Authorization
Organizers
Steve Schwab and Ted Faber, USC/ISI
Time
Tues 1:00 - 2:00 pm
Dial In
866-453-5550 Participant pin: 6513886#
Description
GENI requires an authorization solution that will allow architectural components (Clearinghouse, Aggregates) to determine the privileges of an experimenter. Experimenters can be granted privileges based on institutional affiliation, project role or membership attributes, for instance. Aggregates are expected to have local policies regarding resource access and use. In this session, ISI will report out on their effort to implement ABAC authorization within ProtoGENI. Then the group will discuss next steps in evaluating ABAC authorization in comparison to the current GENI credentials.
Agenda
- Intro and GEC10 Summary (Tom)
- Current Integration efforts
- GENIAM/ProtoGeni RT0 integration discussion 20 mins - Ted
- Description of integration/API changes
- Demo of operation, logging, etc
- Visual tools
- GENIAM/ProtoGeni RT0 integration discussion 20 mins - Ted
- Trust Structures
- Overview - Steve 5 mins
- Summary of demo policy 5 mins - Ted
- Discuss AM/SA interaction possibilities
- ORCA policy model - 10 mins
- Steve's policy model (Tenative) 10 mins
- Discussion (remaining time)
- Next Steps
- Where next?
- more integration w/ProtoGENI?
- ORCA steps?
- ABAC and Identity portal?
Meeting Summary
A summary of this meeting is available on the GeniAuthorization page.
Background Reading
Attachments (4)
-
geni-abac.pdf (195.5 KB) - added by 13 years ago.
Jeff Chase paper: the role of ABAC in GENI
-
integration.pdf (215.4 KB) - added by 13 years ago.
Ted Faber slides
-
chase-abac-gec11.ppt (1009.5 KB) - added by 13 years ago.
Jeff Chase slides
-
GEC11-authorization-wrapup-schwab.pdf (88.8 KB) - added by 13 years ago.
Steve Schwab slides
Download all attachments as: .zip