Version 5 (modified by 13 years ago) (diff) | ,
---|
Authorization
Organizers
Steve Schwab and Ted Faber, USC/ISI
Time
Tues 1:00 - 2:00 pm
Dial In
866-453-5550 Participant pin: 6513886#
Description
GENI requires an authorization solution that will allow architectural components (Clearinghouse, Aggregates) to determine the privileges of an experimenter. Experimenters can be granted privileges based on institutional affiliation, project role or membership attributes, for instance. Aggregates are expected to have local policies regarding resource access and use. In this session, ISI will report out on their effort to implement ABAC authorization within ProtoGENI. Then the group will discuss next steps in evaluating ABAC authorization in comparison to the current GENI credentials.
Agenda
- Introduction and GEC 10 Summary (5 mins)
- Progress update and demo (10 mins)
- Trust Structures (15 mins)
- Who trusts whom to say what?
- Attributes for the GENI AM API
- Tools (10 mins)
- Credential generation
- Credential storage
- Credential management (display, verification)
- Implementation road map (15 mins)
- Aggregate policies
- Credential expiration policies
- API modifications
- Summary and Wrap-up (5 mins)
Background Reading
Attachments (4)
-
geni-abac.pdf (195.5 KB) - added by 13 years ago.
Jeff Chase paper: the role of ABAC in GENI
-
integration.pdf (215.4 KB) - added by 13 years ago.
Ted Faber slides
-
chase-abac-gec11.ppt (1009.5 KB) - added by 13 years ago.
Jeff Chase slides
-
GEC11-authorization-wrapup-schwab.pdf (88.8 KB) - added by 13 years ago.
Steve Schwab slides
Download all attachments as: .zip