Changes between Version 2 and Version 3 of GEC11Authorization


Ignore:
Timestamp:
07/15/11 12:46:08 (13 years ago)
Author:
tmitchel@bbn.com
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • GEC11Authorization

    v2 v3  
    1010   GENI requires an authorization solution that will allow architectural components (Clearinghouse, Aggregates) to determine the privileges of an experimenter. Experimenters can be granted privileges based on institutional affiliation, project role or membership attributes, for instance. Aggregates are expected to have local policies regarding resource access and use.  In this session, ISI will report out on their effort to implement ABAC authorization within ProtoGENI. Then the group will discuss next steps in evaluating ABAC authorization in comparison to the current GENI credentials.
    1111
     12==== Agenda ====
     13 1. Introduction and GEC 10 Summary (5 mins)
     14 1. Progress update and demo (10 mins)
     15 1. Trust Structures (15 mins)
     16  * Who trusts whom to say what?
     17  * Attributes for the GENI AM API
     18 1. Tools (10 mins)
     19  * Credential generation
     20  * Credential storage
     21  * Credential management (display, verification)
     22 1. Implementation road map (15 mins)
     23  * Aggregate policies
     24  * Credential expiration policies
     25  * API modifications
     26 1. Summary and Wrap-up (5 mins)
     27
    1228==== Background Reading ====
    13  * [wiki:GeniAuthorization Authorization Design Activities]
     29 * [http://abac.deterlab.net/ ABAC Project home page]
     30 * [wiki:GeniAuthorization Authorization Design Activities wiki page]