Changes between Version 4 and Version 5 of FederatingWithGENI


Ignore:
Timestamp:
02/05/16 08:10:46 (8 years ago)
Author:
mbrinn@bbn.com
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • FederatingWithGENI

    v4 v5  
    1616=== Identity Provider Integration ===
    1717
     18        Federating with GENI Identity
     19        NTUA, CFE, UPMC, SAVI, Chameleon
     20        Release Research and Scholarship (R&S) Attributes from your IDP
     21        We give SP metadata to you, incoporate in your SAML meta-data as an SP you recognize
     22
     23        Then your people can log into GENI
     24
     25
    1826=== OpenID Integration ===
     27
     28        You: OpenID Relying Party
     29        Us: OpenID Identity Provider
     30        Provide standard identity attributes (nickname, email) plus other attributes on request (e.g. project membership)
     31                Set of tokens to ask for additional attributes
     32                Send data about me to other services
     33
     34        Already logged into Portal thorugh SHIB
     35
     36
     37        Authenticated already through SHIB
     38        We hand off AUTHN Info
     39
     40
    1941
    2042== Control Plane Federation ==
    2143
     44GENI provides two Control Plane API's: the Aggregate Manager (AM) API allowing allocation of resources to sliced topologies for authenticated/authorized users, and the Clearinghouse (or Federation) API which creates trusted credentials to support the AM API along with advertisement registry services.
     45
    2246=== Aggregate Manager ===
     47
     48In order to federate a set of resources (racks, e.g.) with GENI, the owner of these resources must implement an Aggregate Manager service that presents these resources and allows allocation of these resources. Once this AM is in place, the AM must trust the GENI clearinghouse by including the GENI Clearinghouse CA certificate in its bundle of trusted roots. Once these steps are completed, GENI users will be able to share your resources through your aggregate manager.
    2349
    2450=== Clearinghouse ===
    2551
     52Federating with GENI does not require implementing a Clearinghouse nor interacting with the GENI Clearinghouse (Aggregates do not speak to Clearinghouses). That said, the Clearinghouse maintains a registry of recognized and vetted services and having your Aggregate Manager listed in the GENI Clearinghouse Service Registry is a way of publicizing that  you are making your Aggregate Manager (and thus your resources) available to GENI users.
     53
    2654== Data Plane Federation ==
     55
     56        L2 connection
     57        AL2S or other GENI L2 Network Provider
     58        Stitching
     59        AM managing network resource (VLAN allocation and provisioning)
     60
    2761
    2862=== L2 Connectivity ===
     
    3165
    3266
    33