZo{o{g9o{kZkZo{Zc^o{cZJRZVF1^^JRRR^JRJRRJRRZF1VVF1VNskZckZg9g9Zg9 cco{ZkZkZccg9g9o{Wwwso{w{sw{s{ws{w{wwo{{{yg9co{ZRwkZ,g9o{VZZg9Vg9g9^VZ^RscNsg9o{VVZ^^ZRc^NsF1^ZcRcZZ^sZZV^sw/g9Z^c^^c^Z^g9^^JR^^cg9ZZc^ZZ^Zc^^JRZNsZ^Z^c^wo{sckZo{wo{scsw{{o{o{sg9kZso{o{wsco{o{ss{"o{o{{ss{o{{{ss{{kZ{{s{wo{g9s^o{so{{{skZw;cVg9ZRkZkZZcZkZZ^JRcJRkZVVJRNsZo{^Rg9^NsNsg9ZVJRV^NsZR^g9JRVVNssRg9cNsg9JRg9g9cJRo{R^JRg9!skZckZckZo{ Ƣ Ƣ0g9o{wcg9kZo{sssIRNsNs{ZB-kRJR1BNsJR)JZ9kZJRNs55Ns)J=F1=JRF19Cso{o{wwo{g9o{ kZsskZo{kZ{kZsskZskZkZo{kZ Ƣ Ƣ Ƣ Ƣ Ƣ Ƣ Ƣ Ƣ Ƣ Ƣ w ՜.+,D՜.+,0 hp  'UCAID  Title 8@ _PID_HLINKS'A`$ ^http://groups.geni.net/geni/milestone/LEFA%3A S2.d White paper on the federation knot in GENI E7ENhttp://groups.geni.net/geni/milestone/LEFA%3A S2.c Begin PlanetLab Engagement EY]Ahttp://groups.geni.net/geni/milestone/LEFA%3A S2.b Demo at GEC 7 Ee5Whttp://groups.geni.net/geni/milestone/LEFA%3A S2.a Federation technologies within ORCA E  !"#$%&'()*+,./0123456789:;<=>?@BCDEFGHKRoot Entry Fx_MData 1TableWordDocument$,SummaryInformation(-d&DocumentSummaryInformation8ACompObj` F Microsoft Word 97-2004 DocumentNB6WWord.Document.8