Changes between Version 4 and Version 5 of FederatingWithGENI
- Timestamp:
- 02/05/16 08:10:46 (8 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
FederatingWithGENI
v4 v5 16 16 === Identity Provider Integration === 17 17 18 Federating with GENI Identity 19 NTUA, CFE, UPMC, SAVI, Chameleon 20 Release Research and Scholarship (R&S) Attributes from your IDP 21 We give SP metadata to you, incoporate in your SAML meta-data as an SP you recognize 22 23 Then your people can log into GENI 24 25 18 26 === OpenID Integration === 27 28 You: OpenID Relying Party 29 Us: OpenID Identity Provider 30 Provide standard identity attributes (nickname, email) plus other attributes on request (e.g. project membership) 31 Set of tokens to ask for additional attributes 32 Send data about me to other services 33 34 Already logged into Portal thorugh SHIB 35 36 37 Authenticated already through SHIB 38 We hand off AUTHN Info 39 40 19 41 20 42 == Control Plane Federation == 21 43 44 GENI provides two Control Plane API's: the Aggregate Manager (AM) API allowing allocation of resources to sliced topologies for authenticated/authorized users, and the Clearinghouse (or Federation) API which creates trusted credentials to support the AM API along with advertisement registry services. 45 22 46 === Aggregate Manager === 47 48 In order to federate a set of resources (racks, e.g.) with GENI, the owner of these resources must implement an Aggregate Manager service that presents these resources and allows allocation of these resources. Once this AM is in place, the AM must trust the GENI clearinghouse by including the GENI Clearinghouse CA certificate in its bundle of trusted roots. Once these steps are completed, GENI users will be able to share your resources through your aggregate manager. 23 49 24 50 === Clearinghouse === 25 51 52 Federating with GENI does not require implementing a Clearinghouse nor interacting with the GENI Clearinghouse (Aggregates do not speak to Clearinghouses). That said, the Clearinghouse maintains a registry of recognized and vetted services and having your Aggregate Manager listed in the GENI Clearinghouse Service Registry is a way of publicizing that you are making your Aggregate Manager (and thus your resources) available to GENI users. 53 26 54 == Data Plane Federation == 55 56 L2 connection 57 AL2S or other GENI L2 Network Provider 58 Stitching 59 AM managing network resource (VLAN allocation and provisioning) 60 27 61 28 62 === L2 Connectivity === … … 31 65 32 66 33