[[PageOutline]]

== Project Number ==

1785

== Project Title ==

Distributed Identity and Authorization Mechanisms [[BR]]
a.k.a. ABAC

'''Work on ABAC has transitioned to ISI under the TIED project.'''
'''Refer to the [http://groups.geni.net/geni/wiki/TIED TIED] project wiki page for further information on GENI integration of ABAC for authorization.''' [[BR]]

=== Technical Contacts ===

Principal Investigator: Stephen Schwab schwab@isi.edu 

=== Participating Organizations ===

Currently: [[BR]] 
USC Information Sciences Institute [[BR]]
4676 Admiralty Way [[BR]] 
Marina del Rey, CA 90292

Formerly:
SPARTA, Inc. [[BR]]
1911 North Fort Meyer Drive [[BR]]
Suite 1100 [[BR]]
Arlington, VA 22209 

=== GPO Liaison System Engineer ===

Vic Thomas vthomas@geni.net

== Scope ==

This effort will develop and prototype Attributed-Based Access Control (ABAC) extensions that allow the distinct security mechanisms of the various control frameworks to share security information within a single control framework, as well as with each other, starting with ProtoGENI and proceeding to ORBIT and ORCA according to their integration readiness. (Support for DETER’s use of ABAC is already well-established.) The work will support trust management functions, including identity definitions and authentication mechanisms, and distributed authorization and access control mechanisms.  Existing ABAC prototype software from SPARTA and other available open-source software will be leveraged to provide critical GENI functions.  SPARTA will continue to collaborate with other GENI projects on analyzing and documenting security requirements for each spiral as part of this effort.

=== Current Capabilities ===

Refer to the [http://groups.geni.net/geni/wiki/TIED TIED] project wiki page for further information on GENI integration of ABAC for authorization. [[BR]]

=== Milestones ===
[[MilestoneDate(ABAC: S3.a Demonstration and Outreach at GEC9)]] [[BR]]
[[MilestoneDate(ABAC: S3.b Plans for integration of ABAC into a control framework)]] Click [http://groups.geni.net/geni/attachment/wiki/GENISecurity/Authorization-plan-rev0.4.pdf here] for plan and [http://groups.geni.net/geni/attachment/wiki/GENISecurity/Authorization-Plan.pdf here] for presentation on plan. [[BR]]
[[MilestoneDate(ABAC: S3.c Demonstration and Outreach at GEC10)]] [[BR]]
[[MilestoneDate(ABAC: S3.d Demonstration and Outreach at GEC11)]] [[BR]]
[[MilestoneDate(ABAC: S3.e Software and documentation)]] [[BR]]



== Project Technical Documents ==

[attachment:geni-rbac-req-0.5a.pdf ABAC requirements for ProtoGENI] [[BR]]
[attachment:geni-diac-api-0.92.pdf  DIAC prototype software design and interfaces v. 1.0] [[BR]]

=== Software ===
Note this version of the software is for historical reference only. Please visit [http://abac.deterlab.net abac.deterlab.net] for the most current version of libabac and related tools.
Also, see the the GENI [http://groups.geni.net/geni/wiki/TIED TIED] project wiki page for further information on GENI integration of ABAC for authorization. [[BR]]
[attachment:abac-1.0.tar.gz V1.0 software for supporting ABAC mechanisms within ProtoGENI.]

=== Quarterly Status Reports ===

[wiki:ABAC-QSR-4Q2009 4Q 2009 Report] [[BR]]
[wiki:ABAC-QSR-1Q2010 1Q 2010 Report] [[BR]]
[wiki:ABAC-QSR-2Q2010 2Q 2010 Report] [[BR]]
[wiki:ABAC-QSR-GEC9-2010 GEC9 2010 Report] [[BR]]
[wiki:ABAC-QSR-GEC10-2010 GEC10 2011 Report]

=== Spiral 2 Connectivity ===

Links to wiki pages about details of infrastrcture that the project is using (if any).  Examples include IP addresses, hostnames, URLs, DNS servers, local site network maps, VLANIDs (if permanent VLANs are used), pointers to public keys.  GPO may do first drafts of any of these and have the PI correct them to bootstrap.  May also include ticket links for pending or known connectivity issues.  Many projects will have a full tree of wiki pages here.


=== Related Projects ===

Includes non-GENI projects.