=== Authorization === ==== Organizers ==== Steve Schwab and Ted Faber, ''USC/ISI'' ==== Time ==== Tues 1:00 - 2:00 pm ==== Dial In ==== 866-453-5550 Participant pin: 6513886# ==== Description ==== GENI requires an authorization solution that will allow architectural components (Clearinghouse, Aggregates) to determine the privileges of an experimenter. Experimenters can be granted privileges based on institutional affiliation, project role or membership attributes, for instance. Aggregates are expected to have local policies regarding resource access and use. In this session, ISI will report out on their effort to implement ABAC authorization within ProtoGENI. Then the group will discuss next steps in evaluating ABAC authorization in comparison to the current GENI credentials. ==== Agenda ==== 1. Intro and GEC10 Summary (Tom) 1. Current Integration efforts * GENIAM/ProtoGeni RT0 integration discussion 20 mins - Ted * Description of integration/API changes * Demo of operation, logging, etc * Visual tools 1. Trust Structures 1. Overview - Steve 5 mins 1. Summary of demo policy 5 mins - Ted * Discuss AM/SA interaction possibilities 1. ORCA policy model - 10 mins 1. Steve's policy model (Tenative) 10 mins 1. Discussion (remaining time) 1. Next Steps * Where next? * more integration w/ProtoGENI? * ORCA steps? * ABAC and Identity portal? ==== Background Reading ==== * [http://abac.deterlab.net/ ABAC Project home page] * [attachment:geni-abac.pdf Authorization and Trust Structure in GENI: A Perspective on the Role of ABAC] by Jeff Chase * [wiki:GeniAuthorization Authorization Design Activities wiki page] * [http://groups.geni.net/geni/attachment/wiki/TIED/ABAC_Rules_v1.2.pdf Strawman GENI ABAC policies]