Changes between Version 2 and Version 3 of GEC11Authorization
- Timestamp:
- 07/15/11 12:46:08 (13 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
GEC11Authorization
v2 v3 10 10 GENI requires an authorization solution that will allow architectural components (Clearinghouse, Aggregates) to determine the privileges of an experimenter. Experimenters can be granted privileges based on institutional affiliation, project role or membership attributes, for instance. Aggregates are expected to have local policies regarding resource access and use. In this session, ISI will report out on their effort to implement ABAC authorization within ProtoGENI. Then the group will discuss next steps in evaluating ABAC authorization in comparison to the current GENI credentials. 11 11 12 ==== Agenda ==== 13 1. Introduction and GEC 10 Summary (5 mins) 14 1. Progress update and demo (10 mins) 15 1. Trust Structures (15 mins) 16 * Who trusts whom to say what? 17 * Attributes for the GENI AM API 18 1. Tools (10 mins) 19 * Credential generation 20 * Credential storage 21 * Credential management (display, verification) 22 1. Implementation road map (15 mins) 23 * Aggregate policies 24 * Credential expiration policies 25 * API modifications 26 1. Summary and Wrap-up (5 mins) 27 12 28 ==== Background Reading ==== 13 * [wiki:GeniAuthorization Authorization Design Activities] 29 * [http://abac.deterlab.net/ ABAC Project home page] 30 * [wiki:GeniAuthorization Authorization Design Activities wiki page]