wiki:GEC11Authorization

Authorization

Organizers

Steve Schwab and Ted Faber, USC/ISI

Time

Tues 1:00 - 2:00 pm

Dial In

866-453-5550 Participant pin: 6513886#

Description

GENI requires an authorization solution that will allow architectural components (Clearinghouse, Aggregates) to determine the privileges of an experimenter. Experimenters can be granted privileges based on institutional affiliation, project role or membership attributes, for instance. Aggregates are expected to have local policies regarding resource access and use. In this session, ISI will report out on their effort to implement ABAC authorization within ProtoGENI. Then the group will discuss next steps in evaluating ABAC authorization in comparison to the current GENI credentials.

Agenda

  1. Intro and GEC10 Summary (Tom)
  2. Current Integration efforts
    • GENIAM/ProtoGeni RT0 integration discussion 20 mins - Ted
      • Description of integration/API changes
      • Demo of operation, logging, etc
      • Visual tools
  3. Trust Structures
    1. Overview - Steve 5 mins
    2. Summary of demo policy 5 mins - Ted
      • Discuss AM/SA interaction possibilities
    3. ORCA policy model - 10 mins
    4. Steve's policy model (Tenative) 10 mins
    5. Discussion (remaining time)
  4. Next Steps
    • Where next?
    • more integration w/ProtoGENI?
    • ORCA steps?
    • ABAC and Identity portal?

Meeting Summary

A summary of this meeting is available on the GeniAuthorization page.

Background Reading

Last modified 8 years ago Last modified on 08/25/11 11:22:01

Attachments (4)

Download all attachments as: .zip