wiki:ABAC-QSR-GEC9-2010

Version 1 (modified by Stephen Schwab, 8 years ago) (diff)

--

ABAC Project Status Report

Period: Aug 2010 - Nov 2010

I. Major accomplishments

Achieved proof-of-concept interoperation of ABAC with ProtoGENI ReferenceCM.

A. Milestones achieved

We reached sufficient maturity with our initial ABAC implementation in Java, using Web Services interfaces, to create images and interoperate with the ProtoGENI ReferenceCM.

In discussions and outreach at GEC9 in Washington, we described ABAC attributes and authorization concepts to several GPO staff, including Tom Mitchell and Aaron Helsinger, and raised awareness of the demonstrated prototype integration with the ProtoGENI ReferenceCM. We also discussed the alternate directions to pursue work in the context of the new ABAC re-implementation. This activity satisfied our Year 2.a. Demonstration and Outreach activities milestone slated for GEC9.

B. Deliverables made

Installation manual for version 1.0 of our ABAC software. ABAC-1.0 software distribution with Reference-CM-2.0.2a from the ProtoGENI project.

II. Description of work performed during last quarter

During this quarter, we packaged and uploaded the software distribution of ABAC-1.0, along with a Reference Component Manager version from the ProtoGENI project with which it interoperates. An installation manual to assist others in building, installing, configuring and exercising this prototype was also prepared.

A. Activities and findings

At this point in the ABAC project life-cycle, we have enough experience with the prototype to recognize that there is feasibility of making ABAC serve as the authorization framework for GENI. However, the research-era implementation we have been using, written in Java, and making extensive use of Web Services, is in many ways too complex for maintenance and enhancements that would be required to support GENI-wide authorization. Instead, we intend to shift our development activities to leveraging a new, slimmed-down re-implementation of the ABAC framework developed at ISI. While this new implementation does not immediately support all ABAC capabilities, most notably selective revelation of attributes in support of privacy policies, it is much more maintainable, written in C, and more readily debugged in practice when integrated within GENI control frameworks.

B. Project participants

The following SPARTA staff are participating in the ABAC project: Stephen Schwab, Jay Jacobs. Jay Jacobs left SPARTA during this period, and no longer will participate in the project.

C. Publications (individual and organizational)

None.

D. Outreach activities

None.

E. Collaborations

We continue to collaborate with Jeff Chase at Duke University, regarding the ORCA control framework and Slice-Based Facility Architecture (SFA) revisions. We also continue to collaborate with Ken Klingenstein regarding the implementation details of Shibboleth and related software used to introduce Shibboleth-based authorization into the ORCA control framework, and potentially into GENI as a source of attributes for identities.

F. Other Contributions

None.