wiki:ABAC

Version 16 (modified by Vic Thomas, 13 years ago) (diff)

--

Project Number

1785

Project Title

Distributed Identity and Authorization Mechanisms
a.k.a. ABAC

Technical Contacts

Principal Investigator Stephen Schwab Stephen Schwab

Participating Organizations

SPARTA, Inc.
1911 North Fort Meyer Drive
Suite 1100
Arlington, VA 22209

GPO Liaison System Engineer

Vic Thomas vthomas@geni.net

Scope

This effort will develop and prototype Attributed-Based Access Control (ABAC) extensions that allow the distinct security mechanisms of the various control frameworks to share security information within a single control framework, as well as with each other, starting with ProtoGENI and proceeding to ORBIT and ORCA according to their integration readiness. (Support for DETER’s use of ABAC is already well-established.) The work will support trust management functions, including identity definitions and authentication mechanisms, and distributed authorization and access control mechanisms. Existing ABAC prototype software from SPARTA and other available open-source software will be leveraged to provide critical GENI functions. SPARTA will continue to collaborate with other GENI projects on analyzing and documenting security requirements for each spiral as part of this effort.

Current Capabilities

BRIEF descriptions of resources/functions/tools that are available to anyone in the GENI community

Milestones

MilestoneDate(ABAC: S2.a)? ABAC Requirements for ProtoGENI Click here for requirements document
MilestoneDate(ABAC: S2.b)? DIAC prototype software design and interfaces v. 1.0
MilestoneDate(ABAC: S2.c)? V1.0 software for supporting ABAC mechanisms within ProtoGENI. Click here for software
MilestoneDate(ABAC: S2.d)? V2.0 software for supporting ABAC mechanisms within ProtoGENI
MilestoneDate(ABAC: S2.e)? DIAC prototype software design and interfaces v. 1.1

MilestoneDate(ABAC: S3.a Demonstration and Outreach at GEC9)?
MilestoneDate(ABAC: S3.b Plans for integration of ABAC into a control framework)? Click here for plan and here for presentation on plan.
MilestoneDate(ABAC: S3.c Demonstration and Outreach at GEC10)?
MilestoneDate(ABAC: S3.d Demonstration and Outreach at GEC11)?
MilestoneDate(ABAC: S3.e Software and documentation)?

Project Technical Documents

ABAC requirements for ProtoGENI

Quarterly Status Reports

4Q 2009 Report
1Q 2010 Report
2Q 2010 Report
GEC9 2010 Report
GEC10 2011 Report

Spiral 2 Connectivity

Links to wiki pages about details of infrastrcture that the project is using (if any). Examples include IP addresses, hostnames, URLs, DNS servers, local site network maps, VLANIDs (if permanent VLANs are used), pointers to public keys. GPO may do first drafts of any of these and have the PI correct them to bootstrap. May also include ticket links for pending or known connectivity issues. Many projects will have a full tree of wiki pages here.

Related Projects

Includes non-GENI projects.

Attachments (5)