=== Identity and Attributes in GENI === ==== Session leaders ==== Ken Klingenstein, ''Internet 2'' [[BR]] Tom Mitchell, ''BBN'' ==== Time ==== Tues 1:00 - 2:30 pm ==== Description ==== This meeting will seek agreement on an approach to identity and attributes in GENI. GENI requires a way of positively identifying experimenters and granting them access to tools and resources. Current control frameworks either maintain their own database of experimenters or explicitly outsource this task to an identity provider. In addition to identifying experimenters, GENI needs information about attributes like institutional affiliation, project role, etc. The goal of this session is to discuss a proposal and reach community consensus on a way forward for identity management and attributes in GENI. ==== Proposal ==== External identity providers should be added as sources of identity attributes for GENI experimenters. Specifically, an !InCommon compatible GENI portal should be developed to allow new GENI experimenters to authenticate using their own institutional accounts. GENI should also standardize a set of identity attributes required for resource manipulation within GENI. A proposed implementation and schedule will be presented. ==== Agenda ==== Introduction - Tom Mitchell (5 mins) [[BR]] IdM Principles and key issues - Ken Klingenstein (20 mins) [[BR]] Proposed architecture - Tom Mitchell (15 mins) [[BR]] Invited discussion - Rob Ricci (10 mins) [[BR]] Invited discussion - Jeff Chase (10 mins) [[BR]] Open Discussion - All (20 mins) [[BR]] Summary and Wrap Up - Tom Mitchell (10 mins) ==== Background reading ==== Identity and Access Management (http://www.internet2.edu/pubs/200703-IS-MW.pdf) [[br]] Shibboleth (http://www.internet2.edu/pubs/shibboleth-infosheet.pdf) [[br]] !TeraGrid federated login with PKI implementation using !InCommon ( http://www.ncsa.illinois.edu/~jbasney/tgfed.pdf )